PDA

View Full Version : need help removing up.new.exe



Magnus_Rexel
2010-10-05, 15:31
I started getting a pop-up from Norton yesterday afternoon. It said the following:

Auto-Protect blocked security risk Trojan Horse Your computer is secure.

If I hit the details link Norton opens up with the following:

File Insight
Details: Many Users, High Risk
Origin: up.new.exe
Activity: File Action, Blocked c:\windows\syswow64\drivers\up.new.exe

I looked in this location and noticed that the up.new.exe would vanish then return in a few moments over and over. Like something was installing it to run it and then removing it to hide it.
I also found some files that are unknown to me. There are 2 apps named Safesurf and Safeguard. Both seem to come from a Jetswap. There are also some txt files named auth, block, log and state and there is a folder called f. Inside the f folder there is a app named jet and a txt file named sfa.
I believe all of these files and folders are connected to the up.new.exe

I done several searches for the terms Jetswap, Safesurf and up.new.exe. All I could find were refernces to the fact that jetswap at one time ran a up.exe as part of their safesurf program.
This program uses what is to be considered "safe and legal" file and coding types to run. The not legal part is that it is installed under the radar in a malicious way and it is used to make the person installing it money by causing your browser to surf the web in a silent mode and click on adds and then give credit for the clicks to the person that slipped it into your system.

In my search I found one reference to a solution to get rid of this here on this site, but they were dealing with Jetswap, Safesurf, up.exe not up.new.exe. I assume that the up.new.exe is a "new" form of the up.exe.
As I read through the thread I noticed in one of the logs that IndiGenus noticed the up.exe, but when the member was asked to look for the up.exe and a few other files in the location they saw nothing.

""IndiGenus"
Interesting that OTL did not find the 3 files in the SysWOW folder.

C:\Windows\SysWOW64\drivers\up.exe
C:\Windows\SysWOW64\Help64.exe
C:\Windows\SysWOW64\webe\Updater3.exe

Can you take a peek at those locations and see if they are there. You will likely need to make sure you can see hidden and system files."

""zoniq"
In C:\Windows\SysWOW64\drivers\ there is no sign of up.exe
But there is file called surfguard.exe
Don't know if it is bad or not...just for info

And I cannot see Help64.exe and Updater3.exe"

I am willing to bet that zoniq didn't see those files because of the vanishing then returning in a few moments over and over that I observed.

Anyway here is the DDS so we can get started. Thanks in advance for any help.


DDS (Ver_10-03-17.01) - NTFSX64
Run by Her at 8:04:59.62 on Fri 10/01/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.1937 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agr64svc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\system\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\MCUI32.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\drivers\SafeSurf.exe
C:\Users\Her\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net?cid=NET_mmhpset
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\syswow64\blank.htm
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\tbZyng.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\tbZyng.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton security suite\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton security suite\engine\4.2.0.12\IPSBHO.DLL
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\tbZyng.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files (x86)\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\tbZyng.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton security suite\engine\4.2.0.12\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn0\yt.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [DVDAgent] "c:\program files (x86)\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [QlbCtrl.exe] "c:\program files (x86)\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [HP Health Check Scheduler] c:\program files (x86)\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\syswow64\macromed\flash\FlashUtil10k_Plugin.exe -update plugin
StartupFolder: c:\users\her\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files (x86)\erunt\AUTOBACK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
Trusted Zone: comcast.com\activation3
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun-x64: [SysTrayApp] c:\program files\idt\wdm\sttray64.exe
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)

================= FIREFOX ===================

FF - ProfilePath - c:\users\her\appdata\roaming\mozilla\firefox\profiles\q3806ah3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360x64\0402000.00c\symds64.sys [2010-6-1 433200]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360x64\0402000.00c\symefa64.sys [2010-6-1 221232]
R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100901.003\BHDrvx64.sys [2010-8-31 954928]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360x64\0402000.00c\cchpx64.sys [2010-6-1 615040]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100930.005\IDSviA64.sys [2010-10-1 463408]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360x64\0402000.00c\ironx64.sys [2010-6-1 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360x64\0402000.00c\symtdiv.sys [2010-6-1 451120]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/03/11 11:22:08];c:\program files (x86)\hewlett-packard\media\dvd\000.fcl [2008-11-28 146928]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 30520]
R2 N360;Norton Security Suite;c:\program files (x86)\norton security suite\engine\4.2.0.12\ccsvchst.exe [2010-6-1 126392]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\sminst\BLService.exe [2009-4-8 365952]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-4-30 1153368]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2009-2-9 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2009-2-9 116096]
R2 Win_Updater;Win32 Updater;c:\windows\syswow64\system\svchost.exe [2010-8-21 1405440]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-8 228408]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 60928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-23 132656]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-3-11 26168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-4-6 136176]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-21 145496]
S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw3v64.sys [2008-1-20 3154432]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2006-11-2 273408]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2010-3-15 89920]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-10-01 03:54:12 590744687 ----a-w- c:\windows\MEMORY.DMP
2010-09-29 14:27:03 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 14:27:02 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-09-23 21:07:46 3347 ----a-w- c:\users\her\.recently-used.xbel
2010-09-22 01:07:30 0 d-----w- c:\program files (x86)\Microsoft
2010-09-22 01:07:06 0 d-----w- c:\program files (x86)\Windows Live SkyDrive
2010-09-22 01:06:02 0 d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2010-09-22 00:58:28 0 d-----w- c:\program files (x86)\common files\Windows Live
2010-09-21 05:21:55 0 d-----w- c:\windows\Mozilla
2010-09-21 05:20:57 0 d-----w- c:\programdata\Farm Fishes
2010-09-21 05:20:50 4286 ----a-w- c:\windows\syswow64\ico.ico
2010-09-21 05:20:46 0 d-----w- c:\windows\syswow64\system
2010-09-21 05:20:44 0 d-----w- c:\windows\syswow64\webem
2010-09-21 05:17:22 0 d-----w- c:\program files (x86)\Alawar
2010-09-18 19:45:29 0 d-----w- c:\program files (x86)\Farmers Market
2010-09-16 14:34:54 0 d-----w- c:\programdata\Yahoo! Companion
2010-09-16 14:34:26 0 d-----w- c:\programdata\Yahoo!
2010-09-16 14:32:54 0 d-----w- c:\program files (x86)\Yahoo!
2010-09-15 20:11:13 0 d-----w- c:\program files (x86)\Fishdom Spooky Splash
2010-09-15 20:10:45 0 d-----w- c:\program files (x86)\Fishdom H2O Hidden Odyssey
2010-09-15 20:10:29 0 d-----w- c:\program files (x86)\Fishdom H20 Hidden Odyssey
2010-09-15 20:09:20 0 d-----w- c:\program files (x86)\Fishdom
2010-09-15 17:07:16 317952 ----a-w- c:\windows\syswow64\MP4SDECD.DLL
2010-09-15 17:07:16 295424 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 17:07:14 273920 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 17:07:09 975360 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 17:07:09 739328 ----a-w- c:\windows\syswow64\inetcomm.dll
2010-09-15 17:07:07 621568 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 17:07:07 502272 ----a-w- c:\windows\syswow64\usp10.dll
2010-09-13 23:48:00 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-09-07 21:12:48 0 d-----w- c:\users\her\appdata\roaming\ITTNord
2010-09-07 19:54:03 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-09-07 19:54:03 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-09-07 19:54:03 145184 ----a-w- c:\windows\syswow64\java.exe
2010-09-07 17:35:47 0 d-sh--w- c:\windows\syswow64\%APPDATA%
2010-09-07 17:30:19 1426816 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-09-07 17:30:16 1869824 ----a-w- c:\windows\system32\msxml3.dll
2010-09-07 17:30:15 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
2010-09-07 17:30:13 81920 ----a-w- c:\windows\syswow64\iccvid.dll
2010-09-07 17:28:59 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-09-07 17:28:57 1638912 ----a-w- c:\windows\syswow64\mshtml.tlb
2010-09-07 17:28:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-07 17:25:40 343040 ----a-w- c:\windows\system32\schannel.dll
2010-09-07 17:25:40 274944 ----a-w- c:\windows\syswow64\schannel.dll
2010-09-07 17:10:19 0 d-----w- c:\program files (x86)\Comcast
2010-09-07 17:04:31 0 d-----w- c:\program files (x86)\ComcastUI
2010-09-02 14:19:45 1404 ----a-w- c:\users\her\appdata\roaming\wklnhst.dat

==================== Find3M ====================

2010-09-14 03:47:19 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-14 03:47:18 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-09-14 03:47:16 86016 ----a-w- c:\windows\inf\infstor.dat
2010-07-26 15:51:48 11584512 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-17 09:00:04 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-07-16 19:04:14 19256 ----a-w- c:\windows\system32\HPMDPCoInst11.dll
2010-07-16 19:03:58 30520 ----a-w- c:\windows\system32\hpservice.exe
2010-07-16 19:03:54 20792 ----a-w- c:\windows\system32\accelerometerdll.DLL
2010-07-16 04:38:54 392704 ----a-w- c:\windows\syswow64\ICH.exe
2010-07-03 17:50:43 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll
2010-04-01 04:15:22 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-05-12 14:31:10 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-05-12 14:31:10 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-05-12 14:31:10 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-04-08 07:30:33 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 8:06:58.19 ===============

Sorry to have to post a reply to my own thread, but I just noticed that my attach.zip is no longer in my original post. :confused:

Anyway here it is again.

ken545
2010-10-08, 12:43
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware execpt for the programs we may run.

Sorry for the delay, bit of a mix up but I am linked to you now. Just want you to know that your running the 64 bit version of Vista and there are not to many removal tools written for 64 bit just yet.





Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please







Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scan box paste this in



netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav



Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Magnus_Rexel
2010-10-09, 18:49
OTL logfile created on: 10/9/2010 11:02:43 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Her\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.81 Gb Total Space | 132.37 Gb Free Space | 46.64% Space Free | Partition Type: NTFS
Drive D: | 14.28 Gb Total Space | 2.14 Gb Free Space | 15.02% Space Free | Partition Type: NTFS
Drive E: | 4.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HER-PC
Current User Name: Her
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Her\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\drivers\safesurf.exe (JetSwap)
PRC - C:\Windows\SysWOW64\system\svchost.exe (Micro Software ©)
PRC - C:\Windows\SysWOW64\system\svchost.exe (Micro Software ©)
PRC - C:\Windows\SysWOW64\system\svchost.exe (Micro Software ©)
PRC - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Her\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\asoehook.dll (Symantec Corporation)
MOD - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\N360x64\0402000.00C\SYMTDIV.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Ironx64.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\N360x64\0402000.00C\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ccHPx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\SYMDS64.SYS (Symantec Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (NETw3v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101008.049\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101008.049\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101008.002\IDSviA64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net?cid=NET_mmhpset
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/06/05 11:01:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/05/10 15:06:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/17 10:18:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/17 10:18:56 | 000,000,000 | ---D | M]

[2010/05/11 12:27:53 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\Mozilla\Extensions
[2010/04/09 15:34:16 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/08 21:56:18 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\Mozilla\Firefox\Profiles\q3806ah3.default\extensions
[2010/05/24 12:55:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Her\AppData\Roaming\Mozilla\Firefox\Profiles\q3806ah3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/09 17:53:21 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Her\AppData\Roaming\Mozilla\Firefox\Profiles\q3806ah3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/09/07 17:03:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Her\AppData\Roaming\Mozilla\Firefox\Profiles\q3806ah3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/11 12:34:04 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Her\AppData\Roaming\Mozilla\Firefox\Profiles\q3806ah3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/09/12 08:12:06 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\Mozilla\Firefox\Profiles\q3806ah3.default\extensions\personas@christopher.beard
[2010/09/07 15:54:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/07 15:54:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/09/30 18:16:41 | 000,420,602 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14507 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [jsafesurf] C:\Windows\SysWOW64\drivers\safesurf.exe (JetSwap)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Her\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: comcast.com ([activation3] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Her\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Her\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/21 13:26:21 | 000,000,057 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{2fed85c4-2d46-11df-9324-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2fed85c4-2d46-11df-9324-806e6f6e6963}\Shell\AutoRun\command - "" = E:\OblivionLauncher.exe -- [2006/04/06 13:25:44 | 001,662,976 | R--- | M] (Bethesda Softworks)
O33 - MountPoints2\{4b80defd-9754-11df-ae0b-0026229a23f5}\Shell\AutoRun\command - "" = H:\podcastready.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 90 Days ==========

[2010/10/09 10:53:55 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\Her\Desktop\OTL.exe
[2010/10/09 10:52:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache
[2010/10/09 10:51:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\dictionaries
[2010/10/09 10:51:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\fonts
[2010/10/09 10:51:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\entityTables
[2010/10/09 10:51:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig
[2010/10/09 10:51:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\pref
[2010/10/09 10:51:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\modules
[2010/10/09 10:51:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\greprefs
[2010/10/09 10:51:30 | 009,799,128 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\xul.dll
[2010/10/09 10:51:30 | 000,443,352 | ---- | C] (sqlite.org) -- C:\Windows\SysWow64\drivers\f\1\sqlite3.dll
[2010/10/09 10:51:30 | 000,155,648 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\softokn3.dll
[2010/10/09 10:51:30 | 000,136,664 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\ssl3.dll
[2010/10/09 10:51:30 | 000,103,896 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\smime3.dll
[2010/10/09 10:51:30 | 000,017,880 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\xpcom.dll
[2010/10/09 10:51:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US
[2010/10/09 10:51:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\html
[2010/10/09 10:51:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\dtd
[2010/10/09 10:51:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome
[2010/10/09 10:51:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome
[2010/10/09 10:51:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\chrome
[2010/10/09 10:51:29 | 000,710,104 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\mozcrt19.dll
[2010/10/09 10:51:29 | 000,701,400 | ---- | C] (Netscape Communications Corporation) -- C:\Windows\SysWow64\drivers\f\1\js3250.dll
[2010/10/09 10:51:29 | 000,632,280 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nss3.dll
[2010/10/09 10:51:29 | 000,316,888 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nssckbi.dll
[2010/10/09 10:51:29 | 000,249,856 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\freebl3.dll
[2010/10/09 10:51:29 | 000,198,104 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nspr4.dll
[2010/10/09 10:51:29 | 000,134,616 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\components\brwsrcmp.dll
[2010/10/09 10:51:29 | 000,098,304 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nssdbm3.dll
[2010/10/09 10:51:29 | 000,087,512 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nssutil3.dll
[2010/10/09 10:51:29 | 000,065,496 | ---- | C] (mozilla.org) -- C:\Windows\SysWow64\drivers\f\1\plugins\npnul32.dll
[2010/10/09 10:51:29 | 000,023,000 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\components\browserdirprovider.dll
[2010/10/09 10:51:29 | 000,020,440 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\plc4.dll
[2010/10/09 10:51:29 | 000,017,368 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\plds4.dll
[2010/10/09 10:51:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res
[2010/10/09 10:51:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile
[2010/10/09 10:51:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\plugins
[2010/10/09 10:51:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults
[2010/10/09 10:51:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\components
[2010/10/09 10:51:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1
[2010/10/09 10:23:16 | 000,000,000 | ---D | C] -- C:\Users\Her\AppData\Roaming\Malwarebytes
[2010/10/09 10:23:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/09 10:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/09 10:23:02 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/09 10:23:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/09 08:15:47 | 000,000,000 | ---D | C] -- C:\Users\Her\AppData\Local\MediaSmart DVD
[2010/10/09 01:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Reflexive
[2010/10/08 23:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\GameHouse
[2010/10/08 23:59:11 | 000,000,000 | ---D | C] -- C:\Windows\Bookworm Adventures The Monkey King
[2010/10/08 23:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bookworm Adventures The Monkey King
[2010/10/08 23:58:35 | 000,000,000 | ---D | C] -- C:\Windows\Bookworm Adventures Astounding Planet
[2010/10/08 23:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bookworm Adventures Astounding Planet
[2010/10/08 23:58:02 | 000,000,000 | ---D | C] -- C:\Windows\Bookworm Adventures - Fractured Fairytales
[2010/10/08 23:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bookworm Adventures - Fractured Fairytales
[2010/10/08 23:57:17 | 000,000,000 | ---D | C] -- C:\Windows\Bookworm Adventures 2
[2010/10/08 23:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bookworm Adventures 2
[2010/10/08 17:53:44 | 000,000,000 | ---D | C] -- C:\a7de5374e6ac4e466db96ed94b894779
[2010/10/07 17:01:05 | 000,016,896 | ---- | C] (JetSwap) -- C:\Windows\SysWow64\drivers\up.exe
[2010/10/01 16:51:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Farm Frenzy Gone Fishing
[2010/10/01 08:03:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/01 08:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/09/21 22:14:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/09/21 21:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/09/21 21:07:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/09/21 21:07:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/09/21 21:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/09/21 21:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/09/21 20:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/09/21 01:40:15 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/09/21 01:22:01 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\drivers\%APPDATA%\Microsoft\Windows
[2010/09/21 01:22:01 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\drivers\%APPDATA%\Microsoft
[2010/09/21 01:22:01 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\drivers\%APPDATA%\Microsoft\Windows\IETldCache
[2010/09/21 01:22:01 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\drivers\%APPDATA%
[2010/09/21 01:21:55 | 000,000,000 | ---D | C] -- C:\Windows\Mozilla
[2010/09/21 01:21:42 | 000,158,720 | ---- | C] (Skybound Software (http://www.skybound.ca)) -- C:\Windows\SysWow64\drivers\skybound.gecko.dll
[2010/09/21 01:21:42 | 000,019,456 | ---- | C] (JetSwap) -- C:\Windows\SysWow64\drivers\surfguard.exe
[2010/09/21 01:21:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f
[2010/09/21 01:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Farm Fishes
[2010/09/21 01:20:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\system
[2010/09/21 01:20:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\webem
[2010/09/21 01:17:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alawar
[2010/09/19 19:50:26 | 000,000,000 | ---D | C] -- C:\Users\Her\AppData\Roaming\Apple Computer
[2010/09/18 15:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Farmers Market
[2010/09/16 10:36:30 | 000,000,000 | ---D | C] -- C:\Users\Her\AppData\Local\Yahoo
[2010/09/16 10:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/09/16 10:34:52 | 000,000,000 | ---D | C] -- C:\Users\Her\AppData\Roaming\Yahoo!
[2010/09/16 10:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/09/16 10:32:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/09/15 16:11:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fishdom Spooky Splash
[2010/09/15 16:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fishdom H2O Hidden Odyssey
[2010/09/15 16:10:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fishdom H20 Hidden Odyssey
[2010/09/15 16:09:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fishdom
[2010/09/15 13:07:16 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2010/09/15 13:07:16 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/09/15 13:07:07 | 000,621,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2010/09/07 17:12:48 | 000,000,000 | ---D | C] -- C:\Users\Her\AppData\Roaming\ITTNord
[2010/09/07 15:54:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/09/07 15:54:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/09/07 15:54:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/09/07 13:35:47 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/09/07 13:30:13 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/09/07 13:29:34 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/09/07 13:29:26 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/09/07 13:29:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/09/07 13:29:12 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/09/07 13:29:06 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/09/07 13:29:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/09/07 13:29:06 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/09/07 13:29:05 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/09/07 13:29:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/09/07 13:29:04 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/09/07 13:29:03 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/09/07 13:29:03 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/09/07 13:29:03 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/09/07 13:29:02 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/09/07 13:29:02 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/09/07 13:29:02 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/09/07 13:29:01 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/09/07 13:29:01 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/09/07 13:29:01 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/09/07 13:29:01 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/09/07 13:29:01 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/09/07 13:29:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/09/07 13:29:00 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/09/07 13:28:59 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/09/07 13:28:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/09/07 13:28:59 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/09/07 13:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comcast
[2010/09/07 13:04:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ComcastUI
[2010/09/07 11:06:15 | 000,000,000 | ---D | C] -- C:\Users\Her\Desktop\New Folder (3)
[2010/09/06 22:22:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Fashion Solitaire 1.2
[2010/09/02 10:19:46 | 000,000,000 | ---D | C] -- C:\Users\Her\AppData\Roaming\Template
[2010/08/12 01:35:47 | 000,000,000 | ---D | C] -- C:\Users\Her\AppData\Local\Apple Computer
[2010/08/05 12:26:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HDSoft® HDSoftCo@Gmail.com
[2010/08/05 12:24:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project64 1.6
[2010/07/31 20:18:28 | 000,000,000 | ---D | C] -- C:\found.000
[2010/07/26 23:55:09 | 000,000,000 | ---D | C] -- C:\Users\Her\Documents\Oblivion
[2010/07/26 21:02:03 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2010/07/25 14:19:06 | 000,000,000 | ---D | C] -- C:\Users\Her\AppData\Roaming\BBB
[2010/07/25 14:17:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Last Airbender
[2010/07/17 21:42:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2010/07/17 21:40:13 | 000,000,000 | ---D | C] -- C:\Users\Her\AppData\Local\Oblivion
[2010/07/17 21:40:13 | 000,000,000 | ---D | C] -- C:\Users\Her\Documents\My Games
[2010/07/17 09:42:06 | 000,000,000 | ---D | C] -- C:\Users\Her\Documents\SaveGames
[2010/07/16 15:04:14 | 000,019,256 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\HPMDPCoInst11.dll
[2010/07/16 15:03:48 | 000,043,320 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\Accelerometer.sys
[2010/07/14 19:45:32 | 000,000,000 | ---D | C] -- C:\Users\Her\AppData\Local\IsolatedStorage
[2010/04/03 16:19:59 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Her\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 90 Days ==========

[2010/10/09 11:02:58 | 006,815,744 | -HS- | M] () -- C:\Users\Her\NTUSER.DAT
[2010/10/09 10:53:58 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Her\Desktop\OTL.exe
[2010/10/09 10:51:53 | 000,016,384 | -HS- | M] () -- C:\Windows\SysWow64\drivers\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
[2010/10/09 10:51:46 | 000,142,385 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\1\components\compreg.dat
[2010/10/09 10:51:45 | 000,102,022 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\1\components\xpti.dat
[2010/10/09 10:49:47 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/09 10:49:46 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/09 10:49:46 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/09 10:49:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/09 10:49:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/09 10:49:29 | 4024,258,560 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/09 10:48:07 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/10/09 10:48:04 | 000,524,288 | -HS- | M] () -- C:\Users\Her\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/10/09 10:48:04 | 000,065,536 | -HS- | M] () -- C:\Users\Her\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/10/09 10:48:03 | 004,867,790 | -H-- | M] () -- C:\Users\Her\AppData\Local\IconCache.db
[2010/10/09 10:23:08 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/09 09:49:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/08 23:59:17 | 000,002,051 | ---- | M] () -- C:\Users\Her\Desktop\Bookworm Adventures The Monkey King.lnk
[2010/10/08 23:58:41 | 000,002,069 | ---- | M] () -- C:\Users\Her\Desktop\Bookworm Adventures Astounding Planet.lnk
[2010/10/08 23:58:08 | 000,002,114 | ---- | M] () -- C:\Users\Her\Desktop\Bookworm Adventures Fractured Fairytales.lnk
[2010/10/08 23:57:29 | 000,001,848 | ---- | M] () -- C:\Users\Her\Desktop\Bookworm Adventures Vol.2.lnk
[2010/10/08 23:56:24 | 000,002,072 | ---- | M] () -- C:\Users\Her\Desktop\Bookworm Adventures Deluxe.lnk
[2010/10/07 18:33:30 | 000,211,968 | ---- | M] (JetSwap) -- C:\Windows\SysWow64\drivers\safesurf.exe
[2010/10/07 18:33:30 | 000,019,456 | ---- | M] (JetSwap) -- C:\Windows\SysWow64\drivers\surfguard.exe
[2010/10/07 17:01:05 | 000,016,896 | ---- | M] (JetSwap) -- C:\Windows\SysWow64\drivers\up.exe
[2010/10/07 16:50:31 | 478,891,695 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/07 16:41:33 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHer.job
[2010/10/01 16:51:58 | 000,001,075 | ---- | M] () -- C:\Users\Her\Desktop\Farm Frenzy Gone Fishing.lnk
[2010/10/01 08:43:25 | 000,003,234 | ---- | M] () -- C:\Users\Her\Documents\Attach.zip
[2010/10/01 08:01:32 | 000,000,943 | ---- | M] () -- C:\Users\Her\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/01 08:00:55 | 000,000,763 | ---- | M] () -- C:\Users\Her\Desktop\NTREGOPT.lnk
[2010/10/01 08:00:55 | 000,000,744 | ---- | M] () -- C:\Users\Her\Desktop\ERUNT.lnk
[2010/09/30 18:16:41 | 000,420,602 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/09/30 00:49:42 | 000,133,120 | ---- | M] () -- C:\Users\Her\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/23 17:07:46 | 000,003,347 | ---- | M] () -- C:\Users\Her\.recently-used.xbel
[2010/09/23 01:55:40 | 000,419,434 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100930-181641.backup
[2010/09/22 13:42:33 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/22 13:42:33 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/22 13:42:33 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/21 20:56:14 | 000,419,366 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100923-015540.backup
[2010/09/21 18:05:26 | 000,001,404 | ---- | M] () -- C:\Users\Her\AppData\Roaming\wklnhst.dat
[2010/09/21 01:21:38 | 009,655,677 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\jet.exe
[2010/09/21 01:20:50 | 000,004,286 | ---- | M] () -- C:\Windows\SysWow64\ico.ico
[2010/09/21 01:17:45 | 000,001,738 | ---- | M] () -- C:\Users\Her\Desktop\Alawar Games.lnk
[2010/09/20 18:45:23 | 000,001,041 | ---- | M] () -- C:\Users\Her\AppData\Roaming\vso_ts_preview.xml
[2010/09/19 08:56:26 | 000,000,680 | ---- | M] () -- C:\Users\Her\AppData\Local\d3d9caps.dat
[2010/09/18 15:49:20 | 000,000,945 | ---- | M] () -- C:\Users\Her\Desktop\Farmers Market.lnk
[2010/09/16 10:34:30 | 000,000,996 | ---- | M] () -- C:\Users\Her\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/09/16 10:34:30 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/09/15 16:15:11 | 000,001,868 | ---- | M] () -- C:\Users\Her\Desktop\Fishdom (2).lnk
[2010/09/15 16:10:47 | 000,001,043 | ---- | M] () -- C:\Users\Her\Desktop\Fishdom H2O Hidden Odyssey.lnk
[2010/09/15 16:09:53 | 000,000,848 | ---- | M] () -- C:\Users\Her\Desktop\Fishdom.lnk
[2010/09/13 23:35:07 | 000,001,127 | ---- | M] () -- C:\Users\Her\Desktop\Spybot - Search & Destroy.lnk
[2010/09/09 11:56:54 | 000,002,551 | ---- | M] () -- C:\Users\Her\Application Data\Microsoft\Internet Explorer\Quick Launch\HP MediaSmart.lnk
[2010/09/08 11:04:15 | 000,419,188 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100921-205614.backup
[2010/09/07 18:01:39 | 000,002,031 | ---- | M] () -- C:\Users\Public\Desktop\TES Construction Set (Oblivion).lnk
[2010/09/07 15:19:58 | 000,075,848 | ---- | M] () -- C:\Users\Her\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/07 15:16:49 | 000,314,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/07 13:25:08 | 000,001,637 | ---- | M] () -- C:\Users\Her\Desktop\Paint.lnk
[2010/09/07 13:18:07 | 000,001,757 | ---- | M] () -- C:\Users\Her\Desktop\Windows Defender.lnk
[2010/09/07 13:17:39 | 000,001,661 | ---- | M] () -- C:\Users\Her\Desktop\Windows Update.lnk
[2010/09/07 13:10:39 | 000,002,571 | ---- | M] () -- C:\Users\Public\Desktop\Comcast Desktop Doctor.lnk
[2010/09/07 13:08:18 | 000,000,181 | ---- | M] () -- C:\Users\Her\Desktop\Comcast Security.url
[2010/09/07 13:08:18 | 000,000,175 | ---- | M] () -- C:\Users\Her\Desktop\Comcast Email.url
[2010/09/07 13:08:18 | 000,000,074 | ---- | M] () -- C:\Users\Her\Desktop\Ask Comcast.url
[2010/09/07 13:08:18 | 000,000,054 | ---- | M] () -- C:\Users\Her\Desktop\Comcast Help.url
[2010/08/27 19:11:33 | 000,009,456 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\1\components\nsRequestService.js
[2010/08/05 13:13:00 | 000,000,072 | ---- | M] () -- C:\Users\Her\Documents\a1.jsf
[2010/08/05 12:27:34 | 000,001,364 | ---- | M] () -- C:\Users\Her\Desktop\Legend of ZELDA,Ocarina of Time.lnk
[2010/07/27 00:17:59 | 000,001,999 | ---- | M] () -- C:\Users\Public\Desktop\Oblivion.lnk
[2010/07/25 14:18:13 | 000,001,886 | ---- | M] () -- C:\Users\Her\Desktop\The Last Airbender.lnk
[2010/07/18 06:11:48 | 000,001,404 | ---- | M] () -- C:\Users\Her\Application Data\Microsoft\Internet Explorer\Quick Launch\BigFishGames_Selection - Shortcut.lnk
[2010/07/17 05:00:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/07/17 05:00:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/07/17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/07/16 15:04:14 | 000,019,256 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\SysNative\HPMDPCoInst11.dll
[2010/07/16 15:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\hpdskflt.sys
[2010/07/16 15:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpservice.exe
[2010/07/16 15:03:54 | 000,020,792 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\SysNative\accelerometerdll.DLL
[2010/07/16 15:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\Accelerometer.sys
[2010/07/14 20:11:50 | 000,021,416 | ---- | M] () -- C:\Users\Her\Documents\test2.pk
[2010/07/14 20:03:13 | 000,682,969 | ---- | M] () -- C:\Users\Her\Documents\test2.wma
[2010/07/14 20:00:54 | 000,678,479 | ---- | M] () -- C:\Users\Her\Documents\test1.wma

Magnus_Rexel
2010-10-09, 18:49
========== Files Created - No Company Name ==========

[2010/10/09 10:59:55 | 000,002,366 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\pluginreg.dat
[2010/10/09 10:59:54 | 000,070,691 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\6280A6A8d01
[2010/10/09 10:59:52 | 000,067,112 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\802C2356d01
[2010/10/09 10:52:20 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\urlclassifier3.sqlite
[2010/10/09 10:52:19 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\cert8.db
[2010/10/09 10:52:19 | 000,042,833 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_003_
[2010/10/09 10:52:19 | 000,017,688 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_002_
[2010/10/09 10:52:19 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\secmod.db
[2010/10/09 10:52:19 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\key3.db
[2010/10/09 10:52:19 | 000,013,685 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_001_
[2010/10/09 10:52:19 | 000,000,276 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_MAP_
[2010/10/09 10:51:55 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\webappsstore.sqlite
[2010/10/09 10:51:51 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\cookies.sqlite
[2010/10/09 10:51:50 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\permissions.sqlite
[2010/10/09 10:51:48 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\places.sqlite
[2010/10/09 10:51:48 | 000,066,176 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\places.sqlite-journal
[2010/10/09 10:51:46 | 000,142,385 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\compreg.dat
[2010/10/09 10:51:45 | 000,102,022 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpti.dat
[2010/10/09 10:51:33 | 000,348,994 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\browser.xpt
[2010/10/09 10:51:33 | 000,038,499 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\transliterate.properties
[2010/10/09 10:51:33 | 000,023,460 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_svg.xpt
[2010/10/09 10:51:33 | 000,019,182 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\accessibility.xpt
[2010/10/09 10:51:33 | 000,018,049 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_html.xpt
[2010/10/09 10:51:33 | 000,017,215 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko.xpt
[2010/10/09 10:51:33 | 000,012,938 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pipnss.xpt
[2010/10/09 10:51:33 | 000,011,997 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_css.xpt
[2010/10/09 10:51:33 | 000,011,652 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\places.xpt
[2010/10/09 10:51:33 | 000,011,557 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\editor.xpt
[2010/10/09 10:51:33 | 000,011,151 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\widget.xpt
[2010/10/09 10:51:33 | 000,011,095 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_ds.xpt
[2010/10/09 10:51:33 | 000,010,561 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\docshell_base.xpt
[2010/10/09 10:51:33 | 000,009,477 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_base.xpt
[2010/10/09 10:51:33 | 000,009,066 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_base.xpt
[2010/10/09 10:51:33 | 000,008,438 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpconnect.xpt
[2010/10/09 10:51:33 | 000,007,420 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_io.xpt
[2010/10/09 10:51:33 | 000,007,408 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_xul.xpt
[2010/10/09 10:51:33 | 000,007,301 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_core.xpt
[2010/10/09 10:51:33 | 000,006,869 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_events.xpt
[2010/10/09 10:51:33 | 000,006,029 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\jsdservice.xpt
[2010/10/09 10:51:33 | 000,005,510 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\webBrowser_core.xpt
[2010/10/09 10:51:33 | 000,005,145 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\plugin.xpt
[2010/10/09 10:51:33 | 000,004,908 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\rdf.xpt
[2010/10/09 10:51:33 | 000,003,831 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\extensions.xpt
[2010/10/09 10:51:33 | 000,003,731 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_xul_tree.xpt
[2010/10/09 10:51:33 | 000,003,603 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\autocomplete.xpt
[2010/10/09 10:51:33 | 000,003,290 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pref.xpt
[2010/10/09 10:51:33 | 000,003,274 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\feeds.xpt
[2010/10/09 10:51:33 | 000,003,185 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_base.xpt
[2010/10/09 10:51:33 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\storage.xpt
[2010/10/09 10:51:33 | 000,003,040 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_components.xpt
[2010/10/09 10:51:33 | 000,003,021 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\imglib2.xpt
[2010/10/09 10:51:33 | 000,002,958 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\shistory.xpt
[2010/10/09 10:51:33 | 000,002,793 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\windowwatcher.xpt
[2010/10/09 10:51:33 | 000,002,719 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\caps.xpt
[2010/10/09 10:51:33 | 000,002,713 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\uriloader.xpt
[2010/10/09 10:51:33 | 000,002,646 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\update.xpt
[2010/10/09 10:51:33 | 000,002,621 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_loadsave.xpt
[2010/10/09 10:51:33 | 000,002,602 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_http.xpt
[2010/10/09 10:51:33 | 000,002,595 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_cache.xpt
[2010/10/09 10:51:33 | 000,002,547 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\appshell.xpt
[2010/10/09 10:51:33 | 000,002,512 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_xtf.xpt
[2010/10/09 10:51:33 | 000,002,502 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\inspector.xpt
[2010/10/09 10:51:33 | 000,002,425 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xultmpl.xpt
[2010/10/09 10:51:33 | 000,002,369 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\saxparser.xpt
[2010/10/09 10:51:33 | 000,002,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_thread.xpt
[2010/10/09 10:51:33 | 000,002,232 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\downloads.xpt
[2010/10/09 10:51:33 | 000,002,122 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_xul.xpt
[2010/10/09 10:51:33 | 000,002,080 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\wincharset.properties
[2010/10/09 10:51:33 | 000,002,074 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\webbrowserpersist.xpt
[2010/10/09 10:51:33 | 000,002,008 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\mimetype.xpt
[2010/10/09 10:51:33 | 000,001,981 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\exthandler.xpt
[2010/10/09 10:51:33 | 000,001,930 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_canvas.xpt
[2010/10/09 10:51:33 | 000,001,896 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_system.xpt
[2010/10/09 10:51:33 | 000,001,789 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\commandhandler.xpt
[2010/10/09 10:51:33 | 000,001,784 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\loginmgr.xpt
[2010/10/09 10:51:33 | 000,001,648 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_cookie.xpt
[2010/10/09 10:51:33 | 000,001,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_xpti.xpt
[2010/10/09 10:51:33 | 000,001,508 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\exthelper.xpt
[2010/10/09 10:51:33 | 000,001,491 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\uconv.xpt
[2010/10/09 10:51:33 | 000,001,475 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_strconv.xpt
[2010/10/09 10:51:33 | 000,001,451 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\gfx.xpt
[2010/10/09 10:51:33 | 000,001,417 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_xpath.xpt
[2010/10/09 10:51:33 | 000,001,346 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\jar.xpt
[2010/10/09 10:51:33 | 000,001,326 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_xslt.xpt
[2010/10/09 10:51:33 | 000,001,293 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\webshell_idls.xpt
[2010/10/09 10:51:33 | 000,001,282 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_traversal.xpt
[2010/10/09 10:51:33 | 000,001,263 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_offline.xpt
[2010/10/09 10:51:33 | 000,001,260 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\locale.xpt
[2010/10/09 10:51:33 | 000,001,258 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\txmgr.xpt
[2010/10/09 10:51:33 | 000,001,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_range.xpt
[2010/10/09 10:51:33 | 000,001,209 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xuldoc.xpt
[2010/10/09 10:51:33 | 000,001,181 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\unicharutil.xpt
[2010/10/09 10:51:33 | 000,001,179 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\prefetch.xpt
[2010/10/09 10:51:33 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\oji.xpt
[2010/10/09 10:51:33 | 000,001,111 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpinstall.xpt
[2010/10/09 10:51:33 | 000,001,088 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\toolkitprofile.xpt
[2010/10/09 10:51:33 | 000,001,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_dns.xpt
[2010/10/09 10:51:33 | 000,001,060 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\spellchecker.xpt
[2010/10/09 10:51:33 | 000,001,036 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\find.xpt
[2010/10/09 10:51:33 | 000,001,019 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_stylesheets.xpt
[2010/10/09 10:51:33 | 000,001,011 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xml-rpc.xpt
[2010/10/09 10:51:33 | 000,000,960 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\commandlines.xpt
[2010/10/09 10:51:33 | 000,000,911 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_printing.xpt
[2010/10/09 10:51:33 | 000,000,893 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_socket.xpt
[2010/10/09 10:51:33 | 000,000,874 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_storage.xpt
[2010/10/09 10:51:33 | 000,000,858 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\grabber.gif
[2010/10/09 10:51:33 | 000,000,856 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\plugins\flashplayer.xpt
[2010/10/09 10:51:33 | 000,000,845 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\mozfind.xpt
[2010/10/09 10:51:33 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-row-hover.gif
[2010/10/09 10:51:33 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-row.gif
[2010/10/09 10:51:33 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-column-hover.gif
[2010/10/09 10:51:33 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-column.gif
[2010/10/09 10:51:33 | 000,000,835 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-row-active.gif
[2010/10/09 10:51:33 | 000,000,835 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-column-active.gif
[2010/10/09 10:51:33 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-after-hover.gif
[2010/10/09 10:51:33 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-after.gif
[2010/10/09 10:51:33 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-after-hover.gif
[2010/10/09 10:51:33 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-after.gif
[2010/10/09 10:51:33 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-before-hover.gif
[2010/10/09 10:51:33 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-before.gif
[2010/10/09 10:51:33 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-before-hover.gif
[2010/10/09 10:51:33 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-before.gif
[2010/10/09 10:51:33 | 000,000,771 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\zipwriter.xpt
[2010/10/09 10:51:33 | 000,000,759 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\txtsvc.xpt
[2010/10/09 10:51:33 | 000,000,755 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\composer.xpt
[2010/10/09 10:51:33 | 000,000,724 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\contentprefs.xpt
[2010/10/09 10:51:33 | 000,000,718 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\satchel.xpt
[2010/10/09 10:51:33 | 000,000,700 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_html.xpt
[2010/10/09 10:51:33 | 000,000,694 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\htmlparser.xpt
[2010/10/09 10:51:33 | 000,000,693 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_xmldoc.xpt
[2010/10/09 10:51:33 | 000,000,679 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\chardet.xpt
[2010/10/09 10:51:33 | 000,000,652 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\profile.xpt
[2010/10/09 10:51:33 | 000,000,645 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\intl.xpt
[2010/10/09 10:51:33 | 000,000,628 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pipboot.xpt
[2010/10/09 10:51:33 | 000,000,619 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\html\folder.png
[2010/10/09 10:51:33 | 000,000,613 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xulapp.xpt
[2010/10/09 10:51:33 | 000,000,605 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_htmldoc.xpt
[2010/10/09 10:51:33 | 000,000,599 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\fastfind.xpt
[2010/10/09 10:51:33 | 000,000,551 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_sidebar.xpt
[2010/10/09 10:51:33 | 000,000,543 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\appstartup.xpt
[2010/10/09 10:51:33 | 000,000,537 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\parentalcontrols.xpt
[2010/10/09 10:51:33 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\embed_base.xpt
[2010/10/09 10:51:33 | 000,000,488 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\cookie.xpt
[2010/10/09 10:51:33 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_xbl.xpt
[2010/10/09 10:51:33 | 000,000,437 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_file.xpt
[2010/10/09 10:51:33 | 000,000,377 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pippki.xpt
[2010/10/09 10:51:33 | 000,000,377 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom.xpt
[2010/10/09 10:51:33 | 000,000,373 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\directory.xpt
[2010/10/09 10:51:33 | 000,000,356 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\mimeTypes.rdf
[2010/10/09 10:51:33 | 000,000,349 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_json.xpt
[2010/10/09 10:51:33 | 000,000,344 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\chrome.xpt
[2010/10/09 10:51:33 | 000,000,326 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\imgicon.xpt
[2010/10/09 10:51:33 | 000,000,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_about.xpt
[2010/10/09 10:51:33 | 000,000,302 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_base.xpt
[2010/10/09 10:51:33 | 000,000,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\mozbrwsr.xpt
[2010/10/09 10:51:33 | 000,000,287 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\proxyObject.xpt
[2010/10/09 10:51:33 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_res.xpt
[2010/10/09 10:51:33 | 000,000,233 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\accessibility-msaa.xpt
[2010/10/09 10:51:33 | 000,000,226 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_views.xpt
[2010/10/09 10:51:33 | 000,000,212 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\windowds.xpt
[2010/10/09 10:51:33 | 000,000,211 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\autoconfig.xpt
[2010/10/09 10:51:33 | 000,000,211 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\alerts.xpt
[2010/10/09 10:51:33 | 000,000,201 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_ftp.xpt
[2010/10/09 10:51:33 | 000,000,198 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xulapp_setup.xpt
[2010/10/09 10:51:33 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_viewsource.xpt
[2010/10/09 10:51:33 | 000,000,174 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\lwbrk.xpt
[2010/10/09 10:51:33 | 000,000,172 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\urlformatter.xpt
[2010/10/09 10:51:33 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\localstore.rdf
[2010/10/09 10:51:33 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\localstore.rdf
[2010/10/09 10:51:33 | 000,000,122 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\loading-image.gif
[2010/10/09 10:51:33 | 000,000,106 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\broken-image.gif
[2010/10/09 10:51:33 | 000,000,059 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\arrowd.gif
[2010/10/09 10:51:33 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-after-active.gif
[2010/10/09 10:51:33 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-before-active.gif
[2010/10/09 10:51:33 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-after-active.gif
[2010/10/09 10:51:33 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-before-active.gif
[2010/10/09 10:51:33 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\arrow.gif
[2010/10/09 10:51:32 | 000,115,501 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsUpdateService.js
[2010/10/09 10:51:32 | 000,110,913 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSearchService.js
[2010/10/09 10:51:32 | 000,077,051 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsMicrosummaryService.js
[2010/10/09 10:51:32 | 000,076,993 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSessionStore.js
[2010/10/09 10:51:32 | 000,061,758 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\utils.js
[2010/10/09 10:51:32 | 000,056,411 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfont.properties
[2010/10/09 10:51:32 | 000,051,214 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsHandlerService.js
[2010/10/09 10:51:32 | 000,050,600 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsUrlClassifierLib.js
[2010/10/09 10:51:32 | 000,049,926 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\storage-Legacy.js
[2010/10/09 10:51:32 | 000,044,106 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLoginManager.js
[2010/10/09 10:51:32 | 000,041,950 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsHelperAppDlg.js
[2010/10/09 10:51:32 | 000,040,367 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLoginManagerPrompter.js
[2010/10/09 10:51:32 | 000,037,314 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsProgressDialog.js
[2010/10/09 10:51:32 | 000,036,111 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLivemarkService.js
[2010/10/09 10:51:32 | 000,035,256 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsXmlRpcClient.js
[2010/10/09 10:51:32 | 000,034,011 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\WebContentConverter.js
[2010/10/09 10:51:32 | 000,033,805 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsPlacesTransactionsService.js
[2010/10/09 10:51:32 | 000,030,004 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\mathml20.properties
[2010/10/09 10:51:32 | 000,025,176 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSafebrowsingApplication.js
[2010/10/09 10:51:32 | 000,024,273 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSearchSuggestions.js
[2010/10/09 10:51:32 | 000,021,420 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsPostUpdateWin.js
[2010/10/09 10:51:32 | 000,019,983 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsUrlClassifierListManager.js
[2010/10/09 10:51:32 | 000,017,380 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\DownloadUtils.jsm
[2010/10/09 10:51:32 | 000,013,682 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsProxyAutoConfig.js
[2010/10/09 10:51:32 | 000,012,513 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSidebar.js
[2010/10/09 10:51:32 | 000,011,428 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSessionStartup.js
[2010/10/09 10:51:32 | 000,011,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\charsetalias.properties
[2010/10/09 10:51:32 | 000,009,998 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\XPCOMUtils.jsm
[2010/10/09 10:51:32 | 000,009,967 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsTaggingService.js
[2010/10/09 10:51:32 | 000,009,551 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\charsetData.properties
[2010/10/09 10:51:32 | 000,009,456 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsRequestService.js
[2010/10/09 10:51:32 | 000,008,278 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsXULAppInstall.js
[2010/10/09 10:51:32 | 000,007,585 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\PluralForm.jsm
[2010/10/09 10:51:32 | 000,007,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig\prefcalls.js
[2010/10/09 10:51:32 | 000,007,049 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsResetPref.js
[2010/10/09 10:51:32 | 000,007,039 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\ISO8601DateUtils.jsm
[2010/10/09 10:51:32 | 000,006,920 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsWebHandlerApp.js
[2010/10/09 10:51:32 | 000,006,721 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\JSON.jsm
[2010/10/09 10:51:32 | 000,006,719 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontUnicode.properties
[2010/10/09 10:51:32 | 000,006,667 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\txEXSLTRegExFunctions.js
[2010/10/09 10:51:32 | 000,005,649 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\langGroups.properties
[2010/10/09 10:51:32 | 000,005,493 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontSTIXNonUnicode.properties
[2010/10/09 10:51:32 | 000,005,490 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\language.properties
[2010/10/09 10:51:32 | 000,004,302 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLoginInfo.js
[2010/10/09 10:51:32 | 000,004,090 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\html40Symbols.properties
[2010/10/09 10:51:32 | 000,003,954 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontSymbol.properties
[2010/10/09 10:51:32 | 000,003,930 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\xulrunner.js
[2010/10/09 10:51:32 | 000,003,902 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontStandardSymbolsL.properties
[2010/10/09 10:51:32 | 000,003,690 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\html40Latin1.properties
[2010/10/09 10:51:32 | 000,003,378 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\greprefs\security-prefs.js
[2010/10/09 10:51:32 | 000,003,268 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsTryToClose.js
[2010/10/09 10:51:32 | 000,003,142 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pluginGlue.js
[2010/10/09 10:51:32 | 000,003,115 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsURLFormatter.js
[2010/10/09 10:51:32 | 000,003,033 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontSTIXSize1.properties
[2010/10/09 10:51:32 | 000,002,854 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSetDefaultBrowser.js
[2010/10/09 10:51:32 | 000,002,396 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\html40Special.properties
[2010/10/09 10:51:32 | 000,001,967 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\htmlEntityVersions.properties
[2010/10/09 10:51:32 | 000,000,774 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\en-US.manifest
[2010/10/09 10:51:32 | 000,000,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\classic.manifest
[2010/10/09 10:51:32 | 000,000,517 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\toolkit.manifest
[2010/10/09 10:51:32 | 000,000,347 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\prefs.js
[2010/10/09 10:51:32 | 000,000,208 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\reporter.js
[2010/10/09 10:51:32 | 000,000,172 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\geckofx.manifest
[2010/10/09 10:51:32 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\comm.manifest
[2010/10/09 10:51:32 | 000,000,087 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig\platform.js
[2010/10/09 10:51:32 | 000,000,085 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\greprefs\xpinstall.js
[2010/10/09 10:51:32 | 000,000,069 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\pippki.manifest
[2010/10/09 10:51:31 | 000,333,726 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsExtensionManager.js
[2010/10/09 10:51:31 | 000,072,928 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\greprefs\all.js
[2010/10/09 10:51:31 | 000,066,215 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\FeedProcessor.js
[2010/10/09 10:51:31 | 000,064,412 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\Microformats.js
[2010/10/09 10:51:31 | 000,049,780 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\FeedWriter.js
[2010/10/09 10:51:31 | 000,038,238 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\fuelApplication.js
[2010/10/09 10:51:31 | 000,035,102 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\firefox.js
[2010/10/09 10:51:31 | 000,033,087 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBrowserContentHandler.js
[2010/10/09 10:51:31 | 000,032,409 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBrowserGlue.js
[2010/10/09 10:51:31 | 000,030,074 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBlocklistService.js
[2010/10/09 10:51:31 | 000,029,973 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsContentPrefService.js
[2010/10/09 10:51:31 | 000,025,339 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\FeedConverter.js
[2010/10/09 10:51:31 | 000,012,091 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\distribution.js
[2010/10/09 10:51:31 | 000,011,677 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsAddonRepository.js
[2010/10/09 10:51:31 | 000,006,265 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsDefaultCLH.js
[2010/10/09 10:51:31 | 000,005,737 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsDownloadManagerUI.js
[2010/10/09 10:51:31 | 000,005,005 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsContentDispatchChooser.js
[2010/10/09 10:51:31 | 000,004,805 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsDictionary.js
[2010/10/09 10:51:31 | 000,003,104 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBadCertHandler.js
[2010/10/09 10:51:31 | 000,002,927 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\aboutRobots.js
[2010/10/09 10:51:31 | 000,002,925 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\aboutRights.js
[2010/10/09 10:51:31 | 000,002,738 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\debug.js
[2010/10/09 10:51:31 | 000,001,512 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\jsconsole-clhandler.js
[2010/10/09 10:51:31 | 000,000,915 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\firefox-branding.js
[2010/10/09 10:51:31 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\firefox-l10n.js
[2010/10/09 10:51:31 | 000,000,126 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\channel-prefs.js
[2010/10/09 10:51:30 | 001,915,137 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\toolkit.jar
[2010/10/09 10:51:30 | 000,777,705 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\classic.jar
[2010/10/09 10:51:30 | 000,332,438 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\en-US.jar
[2010/10/09 10:51:30 | 000,317,480 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\pippki.jar
[2010/10/09 10:51:30 | 000,063,788 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\dtd\mathml.dtd
[2010/10/09 10:51:30 | 000,039,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\comm.jar
[2010/10/09 10:51:30 | 000,015,416 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\forms.css
[2010/10/09 10:51:30 | 000,014,664 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\mathml.css
[2010/10/09 10:51:30 | 000,013,443 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\geckofx.jar
[2010/10/09 10:51:30 | 000,011,637 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\contenteditable.css
[2010/10/09 10:51:30 | 000,011,608 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\quirk.css
[2010/10/09 10:51:30 | 000,011,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\html.css
[2010/10/09 10:51:30 | 000,010,740 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\EditorOverride.css
[2010/10/09 10:51:30 | 000,008,427 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\dtd\xhtml11.dtd
[2010/10/09 10:51:30 | 000,006,469 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\ua.css
[2010/10/09 10:51:30 | 000,003,037 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\viewsource.css
[2010/10/09 10:51:30 | 000,002,295 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\svg.css
[2010/10/09 10:51:30 | 000,001,861 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\designmode.css
[2010/10/09 10:51:30 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome\userChrome-example.css
[2010/10/09 10:51:30 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome\userChrome-example.css
[2010/10/09 10:51:30 | 000,000,663 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome\userContent-example.css
[2010/10/09 10:51:30 | 000,000,663 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome\userContent-example.css
[2010/10/09 10:51:30 | 000,000,478 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\softokn3.chk
[2010/10/09 10:51:30 | 000,000,478 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\freebl3.chk
[2010/10/09 10:51:29 | 005,969,360 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\plugins\NPSWF32.dll
[2010/10/09 10:51:29 | 000,007,139 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\bookmarks.html
[2010/10/09 10:51:29 | 000,000,117 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\hiddenWindow.html
[2010/10/09 10:23:08 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/08 23:59:17 | 000,002,051 | ---- | C] () -- C:\Users\Her\Desktop\Bookworm Adventures The Monkey King.lnk
[2010/10/08 23:58:41 | 000,002,069 | ---- | C] () -- C:\Users\Her\Desktop\Bookworm Adventures Astounding Planet.lnk
[2010/10/08 23:58:08 | 000,002,114 | ---- | C] () -- C:\Users\Her\Desktop\Bookworm Adventures Fractured Fairytales.lnk
[2010/10/08 23:57:28 | 000,001,848 | ---- | C] () -- C:\Users\Her\Desktop\Bookworm Adventures Vol.2.lnk
[2010/10/08 23:56:24 | 000,002,072 | ---- | C] () -- C:\Users\Her\Desktop\Bookworm Adventures Deluxe.lnk
[2010/10/01 16:51:58 | 000,001,075 | ---- | C] () -- C:\Users\Her\Desktop\Farm Frenzy Gone Fishing.lnk
[2010/10/01 08:42:10 | 000,003,234 | ---- | C] () -- C:\Users\Her\Documents\Attach.zip
[2010/10/01 08:01:32 | 000,000,943 | ---- | C] () -- C:\Users\Her\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/01 08:00:55 | 000,000,763 | ---- | C] () -- C:\Users\Her\Desktop\NTREGOPT.lnk
[2010/10/01 08:00:55 | 000,000,744 | ---- | C] () -- C:\Users\Her\Desktop\ERUNT.lnk
[2010/09/30 23:54:12 | 478,891,695 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/23 17:07:46 | 000,003,347 | ---- | C] () -- C:\Users\Her\.recently-used.xbel
[2010/09/21 01:22:01 | 000,016,384 | -HS- | C] () -- C:\Windows\SysWow64\drivers\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
[2010/09/21 01:21:30 | 009,655,677 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\jet.exe
[2010/09/21 01:20:50 | 000,004,286 | ---- | C] () -- C:\Windows\SysWow64\ico.ico
[2010/09/21 01:17:44 | 000,001,738 | ---- | C] () -- C:\Users\Her\Desktop\Alawar Games.lnk
[2010/09/18 15:49:19 | 000,000,945 | ---- | C] () -- C:\Users\Her\Desktop\Farmers Market.lnk
[2010/09/16 10:34:30 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/09/16 10:34:29 | 000,000,996 | ---- | C] () -- C:\Users\Her\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/09/15 16:15:11 | 000,001,868 | ---- | C] () -- C:\Users\Her\Desktop\Fishdom (2).lnk
[2010/09/15 16:10:46 | 000,001,043 | ---- | C] () -- C:\Users\Her\Desktop\Fishdom H2O Hidden Odyssey.lnk
[2010/09/09 00:22:38 | 002,258,869 | ---- | C] () -- C:\Users\Her\Documents\myPodder User Manual.pdf
[2010/09/07 18:01:39 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\TES Construction Set (Oblivion).lnk
[2010/09/07 13:31:14 | 000,000,222 | ---- | C] () -- C:\Users\Her\Desktop\Internet Options - Shortcut.lnk
[2010/09/07 13:25:08 | 000,001,637 | ---- | C] () -- C:\Users\Her\Desktop\Paint.lnk
[2010/09/07 13:18:07 | 000,001,757 | ---- | C] () -- C:\Users\Her\Desktop\Windows Defender.lnk
[2010/09/07 13:17:39 | 000,001,661 | ---- | C] () -- C:\Users\Her\Desktop\Windows Update.lnk
[2010/09/07 13:10:39 | 000,002,571 | ---- | C] () -- C:\Users\Public\Desktop\Comcast Desktop Doctor.lnk
[2010/09/07 13:08:18 | 000,000,181 | ---- | C] () -- C:\Users\Her\Desktop\Comcast Security.url
[2010/09/07 13:08:18 | 000,000,175 | ---- | C] () -- C:\Users\Her\Desktop\Comcast Email.url
[2010/09/07 13:08:18 | 000,000,074 | ---- | C] () -- C:\Users\Her\Desktop\Ask Comcast.url
[2010/09/07 13:08:18 | 000,000,054 | ---- | C] () -- C:\Users\Her\Desktop\Comcast Help.url
[2010/09/02 10:19:45 | 000,001,404 | ---- | C] () -- C:\Users\Her\AppData\Roaming\wklnhst.dat
[2010/08/18 19:49:02 | 4024,258,560 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/05 13:13:00 | 000,000,072 | ---- | C] () -- C:\Users\Her\Documents\a1.jsf
[2010/08/05 12:27:34 | 000,001,364 | ---- | C] () -- C:\Users\Her\Desktop\Legend of ZELDA,Ocarina of Time.lnk
[2010/07/27 00:17:58 | 000,001,999 | ---- | C] () -- C:\Users\Public\Desktop\Oblivion.lnk
[2010/07/25 17:25:15 | 000,000,680 | ---- | C] () -- C:\Users\Her\AppData\Local\d3d9caps.dat
[2010/07/25 14:18:12 | 000,001,886 | ---- | C] () -- C:\Users\Her\Desktop\The Last Airbender.lnk
[2010/07/14 20:05:27 | 000,021,416 | ---- | C] () -- C:\Users\Her\Documents\test2.pk
[2010/07/14 20:03:13 | 000,682,969 | ---- | C] () -- C:\Users\Her\Documents\test2.wma
[2010/07/14 20:00:54 | 000,678,479 | ---- | C] () -- C:\Users\Her\Documents\test1.wma
[2010/05/29 03:12:14 | 136,233,564 | ---- | C] () -- C:\Users\Her\AppData\Roaming\The_Heritage_V1.0.4.0.exe
[2010/05/23 22:20:55 | 000,000,306 | ---- | C] () -- C:\Users\Her\AppData\Roaming\bbbconfig.dat
[2010/04/03 16:22:08 | 000,001,041 | ---- | C] () -- C:\Users\Her\AppData\Roaming\vso_ts_preview.xml
[2010/04/03 16:21:22 | 000,000,034 | ---- | C] () -- C:\Users\Her\AppData\Roaming\pcouffin.log
[2010/04/03 16:19:59 | 000,099,384 | ---- | C] () -- C:\Users\Her\AppData\Roaming\inst.exe
[2010/04/03 16:19:59 | 000,007,859 | ---- | C] () -- C:\Users\Her\AppData\Roaming\pcouffin.cat
[2010/04/03 16:19:59 | 000,001,167 | ---- | C] () -- C:\Users\Her\AppData\Roaming\pcouffin.inf
[2010/04/03 13:04:22 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/04/03 13:04:21 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/04/03 13:04:18 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/04/03 13:04:18 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/04/03 13:04:17 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2010/04/03 13:04:13 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/04/03 13:04:11 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/04/03 12:55:08 | 000,133,120 | ---- | C] () -- C:\Users\Her\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/15 02:13:25 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/03/15 02:12:06 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/03/11 15:35:41 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2010/03/11 15:35:30 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/03/11 15:34:52 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/03/11 15:34:15 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/03/11 15:32:26 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/03/11 02:06:02 | 000,000,000 | ---- | C] () -- C:\Users\Her\AppData\Local\QSwitch.txt
[2010/03/11 02:06:02 | 000,000,000 | ---- | C] () -- C:\Users\Her\AppData\Local\DSwitch.txt
[2010/03/11 02:06:02 | 000,000,000 | ---- | C] () -- C:\Users\Her\AppData\Local\AtStart.txt
[2010/03/11 02:06:01 | 000,000,187 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\WBCustomizer.dll
[2009/08/31 14:00:21 | 000,185,344 | ---- | C] () -- C:\Windows\SysWow64\MemWarp.dll
[2009/04/08 05:00:37 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/04/08 04:52:14 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/04/08 04:49:44 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/04/08 04:47:54 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2010/07/25 14:19:06 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\BBB
[2010/06/23 00:41:52 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\Big Fish Games
[2010/06/27 17:30:19 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\blg
[2010/09/06 17:46:31 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\Farm Mania 2
[2010/06/26 16:31:55 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\freshgames
[2010/07/08 13:14:09 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\funkitron
[2010/03/19 22:35:49 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\Games
[2010/06/11 09:44:50 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\GOA
[2010/09/23 17:07:46 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\gtk-2.0
[2010/09/07 17:12:48 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\ITTNord
[2010/06/26 12:57:21 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\iWin
[2010/09/09 14:07:27 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\LimeWire
[2010/06/22 23:23:00 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\Merscom
[2010/05/23 22:20:55 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\MysteryStudio
[2010/06/07 17:39:41 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\NevoSoft Games
[2010/07/04 18:41:55 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\PlayFirst
[2010/09/15 16:37:09 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\Playrix Entertainment
[2010/09/02 10:19:46 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\Template
[2010/06/27 17:21:17 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\Virtual City
[2010/09/20 18:45:23 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\Vso
[2010/03/22 19:19:45 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\WildTangent
[2010/10/09 10:48:07 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/08 03:30:32 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=35137384FFB6FB4B4C3063CEB5DB34BE -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_37d5e5fef5f86cf7\atapi.sys
[2008/08/16 00:49:42 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=ACA311FAC841A06E4A7EF9A0F1C195F8 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22245_none_39ba2410f320cb3a\atapi.sys
[2009/04/08 03:30:31 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=B388797CAAB36D523840347CC6A39B96 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_398211faf34b271a\atapi.sys
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/05/18 00:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 22:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 22:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:BFC41B39
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:A1023D41
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:2E224648
< End of report >

Magnus_Rexel
2010-10-09, 18:50
OTL Extras logfile created on: 10/9/2010 11:02:43 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Her\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.81 Gb Total Space | 132.37 Gb Free Space | 46.64% Space Free | Partition Type: NTFS
Drive D: | 14.28 Gb Total Space | 2.14 Gb Free Space | 15.02% Space Free | Partition Type: NTFS
Drive E: | 4.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HER-PC
Current User Name: Her
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 42 76 B0 A5 ED D0 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"Updater Service" = C:\windows\system32\drivers\safesurf.exe -- File not found
"" = C:\\windows\\system32\\drivers\\safesurf.exe:*:Enabled:Updater Service -- (JetSwap)
"C:\Windows\system32\drivers\safesurf.exe" = C:\Windows\system32\drivers\safesurf.exe:*:Enabled:Updater Service Tools -- File not found
"C:\Windows\system32\system\svchost.exe" = C:\Windows\system32\system\svchost.exe:*:Enabled:Updater Service -- File not found
"Updater Service" = C:\windows\system32\drivers\safesurf.exe -- (JetSwap)
"" = C:\\windows\\system32\\drivers\\safesurf.exe:*:Enabled:Updater Service -- (JetSwap)
"C:\Windows\system32\drivers\safesurf.exe" = C:\Windows\system32\drivers\safesurf.exe:*:Enabled:Updater Service Tools -- (JetSwap)
"C:\Windows\system32\system\svchost.exe" = C:\Windows\system32\system\svchost.exe:*:Enabled:Updater Service -- (Micro Software ©)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{057ADC8F-DECE-4642-B105-83EF2E658558}" = lport=138 | protocol=17 | dir=in | app=system |
"{08C2DF9A-AA63-47FE-86D1-55069AF44148}" = rport=445 | protocol=6 | dir=out | app=system |
"{138074C0-E703-4C68-BD11-0D39319EB77D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{33D418BB-C910-411F-A24D-4DD22687C85E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{391E95E9-86A4-4CA6-A7A0-9C29EF6FF226}" = rport=138 | protocol=17 | dir=out | app=system |
"{56BC1B86-6A28-4953-88F0-D83378F15C60}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72094588-4F19-495B-BA40-BBC692EE28C2}" = lport=445 | protocol=6 | dir=in | app=system |
"{7EBD2035-08F1-4A54-B4C8-A69DBC98AFB6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{878C4EC3-7D44-4EE1-B29A-28B3BBEF1AF8}" = rport=139 | protocol=6 | dir=out | app=system |
"{89BCD1D1-07B6-4EBF-B47E-97C30B59DE88}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9C3BAA6E-4E20-44AA-9E56-9D4AE62D903A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9D75B8BE-8705-423B-A69F-855F12F5DA9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9F01FC99-FD9B-49BB-ABED-80960B46F4CF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA9CF800-B9D6-4A04-8950-2DFEE277F272}" = lport=139 | protocol=6 | dir=in | app=system |
"{BBBBA445-5824-455A-A7B5-31C37248CADD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C5F3E77B-BBA2-411C-88CF-F6564CC7C152}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D2D190A2-CD4B-4606-9C33-4D9CD42FDD19}" = lport=137 | protocol=17 | dir=in | app=system |
"{F2E781D4-513B-4603-8E98-857EB51627AC}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FF4D69C-1A2E-4110-8F64-2392DAD8A072}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{1ADFFDEC-5258-4158-AB43-A23BBAAD4E6E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{2C204CE8-19A7-49B8-AB31-6C3313077DF0}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{38251575-B623-4215-8E20-237E4AFF03EC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{3E88366D-551C-4F76-81CA-13B6854B00D1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{3EA1662A-355D-474D-A669-C527200D436F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{5667BE04-1537-4D35-92A3-C7BBF86B2BA7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{59E85D43-ED37-41CC-B871-0230C119651D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{5F6A21AD-3D9F-47C7-BF3C-4A3A388B3D01}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{69CCE103-3F70-4C1E-9DDC-6D36DECEECAA}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{780B153C-478D-4F9F-9785-39E5ADC41F27}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{789A4E18-367D-4081-A7CB-5032FDC27340}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{797996F9-D653-49F6-8C19-D3E77CA8F421}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7A0D6560-2280-485F-95D4-AFEAC4198655}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{87BE632F-4CEF-429E-8F2D-CF1C90D3620E}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{8A599212-986B-45E0-A8D4-CD66ACF21168}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{995DE9AF-28F1-40C8-A312-869884CBB1EA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9A92E699-A5AA-4323-9315-3789EA95B71D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{A42F1971-498A-4226-9031-A2C2C72EDEF7}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{A7B5911D-AD84-4BB9-AA22-B08562DB6803}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{A7C8E8A8-20CD-4044-BC43-9CA6D31712B8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{D46B3A5F-EC6D-4804-8C8D-937971233AC1}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{E78EFCF9-FE5B-4B87-8614-E66F6286544F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{EEEAD9B3-1F39-4C5F-A891-8DA5A5B60A31}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F482D458-7404-4C61-B98E-E7A25E28F8D8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{F529D461-4EFF-45C7-9FE6-6C28F1ACF2FA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{AC9F0D86-3D86-41D0-B5A6-9B8A1FC8268B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{0C6297DA-1500-4908-903F-4A15BCF35EB8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B87BB2A8-5921-9B18-BBB5-D9A42F9CD3E1}" = ccc-utility64
"{C6CFAF5A-12F9-485E-EAD7-7FA1D3E5B943}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002471C5-6F62-D6CD-D6E5-A0F20F079B8B}" = Catalyst Control Center Localization Polish
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{03819281-0870-65EE-24B0-A7DEDE9F796A}" = Catalyst Control Center Localization Chinese Traditional
"{04F66470-CEA7-BF9A-1885-8E1A3474825A}" = CCC Help Danish
"{08062F2F-926A-D7EC-57E9-AB97AA0D7FDA}" = CCC Help Finnish
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0CAB8CDF-232E-F28F-A017-B388F41FACCB}" = CCC Help Portuguese
"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
"{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}" = HP User Guides 0129
"{150FE68F-EE0C-4867-150A-D74FECBB8448}" = Catalyst Control Center Graphics Light
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{235BBFC6-D863-4066-A01A-3BD504C31033}" = Nero 7 Ultra Edition
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{2680244D-0FBA-4856-EBE3-9D67E61EB46F}" = Catalyst Control Center Localization Spanish
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BDFE775-48C0-3E1C-895C-DACC33CC52F0}" = Catalyst Control Center Localization Greek
"{2DAD2930-DFC1-AD0F-E63D-B3E95451CD68}" = CCC Help Greek
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F59397E-50B1-3CA6-2F8C-03773D40BE3B}" = Catalyst Control Center Graphics Full New
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35CC44E6-5916-89DC-16B6-7ADE609211CE}" = Catalyst Control Center Localization Finnish
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3A9C19FE-D61C-50DA-6FAF-7FB941B538A0}" = Catalyst Control Center Localization French
"{3BAB23A6-5272-F52D-1AF0-29419F1362B4}" = Catalyst Control Center Localization Italian
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{445F6483-40DC-61B5-849D-35274D96DBA3}" = Catalyst Control Center Localization Czech
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A239818-F5F7-7AE8-9FD3-08F435ED88D0}" = Skins
"{4C17CE6E-4838-819F-01BE-7EEE6181914A}" = Catalyst Control Center Localization Norwegian
"{4C4EA31F-AE29-2517-5E92-3EFB1FD7B896}" = CCC Help Hungarian
"{527CF1CA-D98B-504D-833B-69DA9A8A5AD6}" = CCC Help Czech
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5B99A0A7-0B21-2CD6-474D-8D67177BD4D6}" = Catalyst Control Center Localization Dutch
"{5CFE0191-1ECE-7BD5-8AEF-069ED59A01BB}" = Catalyst Control Center Localization Korean
"{6244BAF3-F26D-A695-1EF6-D9A3C0A6DAA1}" = Catalyst Control Center Graphics Previews Common
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{6570A194-A52D-9F23-EA48-90D7C6F20BE9}" = Catalyst Control Center Localization Swedish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{666F0B45-78DA-FAA3-AB14-43CAEEA3D475}" = Catalyst Control Center Localization Russian
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66B6555E-07BF-3FCB-191F-BCD75650F1F2}" = CCC Help Italian
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{67F6A6BA-E225-4BF5-8E7C-BB4AE25EDCBC}" = Catalyst Control Center InstallProxy
"{69E1907C-E9EA-7A5A-79ED-47FF2B5BFDFB}" = Catalyst Control Center Localization Danish
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{6E09365C-5085-48BC-B97C-EF8F6D68AF1C}" = Farm Mania 2
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{750B354A-BF46-45E0-86D6-620026703B92}" = Nancy Drew: The Haunted Carousel
"{75D0438A-55FB-DD38-0745-5D370179CAC7}" = CCC Help French
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{793C0C7E-7977-C9B5-B427-FDF95F2D1636}" = Catalyst Control Center Localization Hungarian
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{7CA1269D-86E6-91A8-DD66-9CF6838821BF}" = Catalyst Control Center Localization Portuguese
"{812C53D9-39EC-0511-04E4-5430A4747FB5}" = CCC Help German
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A1940302-F0F9-132F-C521-A5D0E24FAC1D}" = CCC Help Thai
"{A2315CF8-E14F-FA46-B1F1-20E0E5483ADB}" = Catalyst Control Center Localization Thai
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A8411EDB-6A00-8D1A-584B-7A932F44A0C9}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5CD4CF-3802-623E-AD97-D188785EF411}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}" = Hoyle Card Games 2005
"{B9275904-9237-94A3-2144-E3D6A62B57E9}" = CCC Help Turkish
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C48EB957-0CCB-D590-AB3F-B3F8A14ECC2F}" = Catalyst Control Center Graphics Full Existing
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBA7FD59-19A7-5724-5646-CF307326CC18}" = Catalyst Control Center Core Implementation
"{CC7A4274-E6F2-2351-DA6A-07AB73896609}" = CCC Help Norwegian
"{CD7D2C01-F3C8-4127-325D-49853FCCDB62}" = Catalyst Control Center Localization German
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D1E7EA15-5F96-728C-AF32-E1CFF8F9CE44}" = CCC Help Swedish
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D47419B2-62BD-6B53-A96F-7E2F6F3D50C0}" = Catalyst Control Center Localization Turkish
"{D62C79B5-44E0-DEC0-AF01-6A1404E093E9}" = CCC Help Spanish
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E12F2B78-CF64-2438-391F-3D3411A6E193}" = CCC Help English
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5C3A144-0F9B-8F3E-F1A3-2BB7B26014A6}" = ccc-core-static
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{E8B11A27-5CA6-748E-0F68-159CCF789DF3}" = CCC Help Dutch
"{ED65A382-3F80-D5A8-CCE0-DAB59D85CA91}" = CCC Help Russian
"{EDBB71B2-3C17-4EA5-ED91-E2EA5C2305CF}" = CCC Help Korean
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F250EA7A-F117-2CCE-03E7-BB62C2BF476C}" = Catalyst Control Center Graphics Previews Vista
"{F2A2CB3E-C1F4-4594-90C1-00E744BE5B85}" = Mega Sudoku Plus
"{F31E534B-4199-4552-8154-5C130710D68E}" = HP Total Care Advisor
"{F38CC586-4703-CE3C-F466-D7821E87926A}" = Catalyst Control Center Localization Chinese Standard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F62F62BD-E5C5-56E3-6CF6-00407B743E32}" = CCC Help Chinese Traditional
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FAF7448B-7AB8-8C58-745E-1551CB481C3D}" = CCC Help Chinese Standard
"{FDE3DBB7-AA79-AA91-ABE9-3696883FAB20}" = Catalyst Control Center Localization Japanese
"16 Big Fish Games" = 16 Big Fish Games
"ABC Amber LIT Converter" = ABC Amber LIT Converter
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Best Buy Digital Music Store" = Best Buy Digital Music Store
"Blood Oath 1.00" = Blood Oath 1.00
"Bookworm Adventures - Fractured Fairytales1.0" = Bookworm Adventures - Fractured Fairytales
"Bookworm Adventures 21.0" = Bookworm Adventures 2
"Bookworm Adventures Astounding Planet1.0" = Bookworm Adventures Astounding Planet
"Bookworm Adventures Deluxe 1.00" = Bookworm Adventures Deluxe 1.00
"Bookworm Adventures The Monkey King1.0" = Bookworm Adventures The Monkey King
"Build a Lot 5 Elizabethan Era1.0" = Build a Lot 5 Elizabethan Era
"Chocolatier % CompanyName%" = Chocolatier % CompanyName%
"Chocolatier 2 - Secret Ingredients % CompanyName%" = Chocolatier 2 - Secret Ingredients % CompanyName%
"Chocolatier Decadence by Design % CompanyName%" = Chocolatier Decadence by Design % CompanyName%
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cooking Academy" = Cooking Academy
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"ERUNT_is1" = ERUNT 1.1j
"Farm Craft 2 Just For Fun Games" = Farm Craft 2 Just For Fun Games
"Farm Craft1.0.5" = Farm Craft
"Farm Frenzy 3 Russian Roulette 1.0" = Farm Frenzy 3 Russian Roulette 1.0
"Farm Frenzy Gone FishingJust For Fun Games" = Farm Frenzy Gone FishingJust For Fun Games
"Farm Mania1.0" = Farm Mania
"Farmers MarketJust For Fun Games" = Farmers MarketJust For Fun Games
"Fashion Apprentice" = Fashion Apprentice
"Fashion Solitaire1.0" = Fashion Solitaire
"Fishdom" = Fishdom
"Fishdom H2O Hidden OdysseyJust For Fun Games" = Fishdom H2O Hidden OdysseyJust For Fun Games
"FishdomJust For Fun Games" = FishdomJust For Fun Games
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP.MediaSmartSlingPlayer_is1" = HP MediaSmart SlingPlayer
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Jewelleria1.0" = Jewelleria
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.8.3
"Legend of Zelda, The Ocarina of Time 1.10" = Legend of Zelda, The Ocarina of Time 1.10
"LIFE QUEST Final" = LIFE QUEST Final
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"My Life StoryJust For Fun Games" = My Life StoryJust For Fun Games
"MyFreeCodec" = MyFreeCodec
"Mystery P.I. - The Lottery Ticket 1.0.0.5" = Mystery P.I. - The Lottery Ticket 1.0.0.5
"Mystery PI The Vegas Heist 1.00" = Mystery PI The Vegas Heist 1.00
"N360" = Norton Security Suite
"Plantasia Just For Fun Games" = Plantasia Just For Fun Games
"Rachel's RetreatJust For Fun Games" = Rachel's RetreatJust For Fun Games
"Ranch Rush 2 Collectors Edition 1.0" = Ranch Rush 2 Collectors Edition 1.0
"Slingo Quest EgyptJust For Fun Games" = Slingo Quest EgyptJust For Fun Games
"Spa Mania % CompanyName%" = Spa Mania % CompanyName%
"The Last Airbender Just For Fun Games" = The Last Airbender Just For Fun Games
"Tradewinds Caravans1.0" = Tradewinds Caravans
"Tradewinds Odyssey 1.00" = Tradewinds Odyssey 1.00
"Virtual City % CompanyName%" = Virtual City % CompanyName%
"Virtual Villagers 4 The Tree Of Life" = Virtual Villagers 4 The Tree Of Life
"Westward 21.0" = Westward 2
"Westward III Gold Rush1.000" = Westward III Gold Rush
"WildTangent hp Master Uninstall" = My HP Games
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WT016060" = Penguins!
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Zynga Toolbar" = Zynga Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/9/2010 11:24:01 AM | Computer Name = Her-PC | Source = svchost.exe | ID = 0
Description =

Error - 10/9/2010 11:24:06 AM | Computer Name = Her-PC | Source = svchost.exe | ID = 0
Description =

Error - 10/9/2010 11:24:11 AM | Computer Name = Her-PC | Source = svchost.exe | ID = 0
Description =

Error - 10/9/2010 11:24:16 AM | Computer Name = Her-PC | Source = svchost.exe | ID = 0
Description =

Error - 10/9/2010 11:24:21 AM | Computer Name = Her-PC | Source = svchost.exe | ID = 0
Description =

Error - 10/9/2010 11:24:26 AM | Computer Name = Her-PC | Source = svchost.exe | ID = 0
Description =

Error - 10/9/2010 11:24:31 AM | Computer Name = Her-PC | Source = svchost.exe | ID = 0
Description =

Error - 10/9/2010 11:24:36 AM | Computer Name = Her-PC | Source = svchost.exe | ID = 0
Description =

Error - 10/9/2010 11:24:41 AM | Computer Name = Her-PC | Source = svchost.exe | ID = 0
Description =

Error - 10/9/2010 11:24:46 AM | Computer Name = Her-PC | Source = svchost.exe | ID = 0
Description =

[ System Events ]
Error - 7/6/2010 11:21:39 AM | Computer Name = Her-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0428)
disappeared from the system without first being prepared for removal.

Error - 7/6/2010 5:20:24 PM | Computer Name = Her-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 174.53.66.77 for the Network Card with network
address 0026229A23F5 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 7/6/2010 10:44:22 PM | Computer Name = Her-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0028)
disappeared from the system without first being prepared for removal.

Error - 7/6/2010 10:44:22 PM | Computer Name = Her-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0228)
disappeared from the system without first being prepared for removal.

Error - 7/6/2010 10:44:22 PM | Computer Name = Her-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0328)
disappeared from the system without first being prepared for removal.

Error - 7/6/2010 10:44:22 PM | Computer Name = Her-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0428)
disappeared from the system without first being prepared for removal.

Error - 7/6/2010 10:52:10 PM | Computer Name = Her-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0028)
disappeared from the system without first being prepared for removal.

Error - 7/6/2010 10:52:10 PM | Computer Name = Her-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0228)
disappeared from the system without first being prepared for removal.

Error - 7/6/2010 10:52:10 PM | Computer Name = Her-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0328)
disappeared from the system without first being prepared for removal.

Error - 7/6/2010 10:52:10 PM | Computer Name = Her-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0428)
disappeared from the system without first being prepared for removal.


< End of report >

Magnus_Rexel
2010-10-09, 18:56
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4785

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

10/9/2010 10:45:50 AM
mbam-log-2010-10-09 (10-45-50).txt

Scan type: Quick scan
Objects scanned: 143625
Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\ICH.exe (Spyware.Password) -> Quarantined and deleted successfully.

ken545
2010-10-09, 20:17
Hi,

What you have is a bunch of garbage that looks like you got from downloading from Facebook


Zynga Toolbar <--This falls somewhere in the gray area, I would uninstall it via Programs and Features in the Control Panel


Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL


:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\drivers\safesurf.exe (JetSwap)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [jsafesurf] C:\Windows\SysWOW64\drivers\safesurf.exe (JetSwap)
[2010/09/21 01:21:42 | 000,019,456 | ---- | C] (JetSwap) -- C:\Windows\SysWow64\drivers\surfguard.exe
[2010/10/07 18:33:30 | 000,211,968 | ---- | M] (JetSwap) -- C:\Windows\SysWow64\drivers\safesurf.exe
[2010/10/07 18:33:30 | 000,019,456 | ---- | M] (JetSwap) -- C:\Windows\SysWow64\drivers\surfguard.exe
[2010/10/07 17:01:05 | 000,016,896 | ---- | M] (JetSwap) -- C:\Windows\SysWow64\drivers\up.exe
[2010/09/08 11:04:15 | 000,419,188 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100921-205614.backup

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"Updater Service" =-
"C:\Windows\system32\drivers\safesurf.exe" =-

:Services


:Files

:Commands
[purity]
[emptytemp]
[start explorer]
[RESETHOSTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the results of the log and a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Magnus_Rexel
2010-10-09, 23:58
OK firs off I think something went wrong.

By the way thanks for the help so far. :)

Now. I folled the latest instrutions and at the end of the fix I got this:

All processes killed
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[start explorer]> in the current context!
Error: Unable to interpret <[RESETHOSTS]> in the current context!
Error: Unable to interpret <[Reboot]> in the current context!

OTL by OldTimer - Version 3.2.14.1 log created on 10092010_154903

Files\Folders moved on Reboot...
C:\Users\Her\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...

Then when it went to reboot it warned mr that task manager was trying to kill some processes and asked me to cancel or wait.
After a few minuits that went away and then all the icons on my desktop vanished like it was going to restart, but it frose all except the mouse.
It sat there froze for over 30 minuits. So I finally held down the power button to do a hard restart.
I got the "start windows normally" and i let it start up.

So once it started up and loaded everything I ran OTL again as instructed and got this:

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Process safesurf.exe killed successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jsafesurf deleted successfully.
C:\Windows\SysWOW64\drivers\safesurf.exe moved successfully.
C:\Windows\SysWOW64\drivers\surfguard.exe moved successfully.
File C:\Windows\SysWow64\drivers\safesurf.exe not found.
File C:\Windows\SysWow64\drivers\surfguard.exe not found.
C:\Windows\SysWOW64\drivers\up.exe moved successfully.
File C:\Windows\SysNative\drivers\etc\hosts.20100921-205614.backup not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\Updater Service not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\system32\drivers\safesurf.exe not found.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Her
->Temp folder emptied: 32235 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 15328111 bytes
->Flash cache emptied: 195830 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 96114475 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 107.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.14.1 log created on 10092010_162247

Files\Folders moved on Reboot...
C:\Users\Her\AppData\Local\Temp\ehmsas.txt moved successfully.
File\Folder C:\Windows\temp\TMP0000004D261D758781468CE5 not found!
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

I don't know if all of this was supposed to get rid of the jetswap, safesurf, safeguard, up.new.exe and up.exe, but they are all still there.

So there you go. Hope this info lets you know something about what is going on and what to do next.

Thanks again.

ken545
2010-10-10, 02:08
Hi. Run OTL and post a new log please

Magnus_Rexel
2010-10-10, 18:43
Wow sorry my spelling was so horrible in my last post. I need to remember not to post while so sleepy after working a double shift.

Anyway I'm not sure what is going on but every time I run OTL and it asks at the end if I want to restart when I say OK I get this blue screen saying something like "something caused a critical task to stop running and windows needs to shut down" and at the bottom it says "dumping physical memory" then it restarts. Then as it is restarting I get the "choose restart option" and "start windows normally" then it takes a long time for windows to start up.

Here is the most recent OTL log.

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Process safesurf.exe killed successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jsafesurf deleted successfully.
C:\Windows\SysWOW64\drivers\safesurf.exe moved successfully.
C:\Windows\SysWOW64\drivers\surfguard.exe moved successfully.
File C:\Windows\SysWow64\drivers\safesurf.exe not found.
File C:\Windows\SysWow64\drivers\surfguard.exe not found.
C:\Windows\SysWOW64\drivers\up.exe moved successfully.
File C:\Windows\SysNative\drivers\etc\hosts.20100921-205614.backup not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\Updater Service not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\system32\drivers\safesurf.exe not found.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Her
->Temp folder emptied: 33685 bytes
->Temporary Internet Files folder emptied: 67224 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42795504 bytes
->Flash cache emptied: 1459 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 91536456 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 128.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.14.1 log created on 10102010_110316

Files\Folders moved on Reboot...
File\Folder C:\Users\Her\AppData\Local\Temp\ehmsas.txt not found!
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

ken545
2010-10-10, 18:48
Hi,

Sorry for the confusion, I just wanted you to run OTL ( not the fix ) and post a new log. You don't have to add any of the script you did when you first initially ran it. I just want to see a new log

Magnus_Rexel
2010-10-10, 20:18
Ahh I see.

OK here is the new log. Minimal Output, Past 30 days, No LOP or Purity Check.

OTL logfile created on: 10/10/2010 12:48:47 PM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Her\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.81 Gb Total Space | 133.74 Gb Free Space | 47.12% Space Free | Partition Type: NTFS
Drive D: | 14.28 Gb Total Space | 2.14 Gb Free Space | 15.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HER-PC
Current User Name: Her
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Her\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\drivers\safesurf.exe (JetSwap)
PRC - C:\Windows\SysWOW64\system\svchost.exe (Micro Software ©)
PRC - C:\Windows\SysWOW64\system\svchost.exe (Micro Software ©)
PRC - C:\Windows\SysWOW64\system\svchost.exe (Micro Software ©)
PRC - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Her\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\asoehook.dll (Symantec Corporation)
MOD - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\N360x64\0402000.00C\SYMTDIV.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Ironx64.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\N360x64\0402000.00C\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ccHPx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\SYMDS64.SYS (Symantec Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (NETw3v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101009.002\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101009.002\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101008.002\IDSviA64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net?cid=NET_mmhpset
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/06/05 11:01:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/05/10 15:06:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/17 10:18:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/17 10:18:56 | 000,000,000 | ---D | M]

[2010/05/11 12:27:53 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\Mozilla\Extensions
[2010/04/09 15:34:16 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/09 22:10:14 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\Mozilla\Firefox\Profiles\q3806ah3.default\extensions
[2010/05/24 12:55:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Her\AppData\Roaming\Mozilla\Firefox\Profiles\q3806ah3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/09 17:53:21 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Her\AppData\Roaming\Mozilla\Firefox\Profiles\q3806ah3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/09/07 17:03:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Her\AppData\Roaming\Mozilla\Firefox\Profiles\q3806ah3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/11 12:34:04 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Her\AppData\Roaming\Mozilla\Firefox\Profiles\q3806ah3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/09/12 08:12:06 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\Mozilla\Firefox\Profiles\q3806ah3.default\extensions\personas@christopher.beard
[2010/09/07 15:54:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/07 15:54:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/10 11:03:44 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [jsafesurf] C:\Windows\SysWOW64\drivers\safesurf.exe (JetSwap)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Her\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: comcast.com ([activation3] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Her\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Her\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2fed85c4-2d46-11df-9324-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2fed85c4-2d46-11df-9324-806e6f6e6963}\Shell\AutoRun\command - "" = E:\OblivionLauncher.exe -- File not found
O33 - MountPoints2\{4b80defd-9754-11df-ae0b-0026229a23f5}\Shell\AutoRun\command - "" = H:\podcastready.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/10 11:14:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache
[2010/10/10 11:12:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\dictionaries
[2010/10/10 11:12:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\fonts
[2010/10/10 11:12:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\entityTables
[2010/10/10 11:12:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig
[2010/10/10 11:12:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\pref
[2010/10/10 11:12:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\modules
[2010/10/10 11:12:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\greprefs
[2010/10/10 11:12:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US
[2010/10/10 11:12:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\html
[2010/10/10 11:12:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\dtd
[2010/10/10 11:12:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome
[2010/10/10 11:12:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome
[2010/10/10 11:12:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\chrome
[2010/10/10 11:12:40 | 009,799,128 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\xul.dll
[2010/10/10 11:12:40 | 000,710,104 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\mozcrt19.dll
[2010/10/10 11:12:40 | 000,701,400 | ---- | C] (Netscape Communications Corporation) -- C:\Windows\SysWow64\drivers\f\1\js3250.dll
[2010/10/10 11:12:40 | 000,632,280 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nss3.dll
[2010/10/10 11:12:40 | 000,443,352 | ---- | C] (sqlite.org) -- C:\Windows\SysWow64\drivers\f\1\sqlite3.dll
[2010/10/10 11:12:40 | 000,316,888 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nssckbi.dll
[2010/10/10 11:12:40 | 000,249,856 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\freebl3.dll
[2010/10/10 11:12:40 | 000,198,104 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nspr4.dll
[2010/10/10 11:12:40 | 000,155,648 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\softokn3.dll
[2010/10/10 11:12:40 | 000,136,664 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\ssl3.dll
[2010/10/10 11:12:40 | 000,103,896 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\smime3.dll
[2010/10/10 11:12:40 | 000,098,304 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nssdbm3.dll
[2010/10/10 11:12:40 | 000,087,512 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nssutil3.dll
[2010/10/10 11:12:40 | 000,065,496 | ---- | C] (mozilla.org) -- C:\Windows\SysWow64\drivers\f\1\plugins\npnul32.dll
[2010/10/10 11:12:40 | 000,020,440 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\plc4.dll
[2010/10/10 11:12:40 | 000,017,880 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\xpcom.dll
[2010/10/10 11:12:40 | 000,017,368 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\plds4.dll
[2010/10/10 11:12:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\plugins
[2010/10/10 11:12:39 | 000,134,616 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\components\brwsrcmp.dll
[2010/10/10 11:12:39 | 000,023,000 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\components\browserdirprovider.dll
[2010/10/10 11:12:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res
[2010/10/10 11:12:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile
[2010/10/10 11:12:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults
[2010/10/10 11:12:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\components
[2010/10/10 11:12:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1
[2010/10/10 11:03:49 | 000,019,456 | ---- | C] (JetSwap) -- C:\Windows\SysWow64\drivers\surfguard.exe
[2010/10/09 15:48:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/09 10:53:55 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\Her\Desktop\OTL.exe
[2010/10/09 10:23:16 | 000,000,000 | ---D | C] -- C:\Users\Her\AppData\Roaming\Malwarebytes
[2010/10/09 10:23:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/09 10:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/09 10:23:02 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/09 10:23:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/09 08:15:47 | 000,000,000 | ---D | C] -- C:\Users\Her\AppData\Local\MediaSmart DVD
[2010/10/09 01:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Reflexive
[2010/10/08 23:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\GameHouse
[2010/10/08 23:59:11 | 000,000,000 | ---D | C] -- C:\Windows\Bookworm Adventures The Monkey King
[2010/10/08 23:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bookworm Adventures The Monkey King
[2010/10/08 23:58:35 | 000,000,000 | ---D | C] -- C:\Windows\Bookworm Adventures Astounding Planet
[2010/10/08 23:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bookworm Adventures Astounding Planet
[2010/10/08 23:58:02 | 000,000,000 | ---D | C] -- C:\Windows\Bookworm Adventures - Fractured Fairytales
[2010/10/08 23:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bookworm Adventures - Fractured Fairytales
[2010/10/08 23:57:17 | 000,000,000 | ---D | C] -- C:\Windows\Bookworm Adventures 2
[2010/10/08 23:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bookworm Adventures 2
[2010/10/08 17:53:44 | 000,000,000 | ---D | C] -- C:\a7de5374e6ac4e466db96ed94b894779
[2010/10/01 16:51:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Farm Frenzy Gone Fishing
[2010/10/01 08:03:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/01 08:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/09/21 22:14:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/09/21 21:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/09/21 21:07:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/09/21 21:07:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/09/21 21:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/09/21 21:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/09/21 20:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/09/21 01:40:15 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/09/21 01:22:01 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\drivers\%APPDATA%\Microsoft\Windows
[2010/09/21 01:22:01 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\drivers\%APPDATA%\Microsoft
[2010/09/21 01:22:01 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\drivers\%APPDATA%\Microsoft\Windows\IETldCache
[2010/09/21 01:22:01 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\drivers\%APPDATA%
[2010/09/21 01:21:55 | 000,000,000 | ---D | C] -- C:\Windows\Mozilla
[2010/09/21 01:21:42 | 000,158,720 | ---- | C] (Skybound Software (http://www.skybound.ca)) -- C:\Windows\SysWow64\drivers\skybound.gecko.dll
[2010/09/21 01:21:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f
[2010/09/21 01:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Farm Fishes
[2010/09/21 01:20:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\system
[2010/09/21 01:20:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\webem
[2010/09/21 01:17:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alawar
[2010/09/19 19:50:26 | 000,000,000 | ---D | C] -- C:\Users\Her\AppData\Roaming\Apple Computer
[2010/09/18 15:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Farmers Market
[2010/09/16 10:36:30 | 000,000,000 | ---D | C] -- C:\Users\Her\AppData\Local\Yahoo
[2010/09/16 10:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/09/16 10:34:52 | 000,000,000 | ---D | C] -- C:\Users\Her\AppData\Roaming\Yahoo!
[2010/09/16 10:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/09/16 10:32:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/09/15 16:11:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fishdom Spooky Splash
[2010/09/15 16:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fishdom H2O Hidden Odyssey
[2010/09/15 16:10:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fishdom H20 Hidden Odyssey
[2010/09/15 16:09:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fishdom
[2010/09/15 13:07:16 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2010/09/15 13:07:16 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/09/15 13:07:07 | 000,621,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2010/04/03 16:19:59 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Her\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/10/10 12:49:52 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/10 12:48:44 | 006,815,744 | -HS- | M] () -- C:\Users\Her\NTUSER.DAT
[2010/10/10 11:49:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/10 11:13:16 | 000,016,384 | -HS- | M] () -- C:\Windows\SysWow64\drivers\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
[2010/10/10 11:13:01 | 000,142,385 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\1\components\compreg.dat
[2010/10/10 11:13:00 | 000,102,022 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\1\components\xpti.dat
[2010/10/10 11:10:33 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/10 11:10:32 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/10 11:10:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/10 11:10:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/10 11:10:16 | 4024,258,560 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/10 11:05:48 | 731,324,207 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/10 11:03:55 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/10/10 11:03:52 | 000,065,536 | -HS- | M] () -- C:\Users\Her\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/10/10 11:03:51 | 000,524,288 | -HS- | M] () -- C:\Users\Her\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/10/10 11:03:49 | 004,889,440 | -H-- | M] () -- C:\Users\Her\AppData\Local\IconCache.db
[2010/10/10 11:03:44 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/10/10 00:59:13 | 000,132,608 | ---- | M] () -- C:\Users\Her\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/09 10:53:58 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Her\Desktop\OTL.exe
[2010/10/09 10:23:08 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/08 23:59:17 | 000,002,051 | ---- | M] () -- C:\Users\Her\Desktop\Bookworm Adventures The Monkey King.lnk
[2010/10/08 23:58:41 | 000,002,069 | ---- | M] () -- C:\Users\Her\Desktop\Bookworm Adventures Astounding Planet.lnk
[2010/10/08 23:58:08 | 000,002,114 | ---- | M] () -- C:\Users\Her\Desktop\Bookworm Adventures Fractured Fairytales.lnk
[2010/10/08 23:57:29 | 000,001,848 | ---- | M] () -- C:\Users\Her\Desktop\Bookworm Adventures Vol.2.lnk
[2010/10/08 23:56:24 | 000,002,072 | ---- | M] () -- C:\Users\Her\Desktop\Bookworm Adventures Deluxe.lnk
[2010/10/07 18:33:30 | 000,211,968 | ---- | M] (JetSwap) -- C:\Windows\SysWow64\drivers\safesurf.exe
[2010/10/07 18:33:30 | 000,019,456 | ---- | M] (JetSwap) -- C:\Windows\SysWow64\drivers\surfguard.exe
[2010/10/07 16:41:33 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHer.job
[2010/10/01 16:51:58 | 000,001,075 | ---- | M] () -- C:\Users\Her\Desktop\Farm Frenzy Gone Fishing.lnk
[2010/10/01 08:43:25 | 000,003,234 | ---- | M] () -- C:\Users\Her\Documents\Attach.zip
[2010/10/01 08:01:32 | 000,000,943 | ---- | M] () -- C:\Users\Her\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/01 08:00:55 | 000,000,763 | ---- | M] () -- C:\Users\Her\Desktop\NTREGOPT.lnk
[2010/10/01 08:00:55 | 000,000,744 | ---- | M] () -- C:\Users\Her\Desktop\ERUNT.lnk
[2010/09/23 17:07:46 | 000,003,347 | ---- | M] () -- C:\Users\Her\.recently-used.xbel
[2010/09/23 01:55:40 | 000,419,434 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100930-181641.backup
[2010/09/22 13:42:33 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/22 13:42:33 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/22 13:42:33 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/21 20:56:14 | 000,419,366 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100923-015540.backup
[2010/09/21 18:05:26 | 000,001,404 | ---- | M] () -- C:\Users\Her\AppData\Roaming\wklnhst.dat
[2010/09/21 01:21:38 | 009,655,677 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\jet.exe
[2010/09/21 01:20:50 | 000,004,286 | ---- | M] () -- C:\Windows\SysWow64\ico.ico
[2010/09/21 01:17:45 | 000,001,738 | ---- | M] () -- C:\Users\Her\Desktop\Alawar Games.lnk
[2010/09/20 18:45:23 | 000,001,041 | ---- | M] () -- C:\Users\Her\AppData\Roaming\vso_ts_preview.xml
[2010/09/19 08:56:26 | 000,000,680 | ---- | M] () -- C:\Users\Her\AppData\Local\d3d9caps.dat
[2010/09/18 15:49:20 | 000,000,945 | ---- | M] () -- C:\Users\Her\Desktop\Farmers Market.lnk
[2010/09/16 10:34:30 | 000,000,996 | ---- | M] () -- C:\Users\Her\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/09/16 10:34:30 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/09/15 16:15:11 | 000,001,868 | ---- | M] () -- C:\Users\Her\Desktop\Fishdom (2).lnk
[2010/09/15 16:10:47 | 000,001,043 | ---- | M] () -- C:\Users\Her\Desktop\Fishdom H2O Hidden Odyssey.lnk
[2010/09/15 16:09:53 | 000,000,848 | ---- | M] () -- C:\Users\Her\Desktop\Fishdom.lnk
[2010/09/13 23:35:07 | 000,001,127 | ---- | M] () -- C:\Users\Her\Desktop\Spybot - Search & Destroy.lnk

Magnus_Rexel
2010-10-10, 20:18
========== Files Created - No Company Name ==========

[2010/10/10 12:24:17 | 000,066,541 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\523C1183d01
[2010/10/10 12:24:08 | 000,021,715 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\52511183d01
[2010/10/10 12:23:51 | 000,033,155 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\52501183d01
[2010/10/10 12:23:44 | 000,018,781 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\52461183d01
[2010/10/10 12:23:39 | 000,040,149 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F0920FABd01
[2010/10/10 12:23:34 | 000,035,899 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\234B06F1d01
[2010/10/10 12:23:10 | 000,062,999 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\FA7C91AAd01
[2010/10/10 12:23:02 | 000,033,118 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\57C46313d01
[2010/10/10 12:22:53 | 000,036,064 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\105D09C7d01
[2010/10/10 12:11:46 | 000,031,224 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\75A97AAFd01
[2010/10/10 12:11:46 | 000,019,417 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\7CE02616d01
[2010/10/10 12:11:45 | 000,022,622 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5F9659FEd01
[2010/10/10 12:11:44 | 000,199,801 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\560A9114d01
[2010/10/10 12:11:43 | 000,072,174 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3CC6FF20d01
[2010/10/10 12:11:43 | 000,031,544 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\830849E5d01
[2010/10/10 11:47:16 | 000,026,577 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F873460Dd01
[2010/10/10 11:47:16 | 000,026,113 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\9873460Ed01
[2010/10/10 11:47:16 | 000,026,038 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B873460Dd01
[2010/10/10 11:47:16 | 000,025,769 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D873460Dd01
[2010/10/10 11:47:16 | 000,024,278 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0873460Dd01
[2010/10/10 11:47:16 | 000,022,758 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E873460Dd01
[2010/10/10 11:47:16 | 000,022,017 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C873460Dd01
[2010/10/10 11:47:16 | 000,017,141 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1873460Dd01
[2010/10/10 11:47:15 | 000,048,158 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D873460Cd01
[2010/10/10 11:47:15 | 000,040,328 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C873460Cd01
[2010/10/10 11:47:15 | 000,028,529 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B873460Cd01
[2010/10/10 11:47:15 | 000,028,191 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F873460Cd01
[2010/10/10 11:47:15 | 000,027,394 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8873460Dd01
[2010/10/10 11:47:15 | 000,027,256 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E873460Cd01
[2010/10/10 11:47:15 | 000,024,640 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\A873460Dd01
[2010/10/10 11:47:15 | 000,023,548 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\9873460Dd01
[2010/10/10 11:47:15 | 000,023,197 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0873460Cd01
[2010/10/10 11:47:14 | 000,046,559 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\A873460Cd01
[2010/10/10 11:47:14 | 000,046,510 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8873460Cd01
[2010/10/10 11:47:14 | 000,026,117 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1873460Cd01
[2010/10/10 11:47:13 | 000,046,752 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B873460Bd01
[2010/10/10 11:47:13 | 000,046,202 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D873460Bd01
[2010/10/10 11:47:13 | 000,044,614 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F873460Bd01
[2010/10/10 11:47:13 | 000,044,545 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C873460Bd01
[2010/10/10 11:47:13 | 000,044,513 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\9873460Bd01
[2010/10/10 11:47:13 | 000,044,194 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\A873460Bd01
[2010/10/10 11:47:13 | 000,043,629 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0873460Bd01
[2010/10/10 11:47:13 | 000,041,313 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E873460Bd01
[2010/10/10 11:47:13 | 000,038,323 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\9873460Cd01
[2010/10/10 11:47:13 | 000,036,624 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1873460Bd01
[2010/10/10 11:47:13 | 000,027,861 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8873460Bd01
[2010/10/10 11:47:12 | 000,046,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F873460Ad01
[2010/10/10 11:47:12 | 000,045,128 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C873460Ad01
[2010/10/10 11:47:12 | 000,043,697 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E873460Ad01
[2010/10/10 11:47:12 | 000,042,716 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\A873460Ad01
[2010/10/10 11:47:12 | 000,041,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1873460Ad01
[2010/10/10 11:47:12 | 000,041,581 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8873460Ad01
[2010/10/10 11:47:12 | 000,040,917 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0873460Ad01
[2010/10/10 11:47:12 | 000,037,023 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D873460Ad01
[2010/10/10 11:47:12 | 000,035,783 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B873460Ad01
[2010/10/10 11:47:12 | 000,028,523 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\9873460Ad01
[2010/10/10 11:47:11 | 000,048,982 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F8734609d01
[2010/10/10 11:47:11 | 000,044,465 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F42F11D1d01
[2010/10/10 11:47:11 | 000,044,221 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\08734609d01
[2010/10/10 11:47:11 | 000,043,375 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E8734609d01
[2010/10/10 11:47:11 | 000,042,559 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\18734609d01
[2010/10/10 11:47:11 | 000,027,415 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D8734609d01
[2010/10/10 11:47:11 | 000,027,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C8734609d01
[2010/10/10 11:47:11 | 000,026,482 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B8734609d01
[2010/10/10 11:47:11 | 000,024,318 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\88734609d01
[2010/10/10 11:47:11 | 000,023,561 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\A8734609d01
[2010/10/10 11:47:10 | 000,046,847 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\98734609d01
[2010/10/10 11:47:10 | 000,043,641 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\142F11D1d01
[2010/10/10 11:47:10 | 000,043,186 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C42F11D1d01
[2010/10/10 11:47:10 | 000,034,867 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E42F11D1d01
[2010/10/10 11:47:10 | 000,027,507 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\842F11D1d01
[2010/10/10 11:47:10 | 000,026,195 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\A42F11D1d01
[2010/10/10 11:47:10 | 000,025,015 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B42F11D1d01
[2010/10/10 11:47:10 | 000,020,758 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D42F11D1d01
[2010/10/10 11:47:07 | 000,046,356 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\042F3FB1d01
[2010/10/10 11:47:07 | 000,038,061 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F871E60Bd01
[2010/10/10 11:47:07 | 000,030,228 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C2E68C9Dd01
[2010/10/10 11:47:07 | 000,026,958 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E42FEA51d01
[2010/10/10 11:47:07 | 000,026,355 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D877A609d01
[2010/10/10 11:47:07 | 000,026,198 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8877A509d01
[2010/10/10 11:47:07 | 000,024,476 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\842F4E91d01
[2010/10/10 11:47:06 | 000,044,171 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\042F11D1d01
[2010/10/10 11:47:06 | 000,042,890 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F42F3F81d01
[2010/10/10 11:47:06 | 000,033,983 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B42FF9A1d01
[2010/10/10 11:47:06 | 000,031,541 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E4EA4663d01
[2010/10/10 11:47:06 | 000,029,953 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E42FFE81d01
[2010/10/10 11:47:06 | 000,028,942 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3AF49674d01
[2010/10/10 11:47:06 | 000,026,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B87CA50Ad01
[2010/10/10 11:47:06 | 000,024,591 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\842F4ED1d01
[2010/10/10 11:47:06 | 000,023,633 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E87CB009d01
[2010/10/10 11:47:06 | 000,022,839 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E4EAD7A3d01
[2010/10/10 11:47:06 | 000,022,010 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\842F6E41d01
[2010/10/10 11:47:06 | 000,020,794 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E4EAB653d01
[2010/10/10 11:47:02 | 000,035,935 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\6AD541BEd01
[2010/10/10 11:47:01 | 000,030,279 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3689F6D2d01
[2010/10/10 11:47:01 | 000,025,885 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\34B09D01d01
[2010/10/10 11:46:50 | 000,022,500 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\59D0BAD7d01
[2010/10/10 11:46:50 | 000,020,455 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\209C704Bd01
[2010/10/10 11:46:50 | 000,018,005 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\57925842d01
[2010/10/10 11:46:50 | 000,017,865 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\78F6DC3Cd01
[2010/10/10 11:46:49 | 000,140,878 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5FAD1E82d01
[2010/10/10 11:46:48 | 000,022,487 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3B3679F0d01
[2010/10/10 11:46:44 | 000,020,717 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\97E4B5E0d01
[2010/10/10 11:46:43 | 000,020,908 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\27A7D51Ed01
[2010/10/10 11:46:43 | 000,017,908 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3F84F1A5d01
[2010/10/10 11:46:42 | 000,020,918 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F3BFED99d01
[2010/10/10 11:46:38 | 000,042,692 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\86C54AB2d01
[2010/10/10 11:46:38 | 000,035,266 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F5A8ECCBd01
[2010/10/10 11:46:36 | 000,018,219 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1467657Dd01
[2010/10/10 11:46:36 | 000,016,987 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D68317C5d01
[2010/10/10 11:46:35 | 000,256,885 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\7C224D60d01
[2010/10/10 11:46:35 | 000,022,207 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C23D28F0d01
[2010/10/10 11:30:20 | 000,057,554 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\25ED82B9d01
[2010/10/10 11:30:19 | 000,031,661 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0040CC2Ed01
[2010/10/10 11:30:17 | 000,025,137 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\7BD6A121d01
[2010/10/10 11:30:15 | 000,027,360 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\A5550A69d01
[2010/10/10 11:30:14 | 000,049,333 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F30165F2d01
[2010/10/10 11:30:13 | 000,038,735 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\69E68C1Ad01
[2010/10/10 11:30:11 | 000,021,717 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F220A227d01
[2010/10/10 11:30:11 | 000,018,450 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\67730707d01
[2010/10/10 11:30:10 | 000,047,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1A983E42d01
[2010/10/10 11:30:06 | 000,024,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E8E246EAd01
[2010/10/10 11:30:03 | 000,029,780 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3D766EDBd01
[2010/10/10 11:29:58 | 000,057,554 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D3E0D5DCd01
[2010/10/10 11:29:52 | 000,057,254 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\13E03FCDd01
[2010/10/10 11:29:52 | 000,033,269 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\4F5FA262d01
[2010/10/10 11:29:19 | 000,002,366 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\pluginreg.dat
[2010/10/10 11:14:02 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\urlclassifier3.sqlite
[2010/10/10 11:14:01 | 001,752,416 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_003_
[2010/10/10 11:14:01 | 000,683,135 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_002_
[2010/10/10 11:14:01 | 000,585,374 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_001_
[2010/10/10 11:14:01 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\cert8.db
[2010/10/10 11:14:01 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\secmod.db
[2010/10/10 11:14:01 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\key3.db
[2010/10/10 11:14:01 | 000,000,276 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_MAP_
[2010/10/10 11:13:15 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\webappsstore.sqlite
[2010/10/10 11:13:13 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\cookies.sqlite
[2010/10/10 11:13:11 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\permissions.sqlite
[2010/10/10 11:13:06 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\places.sqlite
[2010/10/10 11:13:06 | 000,066,176 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\places.sqlite-journal
[2010/10/10 11:13:01 | 000,142,385 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\compreg.dat
[2010/10/10 11:13:00 | 000,102,022 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpti.dat
[2010/10/10 11:12:44 | 000,348,994 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\browser.xpt
[2010/10/10 11:12:44 | 000,023,460 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_svg.xpt
[2010/10/10 11:12:44 | 000,019,182 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\accessibility.xpt
[2010/10/10 11:12:44 | 000,018,049 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_html.xpt
[2010/10/10 11:12:44 | 000,017,215 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko.xpt
[2010/10/10 11:12:44 | 000,012,938 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pipnss.xpt
[2010/10/10 11:12:44 | 000,011,997 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_css.xpt
[2010/10/10 11:12:44 | 000,011,652 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\places.xpt
[2010/10/10 11:12:44 | 000,011,557 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\editor.xpt
[2010/10/10 11:12:44 | 000,011,151 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\widget.xpt
[2010/10/10 11:12:44 | 000,011,095 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_ds.xpt
[2010/10/10 11:12:44 | 000,010,561 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\docshell_base.xpt
[2010/10/10 11:12:44 | 000,009,477 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_base.xpt
[2010/10/10 11:12:44 | 000,009,066 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_base.xpt
[2010/10/10 11:12:44 | 000,008,438 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpconnect.xpt
[2010/10/10 11:12:44 | 000,007,420 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_io.xpt
[2010/10/10 11:12:44 | 000,007,408 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_xul.xpt
[2010/10/10 11:12:44 | 000,007,301 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_core.xpt
[2010/10/10 11:12:44 | 000,006,869 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_events.xpt
[2010/10/10 11:12:44 | 000,006,029 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\jsdservice.xpt
[2010/10/10 11:12:44 | 000,005,510 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\webBrowser_core.xpt
[2010/10/10 11:12:44 | 000,005,145 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\plugin.xpt
[2010/10/10 11:12:44 | 000,004,908 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\rdf.xpt
[2010/10/10 11:12:44 | 000,003,831 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\extensions.xpt
[2010/10/10 11:12:44 | 000,003,731 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_xul_tree.xpt
[2010/10/10 11:12:44 | 000,003,603 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\autocomplete.xpt
[2010/10/10 11:12:44 | 000,003,290 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pref.xpt
[2010/10/10 11:12:44 | 000,003,274 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\feeds.xpt
[2010/10/10 11:12:44 | 000,003,185 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_base.xpt
[2010/10/10 11:12:44 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\storage.xpt
[2010/10/10 11:12:44 | 000,003,040 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_components.xpt
[2010/10/10 11:12:44 | 000,003,021 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\imglib2.xpt
[2010/10/10 11:12:44 | 000,002,958 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\shistory.xpt
[2010/10/10 11:12:44 | 000,002,793 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\windowwatcher.xpt
[2010/10/10 11:12:44 | 000,002,719 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\caps.xpt
[2010/10/10 11:12:44 | 000,002,713 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\uriloader.xpt
[2010/10/10 11:12:44 | 000,002,646 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\update.xpt
[2010/10/10 11:12:44 | 000,002,621 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_loadsave.xpt
[2010/10/10 11:12:44 | 000,002,602 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_http.xpt
[2010/10/10 11:12:44 | 000,002,595 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_cache.xpt
[2010/10/10 11:12:44 | 000,002,547 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\appshell.xpt
[2010/10/10 11:12:44 | 000,002,512 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_xtf.xpt
[2010/10/10 11:12:44 | 000,002,502 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\inspector.xpt
[2010/10/10 11:12:44 | 000,002,425 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xultmpl.xpt
[2010/10/10 11:12:44 | 000,002,369 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\saxparser.xpt
[2010/10/10 11:12:44 | 000,002,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_thread.xpt
[2010/10/10 11:12:44 | 000,002,232 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\downloads.xpt
[2010/10/10 11:12:44 | 000,002,122 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_xul.xpt
[2010/10/10 11:12:44 | 000,002,074 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\webbrowserpersist.xpt
[2010/10/10 11:12:44 | 000,002,008 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\mimetype.xpt
[2010/10/10 11:12:44 | 000,001,981 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\exthandler.xpt
[2010/10/10 11:12:44 | 000,001,930 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_canvas.xpt
[2010/10/10 11:12:44 | 000,001,896 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_system.xpt
[2010/10/10 11:12:44 | 000,001,789 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\commandhandler.xpt
[2010/10/10 11:12:44 | 000,001,784 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\loginmgr.xpt
[2010/10/10 11:12:44 | 000,001,648 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_cookie.xpt
[2010/10/10 11:12:44 | 000,001,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_xpti.xpt
[2010/10/10 11:12:44 | 000,001,508 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\exthelper.xpt
[2010/10/10 11:12:44 | 000,001,491 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\uconv.xpt
[2010/10/10 11:12:44 | 000,001,475 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_strconv.xpt
[2010/10/10 11:12:44 | 000,001,451 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\gfx.xpt
[2010/10/10 11:12:44 | 000,001,417 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_xpath.xpt
[2010/10/10 11:12:44 | 000,001,346 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\jar.xpt
[2010/10/10 11:12:44 | 000,001,326 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_xslt.xpt
[2010/10/10 11:12:44 | 000,001,293 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\webshell_idls.xpt
[2010/10/10 11:12:44 | 000,001,282 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_traversal.xpt
[2010/10/10 11:12:44 | 000,001,263 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_offline.xpt
[2010/10/10 11:12:44 | 000,001,260 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\locale.xpt
[2010/10/10 11:12:44 | 000,001,258 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\txmgr.xpt
[2010/10/10 11:12:44 | 000,001,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_range.xpt
[2010/10/10 11:12:44 | 000,001,209 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xuldoc.xpt
[2010/10/10 11:12:44 | 000,001,181 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\unicharutil.xpt
[2010/10/10 11:12:44 | 000,001,179 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\prefetch.xpt
[2010/10/10 11:12:44 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\oji.xpt
[2010/10/10 11:12:44 | 000,001,111 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpinstall.xpt
[2010/10/10 11:12:44 | 000,001,088 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\toolkitprofile.xpt
[2010/10/10 11:12:44 | 000,001,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_dns.xpt
[2010/10/10 11:12:44 | 000,001,060 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\spellchecker.xpt
[2010/10/10 11:12:44 | 000,001,036 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\find.xpt
[2010/10/10 11:12:44 | 000,001,019 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_stylesheets.xpt
[2010/10/10 11:12:44 | 000,001,011 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xml-rpc.xpt
[2010/10/10 11:12:44 | 000,000,960 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\commandlines.xpt
[2010/10/10 11:12:44 | 000,000,911 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_printing.xpt
[2010/10/10 11:12:44 | 000,000,893 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_socket.xpt
[2010/10/10 11:12:44 | 000,000,874 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_storage.xpt
[2010/10/10 11:12:44 | 000,000,858 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\grabber.gif
[2010/10/10 11:12:44 | 000,000,856 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\plugins\flashplayer.xpt
[2010/10/10 11:12:44 | 000,000,845 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\mozfind.xpt
[2010/10/10 11:12:44 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-row-hover.gif
[2010/10/10 11:12:44 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-row.gif
[2010/10/10 11:12:44 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-column-hover.gif
[2010/10/10 11:12:44 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-column.gif
[2010/10/10 11:12:44 | 000,000,835 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-row-active.gif
[2010/10/10 11:12:44 | 000,000,835 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-column-active.gif
[2010/10/10 11:12:44 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-after-hover.gif
[2010/10/10 11:12:44 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-after.gif
[2010/10/10 11:12:44 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-after-hover.gif
[2010/10/10 11:12:44 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-after.gif
[2010/10/10 11:12:44 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-before-hover.gif
[2010/10/10 11:12:44 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-before.gif
[2010/10/10 11:12:44 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-before-hover.gif
[2010/10/10 11:12:44 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-before.gif
[2010/10/10 11:12:44 | 000,000,771 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\zipwriter.xpt
[2010/10/10 11:12:44 | 000,000,759 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\txtsvc.xpt
[2010/10/10 11:12:44 | 000,000,755 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\composer.xpt
[2010/10/10 11:12:44 | 000,000,724 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\contentprefs.xpt
[2010/10/10 11:12:44 | 000,000,718 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\satchel.xpt
[2010/10/10 11:12:44 | 000,000,700 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_html.xpt
[2010/10/10 11:12:44 | 000,000,694 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\htmlparser.xpt
[2010/10/10 11:12:44 | 000,000,693 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_xmldoc.xpt
[2010/10/10 11:12:44 | 000,000,679 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\chardet.xpt
[2010/10/10 11:12:44 | 000,000,652 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\profile.xpt
[2010/10/10 11:12:44 | 000,000,645 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\intl.xpt
[2010/10/10 11:12:44 | 000,000,628 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pipboot.xpt
[2010/10/10 11:12:44 | 000,000,619 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\html\folder.png
[2010/10/10 11:12:44 | 000,000,613 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xulapp.xpt
[2010/10/10 11:12:44 | 000,000,605 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_htmldoc.xpt
[2010/10/10 11:12:44 | 000,000,599 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\fastfind.xpt
[2010/10/10 11:12:44 | 000,000,551 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_sidebar.xpt
[2010/10/10 11:12:44 | 000,000,543 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\appstartup.xpt
[2010/10/10 11:12:44 | 000,000,537 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\parentalcontrols.xpt
[2010/10/10 11:12:44 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\embed_base.xpt
[2010/10/10 11:12:44 | 000,000,488 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\cookie.xpt
[2010/10/10 11:12:44 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_xbl.xpt
[2010/10/10 11:12:44 | 000,000,437 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_file.xpt
[2010/10/10 11:12:44 | 000,000,377 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pippki.xpt
[2010/10/10 11:12:44 | 000,000,377 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom.xpt
[2010/10/10 11:12:44 | 000,000,373 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\directory.xpt
[2010/10/10 11:12:44 | 000,000,356 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\mimeTypes.rdf
[2010/10/10 11:12:44 | 000,000,349 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_json.xpt
[2010/10/10 11:12:44 | 000,000,344 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\chrome.xpt
[2010/10/10 11:12:44 | 000,000,326 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\imgicon.xpt
[2010/10/10 11:12:44 | 000,000,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_about.xpt
[2010/10/10 11:12:44 | 000,000,302 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_base.xpt
[2010/10/10 11:12:44 | 000,000,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\mozbrwsr.xpt
[2010/10/10 11:12:44 | 000,000,287 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\proxyObject.xpt
[2010/10/10 11:12:44 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_res.xpt
[2010/10/10 11:12:44 | 000,000,233 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\accessibility-msaa.xpt
[2010/10/10 11:12:44 | 000,000,226 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_views.xpt
[2010/10/10 11:12:44 | 000,000,212 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\windowds.xpt
[2010/10/10 11:12:44 | 000,000,211 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\autoconfig.xpt
[2010/10/10 11:12:44 | 000,000,211 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\alerts.xpt
[2010/10/10 11:12:44 | 000,000,201 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_ftp.xpt
[2010/10/10 11:12:44 | 000,000,198 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xulapp_setup.xpt
[2010/10/10 11:12:44 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_viewsource.xpt
[2010/10/10 11:12:44 | 000,000,174 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\lwbrk.xpt
[2010/10/10 11:12:44 | 000,000,172 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\urlformatter.xpt
[2010/10/10 11:12:44 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\localstore.rdf
[2010/10/10 11:12:44 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\localstore.rdf
[2010/10/10 11:12:44 | 000,000,122 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\loading-image.gif
[2010/10/10 11:12:44 | 000,000,106 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\broken-image.gif
[2010/10/10 11:12:44 | 000,000,059 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\arrowd.gif
[2010/10/10 11:12:44 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-after-active.gif
[2010/10/10 11:12:44 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-before-active.gif
[2010/10/10 11:12:44 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-after-active.gif
[2010/10/10 11:12:44 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-before-active.gif
[2010/10/10 11:12:44 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\arrow.gif
[2010/10/10 11:12:43 | 000,115,501 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsUpdateService.js
[2010/10/10 11:12:43 | 000,110,913 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSearchService.js
[2010/10/10 11:12:43 | 000,077,051 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsMicrosummaryService.js
[2010/10/10 11:12:43 | 000,076,993 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSessionStore.js
[2010/10/10 11:12:43 | 000,061,758 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\utils.js
[2010/10/10 11:12:43 | 000,056,411 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfont.properties
[2010/10/10 11:12:43 | 000,051,214 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsHandlerService.js
[2010/10/10 11:12:43 | 000,050,600 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsUrlClassifierLib.js
[2010/10/10 11:12:43 | 000,049,926 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\storage-Legacy.js
[2010/10/10 11:12:43 | 000,044,106 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLoginManager.js
[2010/10/10 11:12:43 | 000,041,950 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsHelperAppDlg.js
[2010/10/10 11:12:43 | 000,040,367 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLoginManagerPrompter.js
[2010/10/10 11:12:43 | 000,038,499 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\transliterate.properties
[2010/10/10 11:12:43 | 000,037,314 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsProgressDialog.js
[2010/10/10 11:12:43 | 000,036,111 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLivemarkService.js
[2010/10/10 11:12:43 | 000,035,256 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsXmlRpcClient.js
[2010/10/10 11:12:43 | 000,034,011 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\WebContentConverter.js
[2010/10/10 11:12:43 | 000,033,805 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsPlacesTransactionsService.js
[2010/10/10 11:12:43 | 000,030,004 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\mathml20.properties
[2010/10/10 11:12:43 | 000,025,176 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSafebrowsingApplication.js
[2010/10/10 11:12:43 | 000,024,273 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSearchSuggestions.js
[2010/10/10 11:12:43 | 000,021,420 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsPostUpdateWin.js
[2010/10/10 11:12:43 | 000,019,983 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsUrlClassifierListManager.js
[2010/10/10 11:12:43 | 000,017,380 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\DownloadUtils.jsm
[2010/10/10 11:12:43 | 000,013,682 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsProxyAutoConfig.js
[2010/10/10 11:12:43 | 000,012,513 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSidebar.js
[2010/10/10 11:12:43 | 000,011,428 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSessionStartup.js
[2010/10/10 11:12:43 | 000,011,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\charsetalias.properties
[2010/10/10 11:12:43 | 000,009,998 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\XPCOMUtils.jsm
[2010/10/10 11:12:43 | 000,009,967 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsTaggingService.js
[2010/10/10 11:12:43 | 000,009,551 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\charsetData.properties
[2010/10/10 11:12:43 | 000,009,456 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsRequestService.js
[2010/10/10 11:12:43 | 000,008,278 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsXULAppInstall.js
[2010/10/10 11:12:43 | 000,007,585 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\PluralForm.jsm
[2010/10/10 11:12:43 | 000,007,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig\prefcalls.js
[2010/10/10 11:12:43 | 000,007,049 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsResetPref.js
[2010/10/10 11:12:43 | 000,007,039 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\ISO8601DateUtils.jsm
[2010/10/10 11:12:43 | 000,006,920 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsWebHandlerApp.js
[2010/10/10 11:12:43 | 000,006,721 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\JSON.jsm
[2010/10/10 11:12:43 | 000,006,719 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontUnicode.properties
[2010/10/10 11:12:43 | 000,006,667 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\txEXSLTRegExFunctions.js
[2010/10/10 11:12:43 | 000,005,649 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\langGroups.properties
[2010/10/10 11:12:43 | 000,005,493 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontSTIXNonUnicode.properties
[2010/10/10 11:12:43 | 000,005,490 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\language.properties
[2010/10/10 11:12:43 | 000,004,302 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLoginInfo.js
[2010/10/10 11:12:43 | 000,004,090 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\html40Symbols.properties
[2010/10/10 11:12:43 | 000,003,954 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontSymbol.properties
[2010/10/10 11:12:43 | 000,003,930 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\xulrunner.js
[2010/10/10 11:12:43 | 000,003,902 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontStandardSymbolsL.properties
[2010/10/10 11:12:43 | 000,003,690 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\html40Latin1.properties
[2010/10/10 11:12:43 | 000,003,378 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\greprefs\security-prefs.js
[2010/10/10 11:12:43 | 000,003,268 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsTryToClose.js
[2010/10/10 11:12:43 | 000,003,142 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pluginGlue.js
[2010/10/10 11:12:43 | 000,003,115 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsURLFormatter.js
[2010/10/10 11:12:43 | 000,003,033 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontSTIXSize1.properties
[2010/10/10 11:12:43 | 000,002,854 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSetDefaultBrowser.js
[2010/10/10 11:12:43 | 000,002,396 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\html40Special.properties
[2010/10/10 11:12:43 | 000,002,080 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\wincharset.properties
[2010/10/10 11:12:43 | 000,001,967 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\htmlEntityVersions.properties
[2010/10/10 11:12:43 | 000,000,774 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\en-US.manifest
[2010/10/10 11:12:43 | 000,000,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\classic.manifest
[2010/10/10 11:12:43 | 000,000,517 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\toolkit.manifest
[2010/10/10 11:12:43 | 000,000,347 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\prefs.js
[2010/10/10 11:12:43 | 000,000,208 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\reporter.js
[2010/10/10 11:12:43 | 000,000,172 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\geckofx.manifest
[2010/10/10 11:12:43 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\comm.manifest
[2010/10/10 11:12:43 | 000,000,087 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig\platform.js
[2010/10/10 11:12:43 | 000,000,085 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\greprefs\xpinstall.js
[2010/10/10 11:12:43 | 000,000,069 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\pippki.manifest
[2010/10/10 11:12:42 | 000,333,726 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsExtensionManager.js
[2010/10/10 11:12:42 | 000,072,928 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\greprefs\all.js
[2010/10/10 11:12:42 | 000,066,215 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\FeedProcessor.js
[2010/10/10 11:12:42 | 000,064,412 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\Microformats.js
[2010/10/10 11:12:42 | 000,049,780 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\FeedWriter.js
[2010/10/10 11:12:42 | 000,038,238 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\fuelApplication.js
[2010/10/10 11:12:42 | 000,035,102 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\firefox.js
[2010/10/10 11:12:42 | 000,033,087 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBrowserContentHandler.js
[2010/10/10 11:12:42 | 000,032,409 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBrowserGlue.js
[2010/10/10 11:12:42 | 000,030,074 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBlocklistService.js
[2010/10/10 11:12:42 | 000,029,973 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsContentPrefService.js
[2010/10/10 11:12:42 | 000,025,339 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\FeedConverter.js
[2010/10/10 11:12:42 | 000,012,091 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\distribution.js
[2010/10/10 11:12:42 | 000,011,677 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsAddonRepository.js
[2010/10/10 11:12:42 | 000,006,265 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsDefaultCLH.js
[2010/10/10 11:12:42 | 000,005,737 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsDownloadManagerUI.js
[2010/10/10 11:12:42 | 000,005,005 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsContentDispatchChooser.js
[2010/10/10 11:12:42 | 000,004,805 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsDictionary.js
[2010/10/10 11:12:42 | 000,003,104 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBadCertHandler.js
[2010/10/10 11:12:42 | 000,002,927 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\aboutRobots.js
[2010/10/10 11:12:42 | 000,002,925 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\aboutRights.js
[2010/10/10 11:12:42 | 000,002,738 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\debug.js
[2010/10/10 11:12:42 | 000,001,512 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\jsconsole-clhandler.js
[2010/10/10 11:12:42 | 000,000,915 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\firefox-branding.js
[2010/10/10 11:12:42 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\firefox-l10n.js
[2010/10/10 11:12:42 | 000,000,126 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\channel-prefs.js
[2010/10/10 11:12:41 | 001,915,137 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\toolkit.jar
[2010/10/10 11:12:41 | 000,777,705 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\classic.jar
[2010/10/10 11:12:41 | 000,332,438 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\en-US.jar
[2010/10/10 11:12:41 | 000,317,480 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\pippki.jar
[2010/10/10 11:12:41 | 000,063,788 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\dtd\mathml.dtd
[2010/10/10 11:12:41 | 000,039,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\comm.jar
[2010/10/10 11:12:41 | 000,015,416 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\forms.css
[2010/10/10 11:12:41 | 000,014,664 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\mathml.css
[2010/10/10 11:12:41 | 000,013,443 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\geckofx.jar
[2010/10/10 11:12:41 | 000,011,637 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\contenteditable.css
[2010/10/10 11:12:41 | 000,011,608 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\quirk.css
[2010/10/10 11:12:41 | 000,011,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\html.css
[2010/10/10 11:12:41 | 000,010,740 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\EditorOverride.css
[2010/10/10 11:12:41 | 000,008,427 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\dtd\xhtml11.dtd
[2010/10/10 11:12:41 | 000,006,469 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\ua.css
[2010/10/10 11:12:41 | 000,003,037 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\viewsource.css
[2010/10/10 11:12:41 | 000,002,295 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\svg.css
[2010/10/10 11:12:41 | 000,001,861 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\designmode.css
[2010/10/10 11:12:41 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome\userChrome-example.css
[2010/10/10 11:12:41 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome\userChrome-example.css
[2010/10/10 11:12:41 | 000,000,663 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome\userContent-example.css
[2010/10/10 11:12:41 | 000,000,663 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome\userContent-example.css
[2010/10/10 11:12:41 | 000,000,478 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\softokn3.chk
[2010/10/10 11:12:41 | 000,000,478 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\freebl3.chk
[2010/10/10 11:12:40 | 005,969,360 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\plugins\NPSWF32.dll
[2010/10/10 11:12:39 | 000,007,139 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\bookmarks.html
[2010/10/10 11:12:39 | 000,000,117 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\hiddenWindow.html
[2010/10/09 10:23:08 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/08 23:59:17 | 000,002,051 | ---- | C] () -- C:\Users\Her\Desktop\Bookworm Adventures The Monkey King.lnk
[2010/10/08 23:58:41 | 000,002,069 | ---- | C] () -- C:\Users\Her\Desktop\Bookworm Adventures Astounding Planet.lnk
[2010/10/08 23:58:08 | 000,002,114 | ---- | C] () -- C:\Users\Her\Desktop\Bookworm Adventures Fractured Fairytales.lnk
[2010/10/08 23:57:28 | 000,001,848 | ---- | C] () -- C:\Users\Her\Desktop\Bookworm Adventures Vol.2.lnk
[2010/10/08 23:56:24 | 000,002,072 | ---- | C] () -- C:\Users\Her\Desktop\Bookworm Adventures Deluxe.lnk
[2010/10/01 16:51:58 | 000,001,075 | ---- | C] () -- C:\Users\Her\Desktop\Farm Frenzy Gone Fishing.lnk
[2010/10/01 08:42:10 | 000,003,234 | ---- | C] () -- C:\Users\Her\Documents\Attach.zip
[2010/10/01 08:01:32 | 000,000,943 | ---- | C] () -- C:\Users\Her\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/01 08:00:55 | 000,000,763 | ---- | C] () -- C:\Users\Her\Desktop\NTREGOPT.lnk
[2010/10/01 08:00:55 | 000,000,744 | ---- | C] () -- C:\Users\Her\Desktop\ERUNT.lnk
[2010/09/30 23:54:12 | 731,324,207 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/23 17:07:46 | 000,003,347 | ---- | C] () -- C:\Users\Her\.recently-used.xbel
[2010/09/21 01:22:01 | 000,016,384 | -HS- | C] () -- C:\Windows\SysWow64\drivers\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
[2010/09/21 01:21:30 | 009,655,677 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\jet.exe
[2010/09/21 01:20:50 | 000,004,286 | ---- | C] () -- C:\Windows\SysWow64\ico.ico
[2010/09/21 01:17:44 | 000,001,738 | ---- | C] () -- C:\Users\Her\Desktop\Alawar Games.lnk
[2010/09/18 15:49:19 | 000,000,945 | ---- | C] () -- C:\Users\Her\Desktop\Farmers Market.lnk
[2010/09/16 10:34:30 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/09/16 10:34:29 | 000,000,996 | ---- | C] () -- C:\Users\Her\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/09/15 16:15:11 | 000,001,868 | ---- | C] () -- C:\Users\Her\Desktop\Fishdom (2).lnk
[2010/09/15 16:10:46 | 000,001,043 | ---- | C] () -- C:\Users\Her\Desktop\Fishdom H2O Hidden Odyssey.lnk
[2010/09/02 10:19:45 | 000,001,404 | ---- | C] () -- C:\Users\Her\AppData\Roaming\wklnhst.dat
[2010/07/25 17:25:15 | 000,000,680 | ---- | C] () -- C:\Users\Her\AppData\Local\d3d9caps.dat
[2010/05/29 03:12:14 | 136,233,564 | ---- | C] () -- C:\Users\Her\AppData\Roaming\The_Heritage_V1.0.4.0.exe
[2010/05/23 22:20:55 | 000,000,306 | ---- | C] () -- C:\Users\Her\AppData\Roaming\bbbconfig.dat
[2010/04/03 16:22:08 | 000,001,041 | ---- | C] () -- C:\Users\Her\AppData\Roaming\vso_ts_preview.xml
[2010/04/03 16:21:22 | 000,000,034 | ---- | C] () -- C:\Users\Her\AppData\Roaming\pcouffin.log
[2010/04/03 16:19:59 | 000,099,384 | ---- | C] () -- C:\Users\Her\AppData\Roaming\inst.exe
[2010/04/03 16:19:59 | 000,007,859 | ---- | C] () -- C:\Users\Her\AppData\Roaming\pcouffin.cat
[2010/04/03 16:19:59 | 000,001,167 | ---- | C] () -- C:\Users\Her\AppData\Roaming\pcouffin.inf
[2010/04/03 13:04:22 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/04/03 13:04:21 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/04/03 13:04:18 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/04/03 13:04:18 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/04/03 13:04:17 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2010/04/03 13:04:13 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/04/03 13:04:11 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/04/03 12:55:08 | 000,132,608 | ---- | C] () -- C:\Users\Her\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/15 02:13:25 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/03/15 02:12:06 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/03/11 15:35:41 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2010/03/11 15:35:30 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/03/11 15:34:52 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/03/11 15:34:15 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/03/11 15:32:26 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/03/11 02:06:02 | 000,000,000 | ---- | C] () -- C:\Users\Her\AppData\Local\QSwitch.txt
[2010/03/11 02:06:02 | 000,000,000 | ---- | C] () -- C:\Users\Her\AppData\Local\DSwitch.txt
[2010/03/11 02:06:02 | 000,000,000 | ---- | C] () -- C:\Users\Her\AppData\Local\AtStart.txt
[2010/03/11 02:06:01 | 000,000,187 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\WBCustomizer.dll
[2009/08/31 14:00:21 | 000,185,344 | ---- | C] () -- C:\Windows\SysWow64\MemWarp.dll
[2009/04/08 05:00:37 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/04/08 04:52:14 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/04/08 04:49:44 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/04/08 04:47:54 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:BFC41B39
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:A1023D41
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:2E224648
< End of report >

ken545
2010-10-10, 21:08
We got most of it, lets run another script, post the log the fix creates, then run OTL without the fix and post a new log please

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL



:OTL
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [jsafesurf] C:\Windows\SysWOW64\drivers\safesurf.exe (JetSwap)

:Files
C:\Windows\SysWOW64\drivers\safesurf.exe
C:\Windows\SysWow64\drivers\surfguard.exe

:Services
safesurf.exe
surfguard.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the results of the log and a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Magnus_Rexel
2010-10-11, 14:28
Here is the log from the fix:

All processes killed
========== OTL ==========
No active process named Explorer.EXE was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jsafesurf deleted successfully.
C:\Windows\SysWOW64\drivers\safesurf.exe moved successfully.
========== FILES ==========
File\Folder C:\Windows\SysWOW64\drivers\safesurf.exe not found.
C:\Windows\SysWow64\drivers\surfguard.exe moved successfully.
========== SERVICES/DRIVERS ==========
Error: No service named safesurf.exe was found to stop!
Service\Driver key safesurf.exe not found.
Error: No service named surfguard.exe was found to stop!
Service\Driver key surfguard.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Her
->Temp folder emptied: 5421896 bytes
->Temporary Internet Files folder emptied: 61101624 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43763732 bytes
->Flash cache emptied: 1321 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 92103591 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 193.00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 10112010_070129

Files\Folders moved on Reboot...
C:\Users\Her\AppData\Local\Temp\ehmsas.txt moved successfully.
File\Folder C:\Windows\temp\TMP000000368DF978197B337E98 not found!

Registry entries deleted on Reboot...


Here is the log from the scan:

OTL logfile created on: 10/11/2010 7:15:31 AM - Run 3
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Her\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.81 Gb Total Space | 132.78 Gb Free Space | 46.79% Space Free | Partition Type: NTFS
Drive D: | 14.28 Gb Total Space | 2.14 Gb Free Space | 15.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HER-PC
Current User Name: Her
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\SysWOW64\drivers\safesurf.exe (JetSwap)
PRC - C:\Users\Her\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\system\svchost.exe (Micro Software ©)
PRC - C:\Windows\SysWOW64\system\svchost.exe (Micro Software ©)
PRC - C:\Windows\SysWOW64\system\svchost.exe (Micro Software ©)
PRC - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Her\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\asoehook.dll (Symantec Corporation)
MOD - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\N360x64\0402000.00C\SYMTDIV.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Ironx64.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\N360x64\0402000.00C\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ccHPx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\SYMDS64.SYS (Symantec Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (NETw3v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101010.003\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101010.003\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101008.002\IDSviA64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/webhp?hl=en&source=hp&btnG=Google+Search"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/06/05 11:01:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/05/10 15:06:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/17 10:18:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/17 10:18:56 | 000,000,000 | ---D | M]

[2010/05/11 12:27:53 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\Mozilla\Extensions
[2010/04/09 15:34:16 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/10 21:21:42 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\Mozilla\Firefox\Profiles\q3806ah3.default\extensions
[2010/05/24 12:55:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Her\AppData\Roaming\Mozilla\Firefox\Profiles\q3806ah3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/09 17:53:21 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Her\AppData\Roaming\Mozilla\Firefox\Profiles\q3806ah3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/09/07 17:03:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Her\AppData\Roaming\Mozilla\Firefox\Profiles\q3806ah3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/11 12:34:04 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Her\AppData\Roaming\Mozilla\Firefox\Profiles\q3806ah3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/09/12 08:12:06 | 000,000,000 | ---D | M] -- C:\Users\Her\AppData\Roaming\Mozilla\Firefox\Profiles\q3806ah3.default\extensions\personas@christopher.beard
[2010/09/07 15:54:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/07 15:54:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/10 11:03:44 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Her\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: comcast.com ([activation3] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Her\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Her\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2fed85c4-2d46-11df-9324-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2fed85c4-2d46-11df-9324-806e6f6e6963}\Shell\AutoRun\command - "" = E:\OblivionLauncher.exe -- File not found
O33 - MountPoints2\{4b80defd-9754-11df-ae0b-0026229a23f5}\Shell\AutoRun\command - "" = H:\podcastready.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/11 07:04:53 | 000,202,752 | ---- | C] (JetSwap) -- C:\Windows\SysWow64\drivers\safesurf.exe
[2010/10/10 18:58:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2010/10/10 11:14:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache
[2010/10/10 11:12:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\dictionaries
[2010/10/10 11:12:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\fonts
[2010/10/10 11:12:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\entityTables
[2010/10/10 11:12:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig
[2010/10/10 11:12:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\pref
[2010/10/10 11:12:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\modules
[2010/10/10 11:12:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\greprefs
[2010/10/10 11:12:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US
[2010/10/10 11:12:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\html
[2010/10/10 11:12:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\dtd
[2010/10/10 11:12:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome
[2010/10/10 11:12:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome
[2010/10/10 11:12:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\chrome
[2010/10/10 11:12:40 | 009,799,128 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\xul.dll
[2010/10/10 11:12:40 | 000,710,104 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\mozcrt19.dll
[2010/10/10 11:12:40 | 000,701,400 | ---- | C] (Netscape Communications Corporation) -- C:\Windows\SysWow64\drivers\f\1\js3250.dll
[2010/10/10 11:12:40 | 000,632,280 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nss3.dll
[2010/10/10 11:12:40 | 000,443,352 | ---- | C] (sqlite.org) -- C:\Windows\SysWow64\drivers\f\1\sqlite3.dll
[2010/10/10 11:12:40 | 000,316,888 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nssckbi.dll
[2010/10/10 11:12:40 | 000,249,856 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\freebl3.dll
[2010/10/10 11:12:40 | 000,198,104 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nspr4.dll
[2010/10/10 11:12:40 | 000,155,648 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\softokn3.dll
[2010/10/10 11:12:40 | 000,136,664 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\ssl3.dll
[2010/10/10 11:12:40 | 000,103,896 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\smime3.dll
[2010/10/10 11:12:40 | 000,098,304 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nssdbm3.dll
[2010/10/10 11:12:40 | 000,087,512 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nssutil3.dll
[2010/10/10 11:12:40 | 000,065,496 | ---- | C] (mozilla.org) -- C:\Windows\SysWow64\drivers\f\1\plugins\npnul32.dll
[2010/10/10 11:12:40 | 000,020,440 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\plc4.dll
[2010/10/10 11:12:40 | 000,017,880 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\xpcom.dll
[2010/10/10 11:12:40 | 000,017,368 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\plds4.dll
[2010/10/10 11:12:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\plugins
[2010/10/10 11:12:39 | 000,134,616 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\components\brwsrcmp.dll
[2010/10/10 11:12:39 | 000,023,000 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\components\browserdirprovider.dll
[2010/10/10 11:12:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res
[2010/10/10 11:12:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile
[2010/10/10 11:12:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults
[2010/10/10 11:12:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\components
[2010/10/10 11:12:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1
[2010/10/09 15:48:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/09 10:53:55 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\Her\Desktop\OTL.exe
[2010/10/09 10:23:16 | 000,000,000 | ---D | C] -- C:\Users\Her\AppData\Roaming\Malwarebytes
[2010/10/09 10:23:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/09 10:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/09 10:23:02 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/09 10:23:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/09 08:15:47 | 000,000,000 | ---D | C] -- C:\Users\Her\AppData\Local\MediaSmart DVD
[2010/10/09 01:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Reflexive
[2010/10/08 23:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\GameHouse
[2010/10/08 23:59:11 | 000,000,000 | ---D | C] -- C:\Windows\Bookworm Adventures The Monkey King
[2010/10/08 23:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bookworm Adventures The Monkey King
[2010/10/08 23:58:35 | 000,000,000 | ---D | C] -- C:\Windows\Bookworm Adventures Astounding Planet
[2010/10/08 23:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bookworm Adventures Astounding Planet
[2010/10/08 23:58:02 | 000,000,000 | ---D | C] -- C:\Windows\Bookworm Adventures - Fractured Fairytales
[2010/10/08 23:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bookworm Adventures - Fractured Fairytales
[2010/10/08 23:57:17 | 000,000,000 | ---D | C] -- C:\Windows\Bookworm Adventures 2
[2010/10/08 23:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bookworm Adventures 2
[2010/10/08 17:53:44 | 000,000,000 | ---D | C] -- C:\a7de5374e6ac4e466db96ed94b894779
[2010/10/01 16:51:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Farm Frenzy Gone Fishing
[2010/10/01 08:03:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/01 08:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/09/21 22:14:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/09/21 21:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/09/21 21:07:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/09/21 21:07:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/09/21 21:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/09/21 21:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/09/21 20:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/09/21 01:40:15 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/09/21 01:22:01 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\drivers\%APPDATA%\Microsoft\Windows
[2010/09/21 01:22:01 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\drivers\%APPDATA%\Microsoft
[2010/09/21 01:22:01 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\drivers\%APPDATA%\Microsoft\Windows\IETldCache
[2010/09/21 01:22:01 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\drivers\%APPDATA%
[2010/09/21 01:21:55 | 000,000,000 | ---D | C] -- C:\Windows\Mozilla
[2010/09/21 01:21:42 | 000,158,720 | ---- | C] (Skybound Software (http://www.skybound.ca)) -- C:\Windows\SysWow64\drivers\skybound.gecko.dll
[2010/09/21 01:21:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f
[2010/09/21 01:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Farm Fishes
[2010/09/21 01:20:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\system
[2010/09/21 01:20:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\webem
[2010/09/21 01:17:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alawar
[2010/09/19 19:50:26 | 000,000,000 | ---D | C] -- C:\Users\Her\AppData\Roaming\Apple Computer
[2010/09/18 15:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Farmers Market
[2010/09/16 10:36:30 | 000,000,000 | ---D | C] -- C:\Users\Her\AppData\Local\Yahoo
[2010/09/16 10:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/09/16 10:34:52 | 000,000,000 | ---D | C] -- C:\Users\Her\AppData\Roaming\Yahoo!
[2010/09/16 10:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/09/16 10:32:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/09/15 16:11:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fishdom Spooky Splash
[2010/09/15 16:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fishdom H2O Hidden Odyssey
[2010/09/15 16:10:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fishdom H20 Hidden Odyssey
[2010/09/15 16:09:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fishdom
[2010/09/15 13:07:16 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2010/09/15 13:07:16 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/09/15 13:07:07 | 000,621,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2010/04/03 16:19:59 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Her\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/10/11 07:19:13 | 006,815,744 | -HS- | M] () -- C:\Users\Her\NTUSER.DAT
[2010/10/11 07:16:37 | 000,244,140 | ---- | M] () -- C:\Windows\SysWow64\drivers\upn.exe
[2010/10/11 07:04:57 | 000,202,752 | ---- | M] (JetSwap) -- C:\Windows\SysWow64\drivers\safesurf.exe
[2010/10/11 07:04:28 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/11 07:04:28 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/11 07:04:27 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/11 07:04:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/11 07:04:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/11 07:04:12 | 4024,258,560 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/11 07:04:08 | 490,835,375 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/11 07:02:34 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/10/11 07:02:32 | 000,524,288 | -HS- | M] () -- C:\Users\Her\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/10/11 07:02:32 | 000,065,536 | -HS- | M] () -- C:\Users\Her\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/10/11 07:02:29 | 004,895,190 | -H-- | M] () -- C:\Users\Her\AppData\Local\IconCache.db
[2010/10/11 06:49:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/11 02:07:55 | 000,000,680 | ---- | M] () -- C:\Users\Her\AppData\Local\d3d9caps.dat
[2010/10/10 11:13:16 | 000,016,384 | -HS- | M] () -- C:\Windows\SysWow64\drivers\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
[2010/10/10 11:13:01 | 000,142,385 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\1\components\compreg.dat
[2010/10/10 11:13:00 | 000,102,022 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\1\components\xpti.dat
[2010/10/10 11:03:44 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/10/10 00:59:13 | 000,132,608 | ---- | M] () -- C:\Users\Her\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/09 10:53:58 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Her\Desktop\OTL.exe
[2010/10/09 10:23:08 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/08 23:59:17 | 000,002,051 | ---- | M] () -- C:\Users\Her\Desktop\Bookworm Adventures The Monkey King.lnk
[2010/10/08 23:58:41 | 000,002,069 | ---- | M] () -- C:\Users\Her\Desktop\Bookworm Adventures Astounding Planet.lnk
[2010/10/08 23:58:08 | 000,002,114 | ---- | M] () -- C:\Users\Her\Desktop\Bookworm Adventures Fractured Fairytales.lnk
[2010/10/08 23:57:29 | 000,001,848 | ---- | M] () -- C:\Users\Her\Desktop\Bookworm Adventures Vol.2.lnk
[2010/10/08 23:56:24 | 000,002,072 | ---- | M] () -- C:\Users\Her\Desktop\Bookworm Adventures Deluxe.lnk
[2010/10/07 16:41:33 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHer.job
[2010/10/01 16:51:58 | 000,001,075 | ---- | M] () -- C:\Users\Her\Desktop\Farm Frenzy Gone Fishing.lnk
[2010/10/01 08:43:25 | 000,003,234 | ---- | M] () -- C:\Users\Her\Documents\Attach.zip
[2010/10/01 08:01:32 | 000,000,943 | ---- | M] () -- C:\Users\Her\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/01 08:00:55 | 000,000,763 | ---- | M] () -- C:\Users\Her\Desktop\NTREGOPT.lnk
[2010/10/01 08:00:55 | 000,000,744 | ---- | M] () -- C:\Users\Her\Desktop\ERUNT.lnk
[2010/09/23 17:07:46 | 000,003,347 | ---- | M] () -- C:\Users\Her\.recently-used.xbel
[2010/09/23 01:55:40 | 000,419,434 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100930-181641.backup
[2010/09/22 13:42:33 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/22 13:42:33 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/22 13:42:33 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/21 20:56:14 | 000,419,366 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100923-015540.backup
[2010/09/21 18:05:26 | 000,001,404 | ---- | M] () -- C:\Users\Her\AppData\Roaming\wklnhst.dat
[2010/09/21 01:21:38 | 009,655,677 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\jet.exe
[2010/09/21 01:20:50 | 000,004,286 | ---- | M] () -- C:\Windows\SysWow64\ico.ico
[2010/09/21 01:17:45 | 000,001,738 | ---- | M] () -- C:\Users\Her\Desktop\Alawar Games.lnk
[2010/09/20 18:45:23 | 000,001,041 | ---- | M] () -- C:\Users\Her\AppData\Roaming\vso_ts_preview.xml
[2010/09/18 15:49:20 | 000,000,945 | ---- | M] () -- C:\Users\Her\Desktop\Farmers Market.lnk
[2010/09/16 10:34:30 | 000,000,996 | ---- | M] () -- C:\Users\Her\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/09/16 10:34:30 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/09/15 16:15:11 | 000,001,868 | ---- | M] () -- C:\Users\Her\Desktop\Fishdom (2).lnk
[2010/09/15 16:10:47 | 000,001,043 | ---- | M] () -- C:\Users\Her\Desktop\Fishdom H2O Hidden Odyssey.lnk
[2010/09/15 16:09:53 | 000,000,848 | ---- | M] () -- C:\Users\Her\Desktop\Fishdom.lnk
[2010/09/13 23:35:07 | 000,001,127 | ---- | M] () -- C:\Users\Her\Desktop\Spybot - Search & Destroy.lnk

Magnus_Rexel
2010-10-11, 14:32
========== Files Created - No Company Name ==========

[2010/10/11 06:04:05 | 000,063,039 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\EE856049d01
[2010/10/11 06:04:05 | 000,026,126 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\30AD0515d01
[2010/10/11 06:04:05 | 000,020,454 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\65A3C719d01
[2010/10/11 06:04:05 | 000,016,569 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\42D02F62d01
[2010/10/11 06:04:04 | 000,029,456 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\2B072C49d01
[2010/10/11 06:04:04 | 000,028,399 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5369357Cd01
[2010/10/11 06:04:04 | 000,019,427 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\6223A3C0d01
[2010/10/11 06:03:54 | 000,041,781 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\65160255d01
[2010/10/11 06:03:53 | 000,042,504 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\AA1F0038d01
[2010/10/11 06:03:47 | 000,026,628 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\2F4A9EA0d01
[2010/10/11 06:03:46 | 000,108,378 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\325E382Cd01
[2010/10/11 06:03:46 | 000,034,911 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\A75E06A7d01
[2010/10/11 06:03:45 | 000,168,225 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\91953FD6d01
[2010/10/11 06:03:43 | 000,067,112 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\802C0256d01
[2010/10/11 06:02:29 | 000,051,483 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1A190DF0d01
[2010/10/11 06:01:24 | 000,060,959 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\A2CD23E0d01
[2010/10/11 05:30:40 | 000,021,928 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\BC070D87d01
[2010/10/11 05:30:37 | 000,021,585 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\7D315481d01
[2010/10/11 05:30:37 | 000,020,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\BCAD4ED6d01
[2010/10/11 05:30:25 | 000,016,861 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D88C4BEEd01
[2010/10/11 05:30:12 | 000,163,732 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\BF74F709d01
[2010/10/11 05:30:12 | 000,047,366 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C9C53212d01
[2010/10/11 05:30:12 | 000,037,138 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F5552B8Cd01
[2010/10/11 05:30:11 | 000,070,256 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\6702B888d01
[2010/10/11 05:30:11 | 000,069,204 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F7312B8Cd01
[2010/10/11 05:30:11 | 000,068,760 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\6538E3D8d01
[2010/10/11 05:30:09 | 000,019,451 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\376B6C28d01
[2010/10/11 05:29:35 | 000,022,733 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F4CDFE0Cd01
[2010/10/11 05:29:34 | 000,022,898 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F5FB419Ad01
[2010/10/11 05:29:21 | 000,023,207 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\2B1E92BAd01
[2010/10/11 05:28:48 | 000,023,149 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\9D3972F1d01
[2010/10/11 05:28:37 | 000,049,716 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E6F5E9B5d01
[2010/10/11 05:28:35 | 000,023,579 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\9D3972D1d01
[2010/10/11 05:28:25 | 000,038,139 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\53A2E338d01
[2010/10/11 05:28:25 | 000,020,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B4B4FD84d01
[2010/10/11 05:28:23 | 000,131,025 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3C500FE4d01
[2010/10/11 05:28:22 | 000,055,774 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D3F99B1Fd01
[2010/10/11 05:28:22 | 000,018,338 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\A09DAFB5d01
[2010/10/11 05:28:21 | 000,070,025 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\14CD09D0d01
[2010/10/11 03:18:18 | 000,022,744 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\63DF5381d01
[2010/10/11 03:18:18 | 000,016,776 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3DDF31B5d01
[2010/10/11 03:18:16 | 000,022,744 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\098D3C43d01
[2010/10/11 03:18:16 | 000,016,776 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\FFB563DAd01
[2010/10/11 03:02:02 | 000,024,496 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\FB0D9D76d01
[2010/10/11 03:02:01 | 000,101,671 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C5935778d01
[2010/10/11 03:02:01 | 000,056,003 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\6DDD7B02d01
[2010/10/11 03:02:01 | 000,046,122 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\31308932d01
[2010/10/11 03:02:01 | 000,025,479 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\9E1E993Bd01
[2010/10/11 03:02:01 | 000,021,949 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B9F3680Dd01
[2010/10/11 03:02:01 | 000,017,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\517A222Bd01
[2010/10/11 03:01:48 | 000,025,071 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B8D15295d01
[2010/10/11 03:01:48 | 000,023,344 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\DA197763d01
[2010/10/11 03:01:48 | 000,023,229 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\2B326FC4d01
[2010/10/11 03:01:48 | 000,022,364 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\A1CBE0BAd01
[2010/10/11 03:01:48 | 000,021,208 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D6AE0052d01
[2010/10/11 03:01:47 | 000,031,290 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\AF0B698Ed01
[2010/10/11 03:01:47 | 000,029,520 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B5C7DB0Ad01
[2010/10/11 03:01:40 | 000,021,861 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\CAA13853d01
[2010/10/11 03:01:39 | 000,019,725 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\EA179B64d01
[2010/10/11 03:01:33 | 000,036,590 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\17D2E03Dd01
[2010/10/11 03:01:32 | 000,021,177 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\CC7730B3d01
[2010/10/11 03:01:31 | 000,026,213 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E6E4C09Cd01
[2010/10/11 03:01:31 | 000,022,063 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\405EF7BAd01
[2010/10/11 03:01:31 | 000,019,989 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\99656DACd01
[2010/10/11 03:01:30 | 000,063,378 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\04E0E7BAd01
[2010/10/11 03:01:30 | 000,061,945 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D7A663DAd01
[2010/10/11 03:01:30 | 000,023,559 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D6BCA3F1d01
[2010/10/11 03:01:30 | 000,020,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8E3FF67Ad01
[2010/10/11 03:01:29 | 000,057,254 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\ED133B68d01
[2010/10/11 03:01:03 | 000,016,511 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B5C6D79Bd01
[2010/10/11 02:20:21 | 000,027,904 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B84720C4d01
[2010/10/11 02:20:21 | 000,024,343 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\470375AFd01
[2010/10/11 02:20:18 | 000,025,351 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1DA4138Dd01
[2010/10/11 02:20:16 | 000,024,429 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\4C2F12AAd01
[2010/10/11 02:20:14 | 000,072,174 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\98F6BBBEd01
[2010/10/11 02:20:14 | 000,061,308 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0F56347Ed01
[2010/10/11 02:20:01 | 000,094,948 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\29BC2261d01
[2010/10/11 02:20:01 | 000,054,167 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C68CDF75d01
[2010/10/11 02:20:01 | 000,022,526 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B0D47EA3d01
[2010/10/11 02:03:01 | 000,078,628 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3F5F0530d01
[2010/10/11 02:02:56 | 000,050,867 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\4174DE4Dd01
[2010/10/11 02:02:07 | 000,076,432 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\6767CFFEd01
[2010/10/11 02:01:54 | 000,029,094 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5B1FE803d01
[2010/10/11 02:01:51 | 000,032,078 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\FF3A02F5d01
[2010/10/11 02:01:50 | 000,022,610 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D26CCFC3d01
[2010/10/11 02:01:49 | 000,024,471 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\BCA76EF9d01
[2010/10/11 01:08:41 | 000,023,114 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0EE7EC8Fd01
[2010/10/11 01:08:40 | 000,031,256 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\BEDBECE7d01
[2010/10/11 01:08:37 | 000,106,670 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\BCF0B367d01
[2010/10/11 01:08:37 | 000,065,524 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3A006C56d01
[2010/10/11 01:08:37 | 000,053,491 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\7C752B37d01
[2010/10/11 01:08:35 | 000,090,875 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\07662EA9d01
[2010/10/11 01:08:35 | 000,062,612 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5E60E7C2d01
[2010/10/11 01:08:35 | 000,056,706 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F7A0E8F3d01
[2010/10/11 01:08:35 | 000,056,616 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\AD74BB11d01
[2010/10/11 01:08:35 | 000,040,477 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F56B7B35d01
[2010/10/11 01:08:35 | 000,039,650 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0E365D2Cd01
[2010/10/11 01:08:27 | 000,072,173 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\91B5CB4Ed01
[2010/10/11 01:08:24 | 000,027,416 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1E4082F2d01
[2010/10/11 01:08:24 | 000,025,455 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1E4482F2d01
[2010/10/11 01:08:24 | 000,017,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3D5282F2d01
[2010/10/11 01:07:54 | 000,035,147 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\CB0931E6d01
[2010/10/11 01:07:53 | 000,291,252 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E53B88FBd01
[2010/10/11 01:07:53 | 000,120,576 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B69E91E7d01
[2010/10/11 01:07:53 | 000,118,182 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\7A2F9195d01
[2010/10/11 01:07:53 | 000,069,913 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\A46F34D3d01
[2010/10/11 01:07:53 | 000,058,807 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\26563172d01
[2010/10/11 01:07:53 | 000,049,479 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\823E91B3d01
[2010/10/11 01:07:53 | 000,038,663 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\97DB34D0d01
[2010/10/11 01:07:53 | 000,025,970 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F66731F0d01
[2010/10/11 01:07:53 | 000,020,272 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\837B31B6d01
[2010/10/11 01:07:44 | 000,017,601 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\A53015EBd01
[2010/10/11 01:07:38 | 000,047,172 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D7734F55d01
[2010/10/11 01:07:37 | 000,055,756 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D77B4F55d01
[2010/10/11 01:07:37 | 000,041,849 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\ACEF9D1Cd01
[2010/10/11 01:07:37 | 000,030,947 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D76A4F55d01
[2010/10/11 01:07:36 | 000,085,404 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\DFA44F55d01
[2010/10/11 01:07:36 | 000,057,074 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\ACDD9D1Cd01
[2010/10/11 01:07:36 | 000,034,137 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D7704F55d01
[2010/10/11 01:07:36 | 000,024,809 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\ACAA9D1Cd01
[2010/10/11 01:07:36 | 000,024,188 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\ACD99D1Cd01
[2010/10/11 01:07:36 | 000,022,853 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D7714F55d01
[2010/10/11 01:07:35 | 000,062,746 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\ACEEC8BBd01
[2010/10/11 01:07:35 | 000,056,027 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\EC015A93d01
[2010/10/11 01:07:35 | 000,018,529 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\05CA59CDd01
[2010/10/11 01:07:28 | 000,077,458 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C74927D8d01
[2010/10/11 01:07:28 | 000,062,688 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\66768DD1d01
[2010/10/11 01:07:28 | 000,025,016 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\684DAB1Fd01
[2010/10/11 01:07:28 | 000,017,866 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3A15CF50d01
[2010/10/11 01:07:27 | 000,075,714 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\7D67B622d01
[2010/10/11 01:07:27 | 000,062,688 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\7B442751d01
[2010/10/11 01:07:27 | 000,062,688 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\44F2E65Ed01
[2010/10/11 01:07:27 | 000,031,220 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0EBAE694d01
[2010/10/11 01:07:27 | 000,026,248 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\197A8BC2d01
[2010/10/11 01:07:27 | 000,025,016 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E85099B5d01
[2010/10/11 01:07:27 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3FF7D5A2d01
[2010/10/11 01:07:27 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\30C86363d01
[2010/10/11 01:07:27 | 000,017,866 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C83D89E8d01
[2010/10/11 01:07:27 | 000,017,866 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3BC6E5F8d01
[2010/10/11 01:07:16 | 000,084,157 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1308519Ad01
[2010/10/11 01:07:16 | 000,080,229 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\BFEDCAAFd01
[2010/10/11 01:07:16 | 000,080,229 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0663E452d01
[2010/10/11 01:07:16 | 000,073,645 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B6F64A77d01
[2010/10/11 01:07:16 | 000,067,643 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C2083A4Ed01
[2010/10/11 01:07:16 | 000,041,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C37DDE4Bd01
[2010/10/11 01:07:16 | 000,039,074 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\442ED9F9d01
[2010/10/11 01:07:15 | 000,033,780 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\2993208Ed01
[2010/10/11 01:07:14 | 000,140,610 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1C0CB3D3d01
[2010/10/11 01:07:14 | 000,080,229 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\867ED6F8d01
[2010/10/11 01:07:14 | 000,066,095 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\798730B6d01
[2010/10/11 01:07:14 | 000,049,500 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\961293ABd01
[2010/10/11 01:07:14 | 000,049,500 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\160FA101d01
[2010/10/11 01:07:14 | 000,041,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\FAEEC21Cd01
[2010/10/11 01:07:14 | 000,033,780 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\A6B1A4E5d01
[2010/10/11 01:07:14 | 000,024,628 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\9DE329CDd01
[2010/10/11 01:07:14 | 000,020,596 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D94AB242d01
[2010/10/11 01:07:14 | 000,020,596 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0A601A43d01
[2010/10/11 01:07:13 | 000,067,643 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\4C26C7F7d01
[2010/10/11 01:07:13 | 000,048,079 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\FE72F6B7d01
[2010/10/11 01:07:13 | 000,041,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\7AF3F0B6d01
[2010/10/11 01:07:13 | 000,039,074 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\FDA0F704d01
[2010/10/11 01:07:13 | 000,039,074 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\7DBDC5AEd01
[2010/10/11 01:07:13 | 000,038,451 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D972B784d01
[2010/10/11 01:07:13 | 000,026,939 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C142D260d01
[2010/10/11 01:07:13 | 000,026,939 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3A2EC293d01
[2010/10/11 01:07:13 | 000,024,628 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\A255E8C2d01
[2010/10/11 01:07:13 | 000,020,914 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8EC638F5d01
[2010/10/11 01:07:13 | 000,020,914 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5DEC90F4d01
[2010/10/11 01:07:13 | 000,020,596 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\2226A2B1d01
[2010/10/11 01:07:12 | 000,025,594 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\17859768d01
[2010/10/10 23:51:33 | 000,018,113 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\012784E7d01
[2010/10/10 23:51:32 | 000,110,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B5FFD90Ad01
[2010/10/10 23:51:31 | 000,042,027 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F6353229d01
[2010/10/10 23:51:31 | 000,027,436 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D624339Dd01
[2010/10/10 23:51:22 | 000,301,502 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\AFBCB948d01
[2010/10/10 23:51:22 | 000,030,260 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\FAFB147Bd01
[2010/10/10 23:51:21 | 000,019,889 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0E15D2C8d01
[2010/10/10 22:05:38 | 000,087,675 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\DC59871Fd01
[2010/10/10 22:05:38 | 000,037,243 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\DF2E92FFd01
[2010/10/10 22:05:34 | 000,018,710 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D38AA4BFd01
[2010/10/10 22:05:34 | 000,018,189 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\94C8A4BFd01
[2010/10/10 22:05:33 | 000,019,871 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\6BA400E9d01
[2010/10/10 22:05:32 | 000,020,817 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B5ADA4BFd01
[2010/10/10 22:05:32 | 000,018,359 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B5DCA4BFd01
[2010/10/10 22:05:32 | 000,017,860 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\DDEBA4BFd01
[2010/10/10 22:05:32 | 000,017,147 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D60FA4BFd01
[2010/10/10 20:35:05 | 000,025,351 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\DEA30F77d01
[2010/10/10 20:35:02 | 000,062,703 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5126BCE8d01
[2010/10/10 20:35:00 | 000,024,734 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\69421AD0d01
[2010/10/10 20:34:56 | 000,025,351 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\29384099d01
[2010/10/10 20:34:56 | 000,021,034 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\42394CC3d01
[2010/10/10 20:34:51 | 000,024,429 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E909EE8Cd01
[2010/10/10 20:34:49 | 000,072,174 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3DD04798d01
[2010/10/10 20:34:48 | 000,058,758 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\42045BB3d01
[2010/10/10 20:34:41 | 000,024,066 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8D471E8Bd01
[2010/10/10 20:34:16 | 000,038,795 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3A3EDED9d01
[2010/10/10 20:34:14 | 000,030,733 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\6CEA933Ed01
[2010/10/10 20:34:11 | 000,057,272 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\26665494d01
[2010/10/10 20:19:01 | 000,037,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\84C4BB1Cd01
[2010/10/10 20:19:01 | 000,029,639 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\516AFB05d01
[2010/10/10 20:19:00 | 000,034,261 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D4DDAA66d01
[2010/10/10 20:19:00 | 000,032,569 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5D34BD26d01
[2010/10/10 20:19:00 | 000,025,344 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\82FF8612d01
[2010/10/10 20:19:00 | 000,021,412 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\03BEDE3Ed01
[2010/10/10 20:19:00 | 000,020,146 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3411B67Dd01
[2010/10/10 20:19:00 | 000,019,520 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\77739D84d01
[2010/10/10 20:18:56 | 000,020,130 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0E49F92Cd01
[2010/10/10 20:18:56 | 000,018,633 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\9A048B96d01
[2010/10/10 20:18:56 | 000,018,047 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E15A8A26d01
[2010/10/10 20:18:56 | 000,017,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\439F392Fd01
[2010/10/10 20:18:52 | 000,019,709 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\94FFB817d01
[2010/10/10 20:18:52 | 000,018,328 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\6376D400d01
[2010/10/10 20:18:52 | 000,017,670 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F0ADBB5Bd01
[2010/10/10 20:18:48 | 000,023,944 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F36DFD7Fd01
[2010/10/10 20:18:48 | 000,023,944 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\2ACAFD37d01
[2010/10/10 20:18:48 | 000,021,297 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\15C0F80Ad01
[2010/10/10 20:18:48 | 000,018,857 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\DA01F22Dd01
[2010/10/10 20:18:41 | 000,029,161 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\7058DD7Ed01
[2010/10/10 20:18:40 | 000,075,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5722A967d01
[2010/10/10 20:18:40 | 000,034,502 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\773AAECFd01
[2010/10/10 20:18:40 | 000,020,893 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\80043D5Cd01
[2010/10/10 20:18:39 | 000,018,714 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F0BCFDADd01
[2010/10/10 20:18:39 | 000,018,162 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\365CEFA1d01
[2010/10/10 19:40:20 | 000,056,098 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\518C129Dd01
[2010/10/10 19:40:05 | 000,070,025 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B0D81F27d01
[2010/10/10 19:40:05 | 000,049,821 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\79C2A3EAd01
[2010/10/10 19:40:05 | 000,039,962 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0407A61Cd01
[2010/10/10 19:40:05 | 000,035,145 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\2B1D7B3Ad01
[2010/10/10 19:40:05 | 000,028,709 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5D8C75EEd01
[2010/10/10 19:40:05 | 000,025,302 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\4FD7C056d01
[2010/10/10 19:40:04 | 000,034,235 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\4B48A7E5d01
[2010/10/10 19:40:03 | 000,038,795 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8E6BFEEDd01
[2010/10/10 19:39:58 | 000,057,254 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F36D8CA4d01
[2010/10/10 19:39:58 | 000,032,871 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\AFEFB02Dd01
[2010/10/10 19:39:55 | 000,027,491 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\67B73F84d01
[2010/10/10 19:39:54 | 000,033,302 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1ACF5720d01
[2010/10/10 19:39:54 | 000,030,227 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3836B1BFd01
[2010/10/10 19:39:54 | 000,026,695 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\51598CF1d01
[2010/10/10 19:39:54 | 000,022,080 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C56258B0d01
[2010/10/10 19:39:54 | 000,019,555 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8AC63A16d01
[2010/10/10 19:39:53 | 000,019,504 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0223DBF8d01
[2010/10/10 19:39:45 | 000,031,353 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B9CC069Fd01
[2010/10/10 19:39:44 | 000,073,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\55C75B40d01
[2010/10/10 19:39:32 | 000,028,331 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B7112A7Fd01
[2010/10/10 19:39:04 | 000,016,748 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\198A440Dd01
[2010/10/10 19:39:03 | 000,079,534 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\365521C5d01
[2010/10/10 19:38:29 | 000,018,124 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1826AB3Bd01
[2010/10/10 19:38:01 | 000,046,116 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3B34AEB8d01
[2010/10/10 19:37:58 | 000,047,509 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C84EBA35d01
[2010/10/10 19:37:58 | 000,029,332 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8AD29484d01
[2010/10/10 19:37:57 | 000,051,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\72CF0EE3d01
[2010/10/10 19:37:47 | 000,034,868 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8AB2EDD8d01
[2010/10/10 19:37:46 | 000,038,986 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\28A187EAd01
[2010/10/10 19:37:46 | 000,031,605 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\AD61DB06d01
[2010/10/10 19:37:44 | 000,139,854 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3AE7D9F8d01
[2010/10/10 19:37:43 | 000,029,277 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\76FD49D9d01
[2010/10/10 19:37:43 | 000,019,085 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\6FC73E83d01
[2010/10/10 19:37:42 | 000,048,594 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D68CE0C4d01
[2010/10/10 19:37:42 | 000,023,080 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\04453908d01
[2010/10/10 19:37:41 | 000,024,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\FCE6004Ed01
[2010/10/10 19:37:38 | 000,024,100 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C030C3B5d01
[2010/10/10 19:37:38 | 000,016,545 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5565370Fd01
[2010/10/10 19:37:37 | 000,028,493 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\DC30EFF5d01
[2010/10/10 19:37:36 | 000,072,635 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0DDD08E5d01
[2010/10/10 19:37:35 | 000,030,400 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\A31BADC9d01
[2010/10/10 19:37:35 | 000,029,604 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F43B2CA8d01
[2010/10/10 19:37:34 | 000,052,575 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D6B77970d01
[2010/10/10 19:37:33 | 000,206,554 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\620866D1d01
[2010/10/10 19:37:13 | 000,048,211 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3BD5C5A2d01
[2010/10/10 19:37:13 | 000,047,177 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3BD2C5A2d01
[2010/10/10 19:37:13 | 000,047,018 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3BD7C5A2d01
[2010/10/10 19:37:13 | 000,044,490 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3BD3C5A2d01
[2010/10/10 19:37:13 | 000,044,289 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3BD4C5A2d01
[2010/10/10 19:37:11 | 000,021,892 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\4B484911d01
[2010/10/10 19:37:06 | 000,028,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\880C598Ed01
[2010/10/10 19:37:06 | 000,027,521 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3FE276EFd01
[2010/10/10 19:37:06 | 000,027,372 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8839598Ed01
[2010/10/10 19:37:06 | 000,025,864 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8864598Ed01
[2010/10/10 19:37:06 | 000,024,046 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1DCFC2FFd01
[2010/10/10 19:37:06 | 000,023,056 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\887C598Ed01
[2010/10/10 19:37:06 | 000,021,717 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\686367EFd01
[2010/10/10 19:37:06 | 000,021,231 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\7CD66BEFd01
[2010/10/10 19:37:06 | 000,020,300 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1DDBC2FFd01
[2010/10/10 19:37:06 | 000,019,802 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\886E598Ed01
[2010/10/10 19:37:06 | 000,019,514 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8804598Ed01
[2010/10/10 19:37:06 | 000,018,977 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\884A598Ed01
[2010/10/10 19:37:06 | 000,018,544 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\98A57029d01
[2010/10/10 19:37:06 | 000,018,313 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\6DB077EFd01
[2010/10/10 19:37:06 | 000,017,200 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\4C6668EFd01
[2010/10/10 19:37:06 | 000,017,008 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\7CA777EFd01
[2010/10/10 19:37:06 | 000,016,738 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\883C598Ed01
[2010/10/10 19:37:05 | 000,073,453 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\557E63EFd01
[2010/10/10 19:37:05 | 000,071,904 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\88CA598Ed01
[2010/10/10 19:37:05 | 000,029,156 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\75806BEFd01
[2010/10/10 19:37:05 | 000,028,975 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8828598Ed01
[2010/10/10 19:37:05 | 000,025,578 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\CFD36BEFd01
[2010/10/10 19:37:05 | 000,025,299 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\98A07029d01
[2010/10/10 19:37:05 | 000,023,306 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\7E8766EFd01
[2010/10/10 19:37:05 | 000,022,943 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\98107029d01
[2010/10/10 19:37:05 | 000,022,491 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\98B07029d01
[2010/10/10 19:37:05 | 000,019,321 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5A7777EFd01
[2010/10/10 19:37:05 | 000,017,150 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\884C598Ed01
[2010/10/10 19:37:05 | 000,017,141 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8819598Ed01
[2010/10/10 19:37:05 | 000,016,863 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3FAE68EFd01
[2010/10/10 19:37:04 | 000,026,685 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\787663EFd01
[2010/10/10 19:37:04 | 000,025,425 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3E6577EFd01
[2010/10/10 19:37:04 | 000,024,830 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5A9367EFd01
[2010/10/10 19:37:04 | 000,023,278 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\98E07029d01
[2010/10/10 19:37:04 | 000,021,433 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\CD9363EFd01
[2010/10/10 19:37:04 | 000,020,666 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\19F274EFd01
[2010/10/10 19:37:04 | 000,019,762 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1D9EC2FFd01
[2010/10/10 19:37:04 | 000,019,050 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8865598Ed01
[2010/10/10 19:37:04 | 000,018,714 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8845598Ed01
[2010/10/10 19:37:04 | 000,018,428 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\98ED7029d01
[2010/10/10 19:37:04 | 000,018,299 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1BFE64EFd01
[2010/10/10 19:37:04 | 000,017,352 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\55C26EEFd01
[2010/10/10 19:37:04 | 000,017,113 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\7E656AEFd01
[2010/10/10 19:37:04 | 000,017,051 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1B7469EFd01
[2010/10/10 19:37:04 | 000,017,031 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\98D27029d01
[2010/10/10 19:37:04 | 000,016,645 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\CE666AEFd01
[2010/10/10 19:37:04 | 000,016,645 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\CCD36EEFd01
[2010/10/10 19:37:03 | 000,170,396 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\FA92F3E6d01
[2010/10/10 19:37:03 | 000,170,396 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1825EA86d01
[2010/10/10 19:37:03 | 000,068,277 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\4CD5A86Bd01
[2010/10/10 19:37:03 | 000,066,242 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\27DF9F66d01
[2010/10/10 19:37:03 | 000,057,791 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5CDF6FEFd01
[2010/10/10 19:37:03 | 000,055,099 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\FDD509C3d01
[2010/10/10 19:37:03 | 000,055,099 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1F6210A3d01
[2010/10/10 19:37:03 | 000,049,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\4FD766EFd01
[2010/10/10 19:37:03 | 000,030,141 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\2906C1B3d01
[2010/10/10 19:37:03 | 000,026,654 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\880D598Ed01
[2010/10/10 19:37:03 | 000,024,908 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\981C7029d01
[2010/10/10 19:37:03 | 000,024,787 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\883A598Ed01
[2010/10/10 19:37:03 | 000,021,601 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1D9076EFd01
[2010/10/10 19:37:03 | 000,020,542 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E98FF2B3d01
[2010/10/10 19:37:03 | 000,019,675 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\98B37029d01
[2010/10/10 19:37:03 | 000,019,373 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0F7176EFd01
[2010/10/10 19:37:03 | 000,019,185 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\98E17029d01
[2010/10/10 19:37:03 | 000,019,050 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\98BD7029d01
[2010/10/10 19:37:03 | 000,018,138 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\98C37029d01
[2010/10/10 19:37:03 | 000,017,379 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\4CA3389Ad01
[2010/10/10 19:37:02 | 000,063,917 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\88CC598Ed01
[2010/10/10 19:37:02 | 000,024,916 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\98877029d01
[2010/10/10 19:37:02 | 000,023,108 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E980F2B3d01
[2010/10/10 19:37:02 | 000,020,580 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\884B598Ed01
[2010/10/10 19:37:02 | 000,020,348 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\28F267EFd01
[2010/10/10 19:37:02 | 000,018,858 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\7ED769EFd01
[2010/10/10 19:37:02 | 000,018,033 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\886F598Ed01
[2010/10/10 19:37:02 | 000,017,787 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\882C598Ed01
[2010/10/10 19:37:02 | 000,017,664 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8834598Ed01
[2010/10/10 19:37:02 | 000,017,591 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\98FC7029d01
[2010/10/10 19:37:02 | 000,017,535 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1D8FC2FFd01
[2010/10/10 19:37:02 | 000,016,746 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8879598Ed01
[2010/10/10 19:37:01 | 000,052,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8BD5598Ed01
[2010/10/10 19:37:01 | 000,032,161 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\4BA462EFd01
[2010/10/10 19:37:01 | 000,029,762 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\885B598Ed01
[2010/10/10 19:37:01 | 000,027,946 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\980D7029d01
[2010/10/10 19:37:01 | 000,018,791 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\98F77029d01
[2010/10/10 19:37:01 | 000,018,007 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\98E67029d01
[2010/10/10 19:37:01 | 000,017,642 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\38CF75EFd01
[2010/10/10 19:37:01 | 000,017,155 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8829598Ed01
[2010/10/10 19:37:01 | 000,016,836 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8814598Ed01
[2010/10/10 19:37:00 | 000,035,245 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1DC8C2FFd01
[2010/10/10 19:37:00 | 000,033,147 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\88D5598Ed01
[2010/10/10 19:37:00 | 000,021,870 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1DC9C2FFd01
[2010/10/10 19:37:00 | 000,018,635 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0C7E6CEFd01
[2010/10/10 19:37:00 | 000,017,817 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\98827029d01
[2010/10/10 19:36:59 | 000,017,925 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\98B47029d01
[2010/10/10 19:36:56 | 000,042,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\4BA6A262d01
[2010/10/10 19:36:31 | 000,018,093 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\07DD311Dd01
[2010/10/10 19:36:30 | 000,029,462 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\BC6BEF26d01
[2010/10/10 19:36:28 | 000,018,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\BFD998F7d01
[2010/10/10 19:36:20 | 000,022,321 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\9628E217d01
[2010/10/10 19:12:37 | 000,019,054 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\25365895d01
[2010/10/10 19:12:35 | 000,026,055 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\4DBC50B2d01
[2010/10/10 19:12:35 | 000,017,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\37D3B853d01
[2010/10/10 19:12:34 | 000,027,018 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F219DC06d01
[2010/10/10 19:12:34 | 000,023,698 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3D0765EAd01
[2010/10/10 19:12:34 | 000,018,272 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\60600D20d01
[2010/10/10 19:12:34 | 000,016,648 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\36CB358Fd01
[2010/10/10 19:12:34 | 000,016,634 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\DD697689d01
[2010/10/10 19:12:29 | 000,057,254 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\89742543d01
[2010/10/10 19:12:25 | 000,057,254 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\CA436241d01
[2010/10/10 19:12:22 | 000,019,059 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5E83D1EEd01
[2010/10/10 19:04:26 | 000,023,292 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\9D9A4E61d01
[2010/10/10 19:04:23 | 000,059,345 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\648B0FB9d01
[2010/10/10 19:04:21 | 000,043,336 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\2F94E680d01
[2010/10/10 19:03:57 | 000,090,313 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\153B6A7Dd01
[2010/10/10 19:03:57 | 000,072,103 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\71258317d01
[2010/10/10 19:03:56 | 000,048,929 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\6003B9D0d01
[2010/10/10 19:03:56 | 000,038,726 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\76815268d01
[2010/10/10 19:03:56 | 000,030,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\A834FC42d01
[2010/10/10 19:03:55 | 000,063,974 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\AE6353D7d01
[2010/10/10 19:03:55 | 000,020,970 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\7389A698d01
[2010/10/10 19:03:48 | 000,074,434 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\CDBFCDCFd01
[2010/10/10 19:03:48 | 000,017,446 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\195EE71Cd01
[2010/10/10 18:03:14 | 000,023,485 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\DC8EB68Dd01
[2010/10/10 18:03:11 | 000,021,434 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\A3EA6509d01
[2010/10/10 18:03:10 | 000,074,475 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3DF1E69Fd01
[2010/10/10 18:02:38 | 000,029,483 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\4513D848d01
[2010/10/10 17:32:06 | 000,023,309 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\87F34438d01
[2010/10/10 17:32:06 | 000,022,348 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D7A77931d01
[2010/10/10 17:32:02 | 000,018,014 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8CA168F0d01
[2010/10/10 17:31:21 | 000,037,918 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B88DBDABd01
[2010/10/10 17:31:19 | 000,031,401 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\478ED66Bd01
[2010/10/10 17:31:18 | 000,025,224 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\ABDCE850d01
[2010/10/10 17:31:18 | 000,022,019 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\22462C30d01
[2010/10/10 17:31:18 | 000,020,463 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\84A86D79d01
[2010/10/10 17:31:17 | 000,493,607 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C64C204Cd01
[2010/10/10 17:31:17 | 000,204,330 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D6CAF246d01
[2010/10/10 17:31:17 | 000,043,821 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\381DEF41d01
[2010/10/10 17:31:17 | 000,043,217 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8C273BACd01
[2010/10/10 17:31:17 | 000,040,128 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3B30D760d01
[2010/10/10 17:31:16 | 000,043,956 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\59D49A11d01
[2010/10/10 17:31:15 | 000,025,371 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0D894878d01
[2010/10/10 17:31:08 | 000,018,205 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0C2101D6d01
[2010/10/10 17:30:58 | 000,060,524 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\98A0AE47d01
[2010/10/10 17:22:53 | 000,023,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\78CEA0C4d01
[2010/10/10 17:22:53 | 000,019,688 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8ADE2BC5d01
[2010/10/10 17:22:47 | 000,037,100 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\83111EAAd01
[2010/10/10 17:22:46 | 000,077,979 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8EBFABE9d01
[2010/10/10 17:22:43 | 000,067,112 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\802C2D56d01
[2010/10/10 17:07:19 | 000,046,104 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E4D68107d01
[2010/10/10 17:07:19 | 000,043,744 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\325615A3d01
[2010/10/10 17:07:19 | 000,025,983 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E2522EC1d01
[2010/10/10 17:07:19 | 000,018,564 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\6449DFFEd01
[2010/10/10 17:07:19 | 000,017,642 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\27A39040d01
[2010/10/10 17:07:19 | 000,016,794 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\9CA1294Ad01
[2010/10/10 17:07:18 | 000,055,634 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\238DEE33d01
[2010/10/10 17:07:18 | 000,037,494 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\7065E31Dd01
[2010/10/10 17:07:18 | 000,028,830 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\BB740820d01
[2010/10/10 17:07:18 | 000,021,294 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C2CBCA5Dd01
[2010/10/10 17:07:17 | 000,019,810 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8B45CA93d01
[2010/10/10 17:07:16 | 000,018,212 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3350631Cd01
[2010/10/10 17:07:15 | 000,028,243 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\834B47BDd01
[2010/10/10 17:07:15 | 000,019,814 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\16CADBF8d01
[2010/10/10 17:07:13 | 000,067,112 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\802C7A56d01
[2010/10/10 16:14:03 | 000,067,112 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\802C7856d01
[2010/10/10 16:05:46 | 000,137,148 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\7F4D16E5d01
[2010/10/10 16:05:46 | 000,077,438 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C92CE4F0d01
[2010/10/10 16:05:46 | 000,031,918 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\CF9F626Ed01
[2010/10/10 16:05:45 | 000,031,523 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F4D87ABBd01
[2010/10/10 16:05:31 | 000,085,939 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\FB79B21Ad01
[2010/10/10 16:05:31 | 000,077,952 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\41F7317Dd01
[2010/10/10 16:05:31 | 000,062,678 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\160412D6d01
[2010/10/10 16:05:31 | 000,053,915 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C11C3B29d01
[2010/10/10 16:05:30 | 000,031,124 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3F0CCFA0d01
[2010/10/10 16:05:27 | 000,074,434 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B25CA123d01
[2010/10/10 16:04:32 | 000,022,933 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\2072E1E1d01
[2010/10/10 16:04:32 | 000,018,960 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\ED0BAA50d01
[2010/10/10 16:04:31 | 000,093,904 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8EC73E44d01
[2010/10/10 16:04:31 | 000,030,204 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\47AE39CCd01
[2010/10/10 16:04:31 | 000,028,754 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F08ED5E1d01
[2010/10/10 16:04:30 | 000,049,893 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\A950A0AEd01
[2010/10/10 16:04:30 | 000,033,070 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\9E8E202Bd01
[2010/10/10 16:04:30 | 000,030,483 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\BD424CF6d01
[2010/10/10 16:04:30 | 000,029,882 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F5D10A9Bd01
[2010/10/10 16:04:30 | 000,027,927 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5BF7A958d01
[2010/10/10 16:04:30 | 000,027,806 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\A7DF2B42d01
[2010/10/10 16:04:30 | 000,022,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\6B974514d01
[2010/10/10 16:04:30 | 000,020,548 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E1953FF8d01
[2010/10/10 16:04:30 | 000,017,125 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F56532C6d01
[2010/10/10 16:04:29 | 000,076,304 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E1943FF8d01
[2010/10/10 16:04:29 | 000,063,112 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C15B571Cd01
[2010/10/10 16:04:28 | 000,067,112 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\802C2C56d01
[2010/10/10 16:04:27 | 000,016,542 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\79D9E37Dd01
[2010/10/10 16:04:18 | 000,745,601 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\80505282d01
[2010/10/10 16:04:13 | 000,072,585 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\845CA8A1d01
[2010/10/10 16:04:13 | 000,027,036 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\62839647d01
[2010/10/10 16:04:13 | 000,021,465 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\7B170013d01
[2010/10/10 16:04:13 | 000,016,683 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C30EA900d01
[2010/10/10 16:04:12 | 000,062,272 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\09184C5Ed01
[2010/10/10 16:04:12 | 000,036,903 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\72013F21d01
[2010/10/10 16:04:12 | 000,021,465 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8731A535d01
[2010/10/10 16:04:09 | 000,016,688 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\96EE404Bd01
[2010/10/10 16:04:07 | 000,026,795 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\9DAB413Ad01
[2010/10/10 16:04:05 | 000,132,377 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C4911A64d01
[2010/10/10 16:04:02 | 000,037,715 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8A464F20d01
[2010/10/10 16:04:00 | 000,017,372 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1AE8D636d01
[2010/10/10 16:03:57 | 000,026,636 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3CC310A7d01
[2010/10/10 16:03:27 | 000,027,729 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\907B42BBd01
[2010/10/10 16:03:27 | 000,026,840 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\95B842BBd01
[2010/10/10 16:03:27 | 000,022,706 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\90AC42BBd01
[2010/10/10 16:03:27 | 000,021,813 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\906842BBd01
[2010/10/10 16:03:26 | 000,029,740 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\93A942BBd01
[2010/10/10 16:03:26 | 000,025,761 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\916F42BBd01
[2010/10/10 16:03:26 | 000,025,211 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\908342BBd01
[2010/10/10 16:03:26 | 000,023,739 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\90ED42BBd01
[2010/10/10 16:03:26 | 000,020,120 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\906342BBd01
[2010/10/10 15:25:44 | 000,056,607 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8754B84Cd01
[2010/10/10 15:25:44 | 000,030,839 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5CF9AE17d01
[2010/10/10 15:25:44 | 000,026,500 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\88A5E6C3d01
[2010/10/10 15:25:44 | 000,025,173 | ---- | C] () -- C:\Windows\SysWow64

Magnus_Rexel
2010-10-11, 14:33
\drivers\f\1\defaults\profile\Cache\58DCEB3Bd01
[2010/10/10 15:25:44 | 000,024,911 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\35989302d01
[2010/10/10 15:25:44 | 000,020,146 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\34D1B67Dd01
[2010/10/10 15:25:44 | 000,020,085 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8491FD69d01
[2010/10/10 15:25:44 | 000,018,857 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\DAC1F22Dd01
[2010/10/10 15:25:40 | 000,030,851 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\A5F49439d01
[2010/10/10 15:25:40 | 000,020,473 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E41FB91Ad01
[2010/10/10 15:25:39 | 000,034,450 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\15FC8E71d01
[2010/10/10 15:25:39 | 000,034,261 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D41DAA66d01
[2010/10/10 15:25:39 | 000,021,412 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\037EDE3Ed01
[2010/10/10 15:25:39 | 000,020,614 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1DEFDE2Bd01
[2010/10/10 15:25:39 | 000,020,534 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B415FABAd01
[2010/10/10 15:25:39 | 000,020,130 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0E89F92Cd01
[2010/10/10 15:25:35 | 000,019,520 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\77B39D84d01
[2010/10/10 15:25:35 | 000,019,140 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\6AE7D516d01
[2010/10/10 15:25:35 | 000,018,633 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\9AC48B96d01
[2010/10/10 15:25:35 | 000,018,338 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\BB09BD36d01
[2010/10/10 15:25:31 | 000,075,929 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\295AFE67d01
[2010/10/10 15:25:31 | 000,059,318 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E5FAA427d01
[2010/10/10 15:25:31 | 000,031,094 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\ECAEBF52d01
[2010/10/10 15:25:31 | 000,029,738 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F9B3DB73d01
[2010/10/10 15:25:30 | 000,023,763 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\93A5AD19d01
[2010/10/10 15:25:30 | 000,020,387 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8FDC8F49d01
[2010/10/10 15:25:30 | 000,018,902 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B1027B42d01
[2010/10/10 15:25:30 | 000,016,548 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\80B3FA26d01
[2010/10/10 15:25:29 | 000,063,730 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B6860831d01
[2010/10/10 15:25:25 | 000,072,329 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F0FDFE2Fd01
[2010/10/10 15:25:25 | 000,018,162 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\35CCECF1d01
[2010/10/10 15:25:24 | 000,075,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\57E2A967d01
[2010/10/10 15:25:24 | 000,046,435 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\863ECB7Bd01
[2010/10/10 15:25:24 | 000,030,598 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1650FB5Ad01
[2010/10/10 15:25:24 | 000,019,886 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\73C8DE2Ed01
[2010/10/10 15:25:24 | 000,019,170 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8E95A934d01
[2010/10/10 15:25:24 | 000,018,714 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F32CFEFDd01
[2010/10/10 15:25:19 | 000,029,740 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\AC5A8F80d01
[2010/10/10 15:17:13 | 000,070,441 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8B019923d01
[2010/10/10 15:17:12 | 000,050,115 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5DDF91E7d01
[2010/10/10 15:17:11 | 000,090,127 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\068F229Ad01
[2010/10/10 15:17:11 | 000,043,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\12DF1EFAd01
[2010/10/10 15:17:11 | 000,031,006 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\BC3DA391d01
[2010/10/10 15:17:11 | 000,026,285 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B61C9A14d01
[2010/10/10 15:17:11 | 000,026,196 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\7CCEB75Ad01
[2010/10/10 15:17:11 | 000,017,455 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\503A0AE1d01
[2010/10/10 15:17:09 | 000,152,262 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\EC36BC73d01
[2010/10/10 15:17:09 | 000,044,824 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3EAD648Bd01
[2010/10/10 15:17:09 | 000,020,596 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\70A4B39Cd01
[2010/10/10 15:17:09 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\search.sqlite
[2010/10/10 15:08:57 | 000,824,462 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0466C24Ad01
[2010/10/10 15:08:57 | 000,282,763 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\ADC048BFd01
[2010/10/10 15:08:57 | 000,112,274 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E1EC668Ad01
[2010/10/10 15:08:56 | 000,095,786 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\DF7363D9d01
[2010/10/10 15:08:56 | 000,017,480 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D971D264d01
[2010/10/10 15:08:55 | 000,072,174 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\4E45F211d01
[2010/10/10 15:08:54 | 000,022,076 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\2C9ED9F5d01
[2010/10/10 15:08:53 | 000,074,434 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E405060Fd01
[2010/10/10 14:52:25 | 000,067,112 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D75DF9C1d01
[2010/10/10 14:52:25 | 000,052,761 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\42E718A0d01
[2010/10/10 14:37:08 | 000,025,548 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\A23CFE80d01
[2010/10/10 14:37:08 | 000,024,333 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\47DFFA61d01
[2010/10/10 14:37:08 | 000,020,799 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B057B310d01
[2010/10/10 14:37:08 | 000,017,419 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3952BB10d01
[2010/10/10 14:37:06 | 000,139,854 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\66662873d01
[2010/10/10 14:36:58 | 000,137,188 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\A60C784Cd01
[2010/10/10 14:36:58 | 000,032,203 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1F61C947d01
[2010/10/10 14:36:57 | 000,052,969 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\33F1A1D3d01
[2010/10/10 14:36:56 | 000,058,876 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\4B52B66Ed01
[2010/10/10 14:36:56 | 000,048,079 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3B016F86d01
[2010/10/10 14:36:56 | 000,047,102 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\FADC83F6d01
[2010/10/10 14:36:56 | 000,042,291 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E7E194EDd01
[2010/10/10 14:36:56 | 000,039,968 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1B1689F3d01
[2010/10/10 14:36:56 | 000,020,318 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\105627C3d01
[2010/10/10 14:36:55 | 000,087,802 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1202BEDEd01
[2010/10/10 14:36:55 | 000,048,079 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\051EE644d01
[2010/10/10 14:36:55 | 000,039,968 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\25090031d01
[2010/10/10 14:36:55 | 000,036,808 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\DE3DB467d01
[2010/10/10 14:36:55 | 000,020,695 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\72245953d01
[2010/10/10 14:36:55 | 000,020,695 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\4C3BD091d01
[2010/10/10 14:36:55 | 000,020,318 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\2E49AE01d01
[2010/10/10 14:36:54 | 000,087,802 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\31E34642d01
[2010/10/10 14:36:53 | 000,072,174 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\997A9756d01
[2010/10/10 14:36:52 | 000,142,481 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\1D5757ECd01
[2010/10/10 14:36:52 | 000,077,095 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\496BA0B4d01
[2010/10/10 14:36:52 | 000,065,723 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3F9021F0d01
[2010/10/10 14:36:52 | 000,034,730 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\270A881Ed01
[2010/10/10 14:36:52 | 000,032,787 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\4C3F8B56d01
[2010/10/10 14:36:52 | 000,031,233 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\657D1763d01
[2010/10/10 14:36:52 | 000,017,379 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\4288490Cd01
[2010/10/10 14:36:50 | 000,088,218 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\6301EEDBd01
[2010/10/10 14:28:58 | 000,025,373 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\14E2B1D8d01
[2010/10/10 14:28:57 | 000,042,701 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F5AC40B0d01
[2010/10/10 14:28:55 | 000,021,584 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\BE746817d01
[2010/10/10 14:28:53 | 000,034,485 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3320F7C4d01
[2010/10/10 14:28:50 | 000,035,763 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\2AF22BDEd01
[2010/10/10 14:28:48 | 000,022,678 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\DC1DB316d01
[2010/10/10 14:28:47 | 000,045,004 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F7E418B0d01
[2010/10/10 14:28:40 | 000,060,021 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\250823E9d01
[2010/10/10 14:28:28 | 000,055,561 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\BAADDCFDd01
[2010/10/10 14:28:28 | 000,018,418 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\DBC8DD79d01
[2010/10/10 14:28:24 | 000,017,487 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\6869615Ed01
[2010/10/10 14:27:57 | 000,038,946 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E1BD981Cd01
[2010/10/10 14:27:47 | 000,033,828 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\097E58B2d01
[2010/10/10 14:27:31 | 000,021,388 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\6869535Ed01
[2010/10/10 14:27:25 | 000,021,207 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\6869515Ed01
[2010/10/10 14:27:17 | 000,021,327 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\6869665Ed01
[2010/10/10 14:27:16 | 000,043,219 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\64F1766Cd01
[2010/10/10 14:27:15 | 000,135,639 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\336234FFd01
[2010/10/10 14:27:11 | 000,019,741 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8E941880d01
[2010/10/10 14:27:09 | 000,032,012 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E0AF33B7d01
[2010/10/10 14:27:02 | 000,035,539 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B584D0B0d01
[2010/10/10 14:26:54 | 000,034,694 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\AF990584d01
[2010/10/10 14:26:51 | 000,019,074 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\4796DD37d01
[2010/10/10 14:26:50 | 000,147,661 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\37FA53A6d01
[2010/10/10 14:26:50 | 000,057,408 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\27150E87d01
[2010/10/10 14:26:49 | 000,040,935 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3909A8F5d01
[2010/10/10 14:26:48 | 000,033,678 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\090E58B2d01
[2010/10/10 14:26:46 | 000,027,499 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\06BB38C1d01
[2010/10/10 14:26:46 | 000,023,780 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\8409EB3Dd01
[2010/10/10 14:26:45 | 000,488,965 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\26DB063Dd01
[2010/10/10 14:26:45 | 000,029,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\54DBA8F4d01
[2010/10/10 14:26:45 | 000,020,297 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\161BA8FCd01
[2010/10/10 14:26:43 | 000,031,385 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\EDC81273d01
[2010/10/10 14:26:42 | 000,034,160 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\CD181851d01
[2010/10/10 14:18:45 | 000,048,588 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\XUL.mfl
[2010/10/10 14:18:39 | 000,067,112 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D75DFDC1d01
[2010/10/10 13:09:59 | 000,016,721 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E2D1B742d01
[2010/10/10 13:09:58 | 000,067,112 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D75DF8C1d01
[2010/10/10 12:24:17 | 000,066,541 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\523C1183d01
[2010/10/10 12:24:08 | 000,021,715 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\52511183d01
[2010/10/10 12:23:51 | 000,033,155 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\52501183d01
[2010/10/10 12:23:44 | 000,018,781 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\52461183d01
[2010/10/10 12:23:39 | 000,040,149 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\F0920FABd01
[2010/10/10 12:23:34 | 000,035,899 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\234B06F1d01
[2010/10/10 12:23:10 | 000,062,999 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\FA7C91AAd01
[2010/10/10 12:23:02 | 000,033,118 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\57C46313d01
[2010/10/10 12:22:53 | 000,036,064 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\105D09C7d01
[2010/10/10 12:11:46 | 000,031,224 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\75A97AAFd01
[2010/10/10 12:11:46 | 000,019,417 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\7CE02616d01
[2010/10/10 12:11:45 | 000,022,622 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5F9659FEd01
[2010/10/10 12:11:44 | 000,199,801 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\560A9114d01
[2010/10/10 12:11:43 | 000,072,174 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3CC6FF20d01
[2010/10/10 12:11:43 | 000,031,544 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\830849E5d01
[2010/10/10 11:47:01 | 000,030,279 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3689F6D2d01
[2010/10/10 11:46:49 | 000,140,878 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5FAD1E82d01
[2010/10/10 11:30:17 | 000,025,137 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\7BD6A121d01
[2010/10/10 11:29:19 | 000,002,366 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\pluginreg.dat
[2010/10/10 11:14:02 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\urlclassifier3.sqlite
[2010/10/10 11:14:01 | 011,171,608 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_003_
[2010/10/10 11:14:01 | 005,310,681 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_002_
[2010/10/10 11:14:01 | 003,360,418 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_001_
[2010/10/10 11:14:01 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\cert8.db
[2010/10/10 11:14:01 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\secmod.db
[2010/10/10 11:14:01 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\key3.db
[2010/10/10 11:14:01 | 000,000,276 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_MAP_
[2010/10/10 11:13:15 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\webappsstore.sqlite
[2010/10/10 11:13:13 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\cookies.sqlite
[2010/10/10 11:13:11 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\permissions.sqlite
[2010/10/10 11:13:06 | 000,573,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\places.sqlite
[2010/10/10 11:13:06 | 000,119,528 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\places.sqlite-journal
[2010/10/10 11:13:01 | 000,142,385 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\compreg.dat
[2010/10/10 11:13:00 | 000,102,022 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpti.dat
[2010/10/10 11:12:44 | 000,348,994 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\browser.xpt
[2010/10/10 11:12:44 | 000,023,460 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_svg.xpt
[2010/10/10 11:12:44 | 000,019,182 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\accessibility.xpt
[2010/10/10 11:12:44 | 000,018,049 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_html.xpt
[2010/10/10 11:12:44 | 000,017,215 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko.xpt
[2010/10/10 11:12:44 | 000,012,938 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pipnss.xpt
[2010/10/10 11:12:44 | 000,011,997 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_css.xpt
[2010/10/10 11:12:44 | 000,011,652 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\places.xpt
[2010/10/10 11:12:44 | 000,011,557 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\editor.xpt
[2010/10/10 11:12:44 | 000,011,151 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\widget.xpt
[2010/10/10 11:12:44 | 000,011,095 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_ds.xpt
[2010/10/10 11:12:44 | 000,010,561 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\docshell_base.xpt
[2010/10/10 11:12:44 | 000,009,477 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_base.xpt
[2010/10/10 11:12:44 | 000,009,066 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_base.xpt
[2010/10/10 11:12:44 | 000,008,438 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpconnect.xpt
[2010/10/10 11:12:44 | 000,007,420 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_io.xpt
[2010/10/10 11:12:44 | 000,007,408 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_xul.xpt
[2010/10/10 11:12:44 | 000,007,301 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_core.xpt
[2010/10/10 11:12:44 | 000,006,869 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_events.xpt
[2010/10/10 11:12:44 | 000,006,029 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\jsdservice.xpt
[2010/10/10 11:12:44 | 000,005,510 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\webBrowser_core.xpt
[2010/10/10 11:12:44 | 000,005,145 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\plugin.xpt
[2010/10/10 11:12:44 | 000,004,908 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\rdf.xpt
[2010/10/10 11:12:44 | 000,003,831 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\extensions.xpt
[2010/10/10 11:12:44 | 000,003,731 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_xul_tree.xpt
[2010/10/10 11:12:44 | 000,003,603 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\autocomplete.xpt
[2010/10/10 11:12:44 | 000,003,290 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pref.xpt
[2010/10/10 11:12:44 | 000,003,274 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\feeds.xpt
[2010/10/10 11:12:44 | 000,003,185 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_base.xpt
[2010/10/10 11:12:44 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\storage.xpt
[2010/10/10 11:12:44 | 000,003,040 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_components.xpt
[2010/10/10 11:12:44 | 000,003,021 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\imglib2.xpt
[2010/10/10 11:12:44 | 000,002,958 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\shistory.xpt
[2010/10/10 11:12:44 | 000,002,793 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\windowwatcher.xpt
[2010/10/10 11:12:44 | 000,002,719 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\caps.xpt
[2010/10/10 11:12:44 | 000,002,713 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\uriloader.xpt
[2010/10/10 11:12:44 | 000,002,646 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\update.xpt
[2010/10/10 11:12:44 | 000,002,621 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_loadsave.xpt
[2010/10/10 11:12:44 | 000,002,602 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_http.xpt
[2010/10/10 11:12:44 | 000,002,595 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_cache.xpt
[2010/10/10 11:12:44 | 000,002,547 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\appshell.xpt
[2010/10/10 11:12:44 | 000,002,512 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_xtf.xpt
[2010/10/10 11:12:44 | 000,002,502 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\inspector.xpt
[2010/10/10 11:12:44 | 000,002,425 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xultmpl.xpt
[2010/10/10 11:12:44 | 000,002,369 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\saxparser.xpt
[2010/10/10 11:12:44 | 000,002,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_thread.xpt
[2010/10/10 11:12:44 | 000,002,232 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\downloads.xpt
[2010/10/10 11:12:44 | 000,002,122 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_xul.xpt
[2010/10/10 11:12:44 | 000,002,074 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\webbrowserpersist.xpt
[2010/10/10 11:12:44 | 000,002,008 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\mimetype.xpt
[2010/10/10 11:12:44 | 000,001,981 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\exthandler.xpt
[2010/10/10 11:12:44 | 000,001,930 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_canvas.xpt
[2010/10/10 11:12:44 | 000,001,896 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_system.xpt
[2010/10/10 11:12:44 | 000,001,789 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\commandhandler.xpt
[2010/10/10 11:12:44 | 000,001,784 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\loginmgr.xpt
[2010/10/10 11:12:44 | 000,001,648 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_cookie.xpt
[2010/10/10 11:12:44 | 000,001,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_xpti.xpt
[2010/10/10 11:12:44 | 000,001,508 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\exthelper.xpt
[2010/10/10 11:12:44 | 000,001,491 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\uconv.xpt
[2010/10/10 11:12:44 | 000,001,475 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_strconv.xpt
[2010/10/10 11:12:44 | 000,001,451 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\gfx.xpt
[2010/10/10 11:12:44 | 000,001,417 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_xpath.xpt
[2010/10/10 11:12:44 | 000,001,346 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\jar.xpt
[2010/10/10 11:12:44 | 000,001,326 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_xslt.xpt
[2010/10/10 11:12:44 | 000,001,293 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\webshell_idls.xpt
[2010/10/10 11:12:44 | 000,001,282 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_traversal.xpt
[2010/10/10 11:12:44 | 000,001,263 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_offline.xpt
[2010/10/10 11:12:44 | 000,001,260 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\locale.xpt
[2010/10/10 11:12:44 | 000,001,258 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\txmgr.xpt
[2010/10/10 11:12:44 | 000,001,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_range.xpt
[2010/10/10 11:12:44 | 000,001,209 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xuldoc.xpt
[2010/10/10 11:12:44 | 000,001,181 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\unicharutil.xpt
[2010/10/10 11:12:44 | 000,001,179 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\prefetch.xpt
[2010/10/10 11:12:44 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\oji.xpt
[2010/10/10 11:12:44 | 000,001,111 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpinstall.xpt
[2010/10/10 11:12:44 | 000,001,088 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\toolkitprofile.xpt
[2010/10/10 11:12:44 | 000,001,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_dns.xpt
[2010/10/10 11:12:44 | 000,001,060 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\spellchecker.xpt
[2010/10/10 11:12:44 | 000,001,036 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\find.xpt
[2010/10/10 11:12:44 | 000,001,019 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_stylesheets.xpt
[2010/10/10 11:12:44 | 000,001,011 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xml-rpc.xpt
[2010/10/10 11:12:44 | 000,000,960 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\commandlines.xpt
[2010/10/10 11:12:44 | 000,000,911 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_printing.xpt
[2010/10/10 11:12:44 | 000,000,893 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_socket.xpt
[2010/10/10 11:12:44 | 000,000,874 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_storage.xpt
[2010/10/10 11:12:44 | 000,000,858 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\grabber.gif
[2010/10/10 11:12:44 | 000,000,856 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\plugins\flashplayer.xpt
[2010/10/10 11:12:44 | 000,000,845 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\mozfind.xpt
[2010/10/10 11:12:44 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-row-hover.gif
[2010/10/10 11:12:44 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-row.gif
[2010/10/10 11:12:44 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-column-hover.gif
[2010/10/10 11:12:44 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-column.gif
[2010/10/10 11:12:44 | 000,000,835 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-row-active.gif
[2010/10/10 11:12:44 | 000,000,835 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-column-active.gif
[2010/10/10 11:12:44 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-after-hover.gif
[2010/10/10 11:12:44 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-after.gif
[2010/10/10 11:12:44 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-after-hover.gif
[2010/10/10 11:12:44 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-after.gif
[2010/10/10 11:12:44 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-before-hover.gif
[2010/10/10 11:12:44 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-before.gif
[2010/10/10 11:12:44 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-before-hover.gif
[2010/10/10 11:12:44 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-before.gif
[2010/10/10 11:12:44 | 000,000,771 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\zipwriter.xpt
[2010/10/10 11:12:44 | 000,000,759 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\txtsvc.xpt
[2010/10/10 11:12:44 | 000,000,755 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\composer.xpt
[2010/10/10 11:12:44 | 000,000,724 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\contentprefs.xpt
[2010/10/10 11:12:44 | 000,000,718 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\satchel.xpt
[2010/10/10 11:12:44 | 000,000,700 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_html.xpt
[2010/10/10 11:12:44 | 000,000,694 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\htmlparser.xpt
[2010/10/10 11:12:44 | 000,000,693 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_xmldoc.xpt
[2010/10/10 11:12:44 | 000,000,679 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\chardet.xpt
[2010/10/10 11:12:44 | 000,000,652 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\profile.xpt
[2010/10/10 11:12:44 | 000,000,645 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\intl.xpt
[2010/10/10 11:12:44 | 000,000,628 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pipboot.xpt
[2010/10/10 11:12:44 | 000,000,619 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\html\folder.png
[2010/10/10 11:12:44 | 000,000,613 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xulapp.xpt
[2010/10/10 11:12:44 | 000,000,605 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_htmldoc.xpt
[2010/10/10 11:12:44 | 000,000,599 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\fastfind.xpt
[2010/10/10 11:12:44 | 000,000,551 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_sidebar.xpt
[2010/10/10 11:12:44 | 000,000,543 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\appstartup.xpt
[2010/10/10 11:12:44 | 000,000,537 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\parentalcontrols.xpt
[2010/10/10 11:12:44 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\embed_base.xpt
[2010/10/10 11:12:44 | 000,000,488 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\cookie.xpt
[2010/10/10 11:12:44 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_xbl.xpt
[2010/10/10 11:12:44 | 000,000,437 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_file.xpt
[2010/10/10 11:12:44 | 000,000,377 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pippki.xpt
[2010/10/10 11:12:44 | 000,000,377 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom.xpt
[2010/10/10 11:12:44 | 000,000,373 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\directory.xpt
[2010/10/10 11:12:44 | 000,000,356 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\mimeTypes.rdf
[2010/10/10 11:12:44 | 000,000,349 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_json.xpt
[2010/10/10 11:12:44 | 000,000,344 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\chrome.xpt
[2010/10/10 11:12:44 | 000,000,326 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\imgicon.xpt
[2010/10/10 11:12:44 | 000,000,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_about.xpt
[2010/10/10 11:12:44 | 000,000,302 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_base.xpt
[2010/10/10 11:12:44 | 000,000,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\mozbrwsr.xpt
[2010/10/10 11:12:44 | 000,000,287 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\proxyObject.xpt
[2010/10/10 11:12:44 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_res.xpt
[2010/10/10 11:12:44 | 000,000,233 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\accessibility-msaa.xpt
[2010/10/10 11:12:44 | 000,000,226 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_views.xpt
[2010/10/10 11:12:44 | 000,000,212 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\windowds.xpt
[2010/10/10 11:12:44 | 000,000,211 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\autoconfig.xpt
[2010/10/10 11:12:44 | 000,000,211 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\alerts.xpt
[2010/10/10 11:12:44 | 000,000,201 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_ftp.xpt
[2010/10/10 11:12:44 | 000,000,198 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xulapp_setup.xpt
[2010/10/10 11:12:44 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_viewsource.xpt
[2010/10/10 11:12:44 | 000,000,174 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\lwbrk.xpt
[2010/10/10 11:12:44 | 000,000,172 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\urlformatter.xpt
[2010/10/10 11:12:44 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\localstore.rdf
[2010/10/10 11:12:44 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\localstore.rdf
[2010/10/10 11:12:44 | 000,000,122 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\loading-image.gif
[2010/10/10 11:12:44 | 000,000,106 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\broken-image.gif
[2010/10/10 11:12:44 | 000,000,059 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\arrowd.gif
[2010/10/10 11:12:44 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-after-active.gif
[2010/10/10 11:12:44 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-before-active.gif
[2010/10/10 11:12:44 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-after-active.gif
[2010/10/10 11:12:44 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-before-active.gif
[2010/10/10 11:12:44 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\arrow.gif
[2010/10/10 11:12:43 | 000,115,501 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsUpdateService.js
[2010/10/10 11:12:43 | 000,110,913 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSearchService.js
[2010/10/10 11:12:43 | 000,077,051 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsMicrosummaryService.js
[2010/10/10 11:12:43 | 000,076,993 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSessionStore.js
[2010/10/10 11:12:43 | 000,061,758 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\utils.js
[2010/10/10 11:12:43 | 000,056,411 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfont.properties
[2010/10/10 11:12:43 | 000,051,214 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsHandlerService.js
[2010/10/10 11:12:43 | 000,050,600 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsUrlClassifierLib.js
[2010/10/10 11:12:43 | 000,049,926 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\storage-Legacy.js
[2010/10/10 11:12:43 | 000,044,106 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLoginManager.js
[2010/10/10 11:12:43 | 000,041,950 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsHelperAppDlg.js
[2010/10/10 11:12:43 | 000,040,367 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLoginManagerPrompter.js
[2010/10/10 11:12:43 | 000,038,499 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\transliterate.properties
[2010/10/10 11:12:43 | 000,037,314 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsProgressDialog.js
[2010/10/10 11:12:43 | 000,036,111 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLivemarkService.js
[2010/10/10 11:12:43 | 000,035,256 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsXmlRpcClient.js
[2010/10/10 11:12:43 | 000,034,011 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\WebContentConverter.js
[2010/10/10 11:12:43 | 000,033,805 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsPlacesTransactionsService.js
[2010/10/10 11:12:43 | 000,030,004 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\mathml20.properties
[2010/10/10 11:12:43 | 000,025,176 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSafebrowsingApplication.js
[2010/10/10 11:12:43 | 000,024,273 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSearchSuggestions.js
[2010/10/10 11:12:43 | 000,021,420 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsPostUpdateWin.js
[2010/10/10 11:12:43 | 000,019,983 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsUrlClassifierListManager.js
[2010/10/10 11:12:43 | 000,017,380 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\DownloadUtils.jsm
[2010/10/10 11:12:43 | 000,013,682 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsProxyAutoConfig.js
[2010/10/10 11:12:43 | 000,012,513 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSidebar.js
[2010/10/10 11:12:43 | 000,011,428 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSessionStartup.js
[2010/10/10 11:12:43 | 000,011,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\charsetalias.properties
[2010/10/10 11:12:43 | 000,009,998 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\XPCOMUtils.jsm
[2010/10/10 11:12:43 | 000,009,967 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsTaggingService.js
[2010/10/10 11:12:43 | 000,009,551 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\charsetData.properties
[2010/10/10 11:12:43 | 000,009,456 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsRequestService.js
[2010/10/10 11:12:43 | 000,008,278 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsXULAppInstall.js
[2010/10/10 11:12:43 | 000,007,585 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\PluralForm.jsm
[2010/10/10 11:12:43 | 000,007,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig\prefcalls.js
[2010/10/10 11:12:43 | 000,007,049 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsResetPref.js
[2010/10/10 11:12:43 | 000,007,039 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\ISO8601DateUtils.jsm
[2010/10/10 11:12:43 | 000,006,920 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsWebHandlerApp.js
[2010/10/10 11:12:43 | 000,006,721 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\JSON.jsm
[2010/10/10 11:12:43 | 000,006,719 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontUnicode.properties
[2010/10/10 11:12:43 | 000,006,667 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\txEXSLTRegExFunctions.js
[2010/10/10 11:12:43 | 000,005,649 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\langGroups.properties
[2010/10/10 11:12:43 | 000,005,493 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontSTIXNonUnicode.properties
[2010/10/10 11:12:43 | 000,005,490 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\language.properties
[2010/10/10 11:12:43 | 000,004,302 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLoginInfo.js
[2010/10/10 11:12:43 | 000,004,090 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\html40Symbols.properties
[2010/10/10 11:12:43 | 000,003,954 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontSymbol.properties
[2010/10/10 11:12:43 | 000,003,930 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\xulrunner.js
[2010/10/10 11:12:43 | 000,003,902 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontStandardSymbolsL.properties
[2010/10/10 11:12:43 | 000,003,690 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\html40Latin1.properties
[2010/10/10 11:12:43 | 000,003,378 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\greprefs\security-prefs.js
[2010/10/10 11:12:43 | 000,003,268 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsTryToClose.js
[2010/10/10 11:12:43 | 000,003,142 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pluginGlue.js
[2010/10/10 11:12:43 | 000,003,115 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsURLFormatter.js
[2010/10/10 11:12:43 | 000,003,033 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontSTIXSize1.properties
[2010/10/10 11:12:43 | 000,002,854 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSetDefaultBrowser.js
[2010/10/10 11:12:43 | 000,002,396 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\html40Special.properties
[2010/10/10 11:12:43 | 000,002,080 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\wincharset.properties
[2010/10/10 11:12:43 | 000,001,967 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\htmlEntityVersions.properties
[2010/10/10 11:12:43 | 000,000,774 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\en-US.manifest
[2010/10/10 11:12:43 | 000,000,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\classic.manifest
[2010/10/10 11:12:43 | 000,000,517 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\toolkit.manifest
[2010/10/10 11:12:43 | 000,000,347 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\prefs.js
[2010/10/10 11:12:43 | 000,000,208 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\reporter.js
[2010/10/10 11:12:43 | 000,000,172 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\geckofx.manifest
[2010/10/10 11:12:43 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\comm.manifest
[2010/10/10 11:12:43 | 000,000,087 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig\platform.js
[2010/10/10 11:12:43 | 000,000,085 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\greprefs\xpinstall.js
[2010/10/10 11:12:43 | 000,000,069 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\pippki.manifest
[2010/10/10 11:12:42 | 000,333,726 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsExtensionManager.js
[2010/10/10 11:12:42 | 000,072,928 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\greprefs\all.js
[2010/10/10 11:12:42 | 000,066,215 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\FeedProcessor.js
[2010/10/10 11:12:42 | 000,064,412 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\Microformats.js
[2010/10/10 11:12:42 | 000,049,780 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\FeedWriter.js
[2010/10/10 11:12:42 | 000,038,238 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\fuelApplication.js
[2010/10/10 11:12:42 | 000,035,102 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\firefox.js
[2010/10/10 11:12:42 | 000,033,087 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBrowserContentHandler.js
[2010/10/10 11:12:42 | 000,032,409 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBrowserGlue.js
[2010/10/10 11:12:42 | 000,030,074 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBlocklistService.js
[2010/10/10 11:12:42 | 000,029,973 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsContentPrefService.js
[2010/10/10 11:12:42 | 000,025,339 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\FeedConverter.js
[2010/10/10 11:12:42 | 000,012,091 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\distribution.js
[2010/10/10 11:12:42 | 000,011,677 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsAddonRepository.js
[2010/10/10 11:12:42 | 000,006,265 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsDefaultCLH.js
[2010/10/10 11:12:42 | 000,005,737 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsDownloadManagerUI.js
[2010/10/10 11:12:42 | 000,005,005 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsContentDispatchChooser.js
[2010/10/10 11:12:42 | 000,004,805 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsDictionary.js
[2010/10/10 11:12:42 | 000,003,104 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBadCertHandler.js
[2010/10/10 11:12:42 | 000,002,927 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\aboutRobots.js
[2010/10/10 11:12:42 | 000,002,925 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\aboutRights.js
[2010/10/10 11:12:42 | 000,002,738 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\debug.js
[2010/10/10 11:12:42 | 000,001,512 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\jsconsole-clhandler.js
[2010/10/10 11:12:42 | 000,000,915 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\firefox-branding.js
[2010/10/10 11:12:42 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\firefox-l10n.js
[2010/10/10 11:12:42 | 000,000,126 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\channel-prefs.js
[2010/10/10 11:12:41 | 001,915,137 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\toolkit.jar
[2010/10/10 11:12:41 | 000,777,705 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\classic.jar
[2010/10/10 11:12:41 | 000,332,438 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\en-US.jar
[2010/10/10 11:12:41 | 000,317,480 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\pippki.jar
[2010/10/10 11:12:41 | 000,063,788 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\dtd\mathml.dtd
[2010/10/10 11:12:41 | 000,039,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\comm.jar
[2010/10/10 11:12:41 | 000,015,416 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\forms.css
[2010/10/10 11:12:41 | 000,014,664 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\mathml.css
[2010/10/10 11:12:41 | 000,013,443 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\geckofx.jar
[2010/10/10 11:12:41 | 000,011,637 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\contenteditable.css
[2010/10/10 11:12:41 | 000,011,608 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\quirk.css
[2010/10/10 11:12:41 | 000,011,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\html.css
[2010/10/10 11:12:41 | 000,010,740 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\EditorOverride.css
[2010/10/10 11:12:41 | 000,008,427 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\dtd\xhtml11.dtd
[2010/10/10 11:12:41 | 000,006,469 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\ua.css
[2010/10/10 11:12:41 | 000,003,037 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\viewsource.css
[2010/10/10 11:12:41 | 000,002,295 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\svg.css
[2010/10/10 11:12:41 | 000,001,861 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\designmode.css
[2010/10/10 11:12:41 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome\userChrome-example.css
[2010/10/10 11:12:41 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome\userChrome-example.css
[2010/10/10 11:12:41 | 000,000,663 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome\userContent-example.css
[2010/10/10 11:12:41 | 000,000,663 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome\userContent-example.css
[2010/10/10 11:12:41 | 000,000,478 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\softokn3.chk
[2010/10/10 11:12:41 | 000,000,478 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\freebl3.chk
[2010/10/10 11:12:40 | 005,969,360 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\plugins\NPSWF32.dll
[2010/10/10 11:12:39 | 000,007,139 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\bookmarks.html
[2010/10/10 11:12:39 | 000,000,117 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\hiddenWindow.html
[2010/10/09 10:23:08 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/08 23:59:17 | 000,002,051 | ---- | C] () -- C:\Users\Her\Desktop\Bookworm Adventures The Monkey King.lnk
[2010/10/08 23:58:41 | 000,002,069 | ---- | C] () -- C:\Users\Her\Desktop\Bookworm Adventures Astounding Planet.lnk
[2010/10/08 23:58:08 | 000,002,114 | ---- | C] () -- C:\Users\Her\Desktop\Bookworm Adventures Fractured Fairytales.lnk
[2010/10/08 23:57:28 | 000,001,848 | ---- | C] () -- C:\Users\Her\Desktop\Bookworm Adventures Vol.2.lnk
[2010/10/08 23:56:24 | 000,002,072 | ---- | C] () -- C:\Users\Her\Desktop\Bookworm Adventures Deluxe.lnk
[2010/10/01 16:51:58 | 000,001,075 | ---- | C] () -- C:\Users\Her\Desktop\Farm Frenzy Gone Fishing.lnk
[2010/10/01 08:42:10 | 000,003,234 | ---- | C] () -- C:\Users\Her\Documents\Attach.zip
[2010/10/01 08:01:32 | 000,000,943 | ---- | C] () -- C:\Users\Her\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/01 08:00:55 | 000,000,763 | ---- | C] () -- C:\Users\Her\Desktop\NTREGOPT.lnk
[2010/10/01 08:00:55 | 000,000,744 | ---- | C] () -- C:\Users\Her\Desktop\ERUNT.lnk
[2010/09/30 23:54:12 | 490,835,375 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/23 17:07:46 | 000,003,347 | ---- | C] () -- C:\Users\Her\.recently-used.xbel
[2010/09/21 01:22:01 | 000,016,384 | -HS- | C] () -- C:\Windows\SysWow64\drivers\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
[2010/09/21 01:21:30 | 009,655,677 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\jet.exe
[2010/09/21 01:20:50 | 000,004,286 | ---- | C] () -- C:\Windows\SysWow64\ico.ico
[2010/09/21 01:17:44 | 000,001,738 | ---- | C] () -- C:\Users\Her\Desktop\Alawar Games.lnk
[2010/09/18 15:49:19 | 000,000,945 | ---- | C] () -- C:\Users\Her\Desktop\Farmers Market.lnk
[2010/09/16 10:34:30 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/09/16 10:34:29 | 000,000,996 | ---- | C] () -- C:\Users\Her\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/09/15 16:15:11 | 000,001,868 | ---- | C] () -- C:\Users\Her\Desktop\Fishdom (2).lnk
[2010/09/15 16:10:46 | 000,001,043 | ---- | C] () -- C:\Users\Her\Desktop\Fishdom H2O Hidden Odyssey.lnk
[2010/09/02 10:19:45 | 000,001,404 | ---- | C] () -- C:\Users\Her\AppData\Roaming\wklnhst.dat
[2010/07/25 17:25:15 | 000,000,680 | ---- | C] () -- C:\Users\Her\AppData\Local\d3d9caps.dat
[2010/05/29 03:12:14 | 136,233,564 | ---- | C] () -- C:\Users\Her\AppData\Roaming\The_Heritage_V1.0.4.0.exe
[2010/05/23 22:20:55 | 000,000,306 | ---- | C] () -- C:\Users\Her\AppData\Roaming\bbbconfig.dat
[2010/04/03 16:22:08 | 000,001,041 | ---- | C] () -- C:\Users\Her\AppData\Roaming\vso_ts_preview.xml
[2010/04/03 16:21:22 | 000,000,034 | ---- | C] () -- C:\Users\Her\AppData\Roaming\pcouffin.log
[2010/04/03 16:19:59 | 000,099,384 | ---- | C] () -- C:\Users\Her\AppData\Roaming\inst.exe
[2010/04/03 16:19:59 | 000,007,859 | ---- | C] () -- C:\Users\Her\AppData\Roaming\pcouffin.cat
[2010/04/03 16:19:59 | 000,001,167 | ---- | C] () -- C:\Users\Her\AppData\Roaming\pcouffin.inf
[2010/04/03 13:04:22 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/04/03 13:04:21 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/04/03 13:04:18 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/04/03 13:04:18 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/04/03 13:04:17 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2010/04/03 13:04:13 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/04/03 13:04:11 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/04/03 12:55:08 | 000,132,608 | ---- | C] () -- C:\Users\Her\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/15 02:13:25 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/03/15 02:12:06 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/03/11 15:35:41 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2010/03/11 15:35:30 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/03/11 15:34:52 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/03/11 15:34:15 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/03/11 15:32:26 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/03/11 02:06:02 | 000,000,000 | ---- | C] () -- C:\Users\Her\AppData\Local\QSwitch.txt
[2010/03/11 02:06:02 | 000,000,000 | ---- | C] () -- C:\Users\Her\AppData\Local\DSwitch.txt
[2010/03/11 02:06:02 | 000,000,000 | ---- | C] () -- C:\Users\Her\AppData\Local\AtStart.txt
[2010/03/11 02:06:01 | 000,000,187 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\WBCustomizer.dll
[2009/08/31 14:00:21 | 000,185,344 | ---- | C] () -- C:\Windows\SysWow64\MemWarp.dll
[2009/04/08 05:00:37 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/04/08 04:52:14 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/04/08 04:49:44 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/04/08 04:47:54 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:BFC41B39
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:A1023D41
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:2E224648
< End of report >

ken545
2010-10-11, 19:15
Thanks for the log


Please download OTM by OldTimer (http://oldtimer.geekstogo.com/OTM.exe) and save it to your desktop.
Double click the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/OTMdesktopicon.png icon on your desktop.
Paste the following code under the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/pasteline.png area.
Do not include the word "Code".



:Processes
explorer.exe

:Services
safesurf
JetSwap

:Reg

:Files
C:\Windows\SysWow64\drivers\safesurf.exe


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Push the large http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/btnmoveit.png button.
OTM may ask to reboot the machine. Please do so if asked.
Copy/Paste the contents under the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/results.png line here in your next reply.
If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Magnus_Rexel
2010-10-11, 21:29
Here is the OTM log.

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
Error: No service named safesurf was found to stop!
Service\Driver key safesurf not found.
Error: No service named JetSwap was found to stop!
Service\Driver key JetSwap not found.
========== REGISTRY ==========
========== FILES ==========
C:\Windows\SysWow64\drivers\safesurf.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Her
->Temp folder emptied: 32237 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43070119 bytes
->Flash cache emptied: 867 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 91454406 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 180537 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 109274 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 129.00 mb


OTM by OldTimer - Version 3.1.16.1 log created on 10112010_123154

Files moved on Reboot...
C:\Users\Her\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...

ken545
2010-10-12, 00:21
Hi,

I am not convinced its totally gone.

Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic





Then run this scanner, it wont take long at all

Download OTS.exe (http://oldtimer.geekstogo.com/OTS.exe) by OldTimer to your Desktop.
Close any open browsers.
Double-click on OTS.exe to start the program.
Leave all settings as they appear as default, except for the following:
Under Drivers, select "All".
Under Additional Scans, click on the "Extra" button.

Now click the Run Scan button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file
Use the Reply button and attach the notepad file here (Do not copy and paste in a reply, rather attach it to it).

Magnus_Rexel
2010-10-12, 06:49
ESET found 5 infected files. 4 were in the OTL moved files and one was c:\windows\system32\upn.exe

Here is the log from ESET. I hope this is what you wanted cause it seems a bit short to me.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Here is the log from the OTS scan:

ken545
2010-10-12, 13:57
Hi,

I am looking over your log , be back soon

ken545
2010-10-12, 14:26
Start OTS.

Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.



[Unregister Dlls]
[Registry - Safe List]
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications
YY -> \List\\"" -> C:\windows\system32\drivers\safesurf.exe [C:\\windows\\system32\\drivers\\safesurf.exe:*:Enabled:Updater Service]
YY -> \List\\"C:\Windows\system32\system\svchost.exe" -> C:\Windows\SysNative\system\svchost.exe [C:\Windows\system32\system\svchost.exe:*:Enabled:Updater Service]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YY -> "" -> C:\windows\system32\drivers\safesurf.exe [C:\\windows\\system32\\drivers\\safesurf.exe:*:Enabled:Updater Service]
YY -> "C:\Windows\system32\system\svchost.exe" -> C:\Windows\SysWow64\system\svchost.exe [C:\Windows\system32\system\svchost.exe:*:Enabled:Updater Service]
[Files/Folders - Created Within 30 Days]
NY -> safesurf.exe -> C:\Windows\SysWow64\drivers\safesurf.exe
[Files/Folders - Modified Within 30 Days]
NY -> safesurf.exe -> C:\Windows\SysWow64\drivers\safesurf.exe
[Alternate Data Streams]
NY -> @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:2E224648
NY -> @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:A1023D41
NY -> @Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:BFC41B39



The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTS log.

Magnus_Rexel
2010-10-12, 16:39
OTS log:

[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\\\List"" not found.
C:\windows\system32\drivers\safesurf.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\\\List"C:\Windows\system32\system\svchost.exe" not found.
File C:\Windows\SysNative\system\svchost.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\ deleted successfully.
File C:\windows\system32\drivers\safesurf.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\system32\system\svchost.exe deleted successfully.
File C:\Windows\SysWow64\system\svchost.exe not found.
[Files/Folders - Created Within 30 Days]
File C:\Windows\SysWow64\drivers\safesurf.exe not found!
[Files/Folders - Modified Within 30 Days]
File C:\Windows\SysWow64\drivers\safesurf.exe not found!
[Alternate Data Streams]
ADS C:\ProgramData\Temp:2E224648 deleted successfully.
ADS C:\ProgramData\Temp:A1023D41 deleted successfully.
ADS C:\ProgramData\Temp:BFC41B39 deleted successfully.
< End of fix log >
OTS by OldTimer - Version 3.1.38.1 fix logfile created on 10122010_093620

ken545
2010-10-12, 19:19
Hi,

Run OTS again, no fix this time , I just want to see a clean new report please

Magnus_Rexel
2010-10-12, 23:52
OTS log:

ken545
2010-10-13, 02:51
Looks like its gone, how are things running now ?

Magnus_Rexel
2010-10-13, 05:05
seems ok, but give me at least 24 hours to observe my system and see if I get any odd pop-up warnings or any odd behavior.

I did notice in that c:\windows\syswow64\drivers\f folder there are 2 files. One is called Jet and it is an app and the other is called sfa and it is a txt.

If you think we need to deal with these as they may be related to the jetswap and safesurf stuff let me know. I will check back in the morning after some observation.

Thanks so much for your help. It was very good. Straight and to the point and it got results. :thanks:

I'll check in the morning and see if you have a reply. If not I will post again in about 24 hours from now and confirm if my system is clean and back to normal.

ken545
2010-10-13, 11:27
Hi,

You can open that SFA file and see what it is, it maybe related to some games you installed.



You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again


C:\Windows\SysWow64\drivers\f\jet.exe

If the site is busy you can try this one

http://virusscan.jotti.org/en

Magnus_Rexel
2010-10-13, 15:48
Here is the VirusTotal results:

Antivirus Version Last Update Result
AhnLab-V3 2010.10.13.01 2010.10.13 -
AntiVir 7.10.12.196 2010.10.13 -
Antiy-AVL 2.0.3.7 2010.10.13 -
Authentium 5.2.0.5 2010.10.13 -
Avast 4.8.1351.0 2010.10.13 -
Avast5 5.0.594.0 2010.10.13 -
AVG 9.0.0.851 2010.10.13 -
BitDefender 7.2 2010.10.13 -
CAT-QuickHeal 11.00 2010.10.13 -
ClamAV 0.96.2.0-git 2010.10.13 -
Comodo 6376 2010.10.13 -
DrWeb 5.0.2.03300 2010.10.13 -
Emsisoft 5.0.0.50 2010.10.13 -
eTrust-Vet 36.1.7908 2010.10.13 -
F-Prot 4.6.2.117 2010.10.12 -
Fortinet 4.2.249.0 2010.10.13 -
GData 21 2010.10.13 -
Ikarus T3.1.1.90.0 2010.10.13 -
Jiangmin 13.0.900 2010.10.13 -
K7AntiVirus 9.65.2733 2010.10.12 -
Kaspersky 7.0.0.125 2010.10.13 -
McAfee 5.400.0.1158 2010.10.13 -
McAfee-GW-Edition 2010.1C 2010.10.13 -
Microsoft 1.6201 2010.10.13 -
NOD32 5527 2010.10.13 -
Norman 6.06.07 2010.10.12 -
nProtect 2010-10-13.01 2010.10.13 -
Panda 10.0.2.7 2010.10.12 -
PCTools 7.0.3.5 2010.10.13 -
Prevx 3.0 2010.10.13 -
Rising 22.69.02.04 2010.10.13 -
Sophos 4.58.0 2010.10.13 -
Sunbelt 7048 2010.10.13 -
SUPERAntiSpyware 4.40.0.1006 2010.10.13 -
Symantec 20101.2.0.161 2010.10.13 WS.Reputation.1
TheHacker 6.7.0.1.056 2010.10.13 -
TrendMicro 9.120.0.1004 2010.10.13 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.13 -
VBA32 3.12.14.1 2010.10.13 -
ViRobot 2010.9.25.4060 2010.10.13 -
VirusBuster 12.67.14.0 2010.10.12 -
Additional information
Show all
MD5 : 6282da97178f2112b74b4a4a60e80ce6
SHA1 : c1bbbe736d4571a95df41d169eb73fe1de294a00
SHA256: e7cc335432f36a6cd6f46ffeff8f9a40cdd864a165e5604fc505ad009dfd8470
ssdeep: 196608:eQm77vDObREIXome180a3o87bj0mDFeMj6gpjRMmbscXF0ADDyIM3xJckCiY:eQmnvDA
EIYNE3o8PBPugR+mJ10kDx/
File size : 9655677 bytes
First seen: 2010-09-06 00:25:21
Last seen : 2010-10-13 12:31:35
TrID:
WinRAR Self Extracting archive (95.7%)
Win32 Executable Generic (1.5%)
Win32 Dynamic Link Library (generic) (1.4%)
Win32 Executable Watcom C++ (generic) (0.4%)
Generic Win/DOS Executable (0.3%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): RAR, UTF-8, SFX
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1000
timedatestamp....: 0x48CFC008 (Tue Sep 16 14:17:44 2008)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x14000, 0x13A00, 6.48, d9c3b0b82d7da6d18b0896fb360cea84
.data, 0x15000, 0x8000, 0xA00, 4.93, 568dd221456d807ca821813c84d65e70
.idata, 0x1D000, 0x2000, 0x1200, 4.79, bc7806e1c1ce9ebfd00ad834c1f7a647
.rsrc, 0x1F000, 0x4000, 0x3C00, 5.04, 3c8f0ed4321b54bfacbe419b46569c90

[[ 8 import(s) ]]
ADVAPI32.DLL: AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA, SetFileSecurityA, SetFileSecurityW
KERNEL32.DLL: CloseHandle, CompareStringA, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, DeleteFileA, DeleteFileW, DosDateTimeToFileTime, ExitProcess, ExpandEnvironmentStringsA, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FindResourceA, FreeLibrary, GetCPInfo, GetCommandLineA, GetCurrentDirectoryA, GetCurrentProcess, GetDateFormatA, GetFileAttributesA, GetFileAttributesW, GetFileType, GetFullPathNameA, GetLastError, GetLocaleInfoA, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetNumberFormatA, GetProcAddress, GetProcessHeap, GetStdHandle, GetSystemTime, GetTempPathA, GetTickCount, GetTimeFormatA, GetVersionExA, GlobalAlloc, HeapAlloc, HeapFree, HeapReAlloc, IsDBCSLeadByte, LoadLibraryA, LocalFileTimeToFileTime, MoveFileA, MoveFileExA, MultiByteToWideChar, ReadFile, SetCurrentDirectoryA, SetEndOfFile, SetEnvironmentVariableA, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFileTime, SetLastError, Sleep, SystemTimeToFileTime, WaitForSingleObject, WideCharToMultiByte, WriteFile, lstrcmpiA, lstrlenA
COMCTL32.DLL: -
COMDLG32.DLL: CommDlgExtendedError, GetOpenFileNameA, GetSaveFileNameA
GDI32.DLL: DeleteObject
SHELL32.DLL: SHBrowseForFolderA, SHChangeNotify, SHFileOperationA, SHGetFileInfoA, SHGetMalloc, SHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA
USER32.DLL: CharToOemA, CharToOemBuffA, CharUpperA, CopyRect, CreateWindowExA, DefWindowProcA, DestroyIcon, DestroyWindow, DialogBoxParamA, DispatchMessageA, EnableWindow, EndDialog, FindWindowExA, GetClassNameA, GetClientRect, GetDlgItem, GetDlgItemTextA, GetMessageA, GetParent, GetSysColor, GetSystemMetrics, GetWindow, GetWindowLongA, GetWindowRect, GetWindowTextA, IsWindow, IsWindowVisible, LoadBitmapA, LoadCursorA, LoadIconA, LoadStringA, MapWindowPoints, MessageBoxA, OemToCharA, OemToCharBuffA, PeekMessageA, PostMessageA, RegisterClassExA, SendDlgItemMessageA, SendMessageA, SetDlgItemTextA, SetFocus, SetMenu, SetWindowLongA, SetWindowPos, SetWindowTextA, ShowWindow, TranslateMessage, UpdateWindow, WaitForInputIdle, wsprintfA, wvsprintfA
OLE32.DLL: CLSIDFromString, CoCreateInstance, CreateStreamOnHGlobal, OleInitialize, OleUninitialize
ExifTool:
file metadata
CodeSize: 81920
EntryPoint: 0x1000
FileSize: 9.2 MB
FileType: Win32 EXE
ImageVersion: 0.0
InitializedDataSize: 32768
LinkerVersion: 5.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2008:09:16 16:17:44+02:00
UninitializedDataSize: 0

ken545
2010-10-13, 19:15
Appears that file is ok

Magnus_Rexel
2010-10-14, 00:43
Well if that file is OK and everything else looks OK to you and my system and AV aren't giving me pop-up warnings I guess we are finished here.

Thanks so much for all the help and excellent work. I appreciate all your time and effort. :2thumb:

ken545
2010-10-14, 00:52
Your very welcome :)

You can open up OTL and click on the Cleanup Feature and it will remove some of the tools we used to clean your system along with any backups they may have created.


System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.

Please follow the steps below to create a clean restore point:

Click Start > Run > copy and paste the following into the run box:

%SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create.
When the confirmation screen shows the restore point has been created click Close.


Then remove all previous Restore Points

Click Start > Run > copy and paste the following into the run box:

cleanmgr
Choose to scan drive C:\ (if C:\ is your main drive).
At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.






How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)

ken545
2010-11-01, 10:25
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.