Jump to content

Win32 Bamital AO Trojan infected explorer.exe

sknois7

By sknois7
in Resolved Malware Removal Logs

 Share

Recommended Posts

sknois7

sknois7

Posted
Posted

Hello, I've recently had a virus infect my laptop. At first the icons in system tray weren't showing up right. Programs that would usually show up there stopped showing, and there would be duplicate icons of other programs. Then I kept getting Windows Explorer is restarting errors constantly. Now I can't even get the desktop to load normally, I'll enter my password for windows and then it'll just show my wallpaper but no icons will ever load, from there I can still open task manager and boot under safe mode, which is how I'm typing this now. And for awhile my first search result in Google has been going to something other than the site it's supposed to but I wasn't sure it was an infection as I regularly do scans and usually come up with nothing. A full system scan with Malware Bytes finds nothing. A scan with Avast finds 3 entries of what it called Win32 Bamital AO trojan infection, including in explorer.exe and 2 other entries, 1 of which was something in SysWOW64 directory. Avast was unable to repair, move, or delete any of the entries, so I'm looking for help on getting rid of this.

Here is my DDS.txt log, other logs are attached:

DDS (Ver_10-11-27.01) - NTFS_AMD64 NETWORK

Run by at 1:43:37.99 on Mon 11/29/2010

Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_13

Microsoft

attach.zip

Link to post
Share on other sites
Gammo

Gammo

Posted
Posted

Hi,

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Under the Custom Scan box paste this in
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    /md5start
    explorer.exe
    winlogon.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Link to post
Share on other sites
sknois7

sknois7

Posted
  • Author
Posted

Thanks for your response. I did the scan as you said, and the logs are below...I thought I should mention that I attempted a system restore from a few days ago when I could still boot into normal windows, and not safe mode, and I am now back into normal boot mode, and not safe mode, though still seeing the same symptoms of the problem as I described.

Here is the OTL.txt:

OTL logfile created on: 12/1/2010 7:24:23 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Ian\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 144.04 Gb Total Space | 15.43 Gb Free Space | 10.71% Space Free | Partition Type: NTFS

Drive D: | 144.04 Gb Total Space | 10.95 Gb Free Space | 7.60% Space Free | Partition Type: NTFS

Drive F: | 232.83 Gb Total Space | 10.96 Gb Free Space | 4.71% Space Free | Partition Type: FAT32

Drive H: | 931.28 Gb Total Space | 64.17 Gb Free Space | 6.89% Space Free | Partition Type: FAT32

Computer Name: IL | User Name: Ian | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\Windows\SysWow64\StkCSrv.exe

PRC - [2010/12/01 19:20:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ian\Desktop\OTL.exe

PRC - [2010/04/12 17:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/01/21 14:12:42 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe

PRC - [2009/09/22 14:09:02 | 000,156,672 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe

PRC - [2009/05/29 23:03:19 | 000,296,960 | ---- | M] () -- C:\Users\Ian\Documents\NetMeter114beta_4.exe

PRC - [2009/02/19 03:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

PRC - [2009/02/05 15:08:45 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2009/02/05 15:08:40 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2009/02/05 15:01:25 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/07/20 20:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2008/07/20 20:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

========== Modules (SafeList) ==========

MOD - [2010/12/01 19:20:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ian\Desktop\OTL.exe

MOD - [2010/11/30 21:08:45 | 000,012,800 | ---- | M] (Applian Technologies, Inc.) -- C:\Users\Ian\AppData\Local\FLVService\lib\FLVSrvLib.dll

MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

MOD - [2009/11/28 19:57:59 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985

d\msvcr80.dll

MOD - [2009/02/19 03:00:00 | 000,057,344 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\GameHook.dll

MOD - [2009/02/19 03:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)

SRV:64bit: - [2009/02/18 23:39:26 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2009/02/05 15:08:40 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)

SRV:64bit: - [2009/02/05 15:08:26 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)

SRV:64bit: - [2009/02/05 15:06:04 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)

SRV:64bit: - [2009/02/05 15:01:25 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)

SRV:64bit: - [2008/06/11 14:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)

SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/10/18 01:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)

SRV:64bit: - [2007/02/12 10:45:26 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\SysNative\StkCSrv.exe -- (StkSSrv)

SRV - [2010/03/07 07:54:10 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010/01/21 14:12:42 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted)

SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2009/07/16 18:16:44 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/11/17 10:51:58 | 001,128,944 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/07/20 20:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)

DRV:64bit: - [2009/10/20 13:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)

DRV:64bit: - [2009/06/12 19:42:36 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)

DRV:64bit: - [2009/02/05 15:07:17 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2009/02/05 15:07:07 | 000,064,592 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2008/12/18 22:47:30 | 000,041,488 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)

DRV:64bit: - [2008/12/18 22:47:18 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2008/12/18 22:47:10 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2008/09/18 02:15:28 | 000,325,120 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2008/09/12 13:21:38 | 000,651,776 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emBDA64.sys -- (USB28xxBGA)

DRV:64bit: - [2008/09/12 13:21:00 | 000,539,520 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emOEM64.sys -- (USB28xxOEM)

DRV:64bit: - [2008/08/14 05:38:48 | 001,148,416 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)

DRV:64bit: - [2008/07/20 20:44:54 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)

DRV:64bit: - [2008/07/10 21:29:08 | 007,912,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)

DRV:64bit: - [2008/06/29 16:52:44 | 000,126,976 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV:64bit: - [2008/06/26 19:24:20 | 000,020,520 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)

DRV:64bit: - [2008/06/16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2008/06/11 20:29:30 | 000,051,800 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys -- (O2SDRDR)

DRV:64bit: - [2008/05/12 23:48:38 | 000,062,424 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys -- (O2MDRDR)

DRV:64bit: - [2008/04/27 17:38:12 | 004,730,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®

DRV:64bit: - [2008/04/17 12:12:54 | 000,019,304 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/03/21 12:48:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\oem\int15\int15.sys -- (int15.sys)

DRV:64bit: - [2008/02/21 13:55:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)

DRV:64bit: - [2008/01/20 21:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)

DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)

DRV:64bit: - [2007/11/01 04:22:50 | 001,481,216 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)

DRV:64bit: - [2007/11/01 04:19:46 | 000,293,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)

DRV:64bit: - [2007/11/01 04:18:32 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)

DRV:64bit: - [2007/10/18 01:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)

DRV:64bit: - [2007/06/28 10:45:26 | 000,632,704 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\StkCMini.sys -- (StkCMini)

DRV:64bit: - [2007/06/22 16:59:50 | 000,077,824 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)

DRV:64bit: - [2007/04/26 04:38:44 | 000,305,976 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)

DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2006/06/19 00:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)

DRV - [2008/06/11 14:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...9&m=m-7301u

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...9&m=m-7301u

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2459022056-3700178970-410671791-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...9&m=m-7301u

IE - HKU\S-1-5-21-2459022056-3700178970-410671791-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

IE - HKU\S-1-5-21-2459022056-3700178970-410671791-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2459022056-3700178970-410671791-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKU\S-1-5-21-2459022056-3700178970-410671791-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2459022056-3700178970-410671791-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-2459022056-3700178970-410671791-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-2459022056-3700178970-410671791-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6

FF - prefs.js..extensions.enabledItems: orbit_ffext@orbitdownloader:2.0.3

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1

FF - prefs.js..extensions.enabledItems: {83BF9EF9-36F6-49C5-B7D5-A3C8F22C40BE}:1.9.1

FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4

FF - prefs.js..extensions.enabledItems: {241aae70-0022-11de-87af-0800200c9a66}:3.6.30.01.10

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\ProgramData\iWin Games\firefox [2010/02/02 13:23:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{83BF9EF9-36F6-49C5-B7D5-A3C8F22C40BE}: C:\Users\Ian\AppData\Local\{83BF9EF9-36F6-49C5-B7D5-A3C8F22C40BE}\ [2010/05/31 18:46:54 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/03 07:10:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/28 21:02:14 | 000,000,000 | ---D | M]

[2009/10/20 07:59:35 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mozilla\Extensions

[2009/10/20 07:59:35 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com

[2010/11/30 21:14:46 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\enuvtn5c.default\extensions

[2010/06/25 07:10:56 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\enuvtn5c.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}

[2009/12/07 18:28:26 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\enuvtn5c.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2010/08/09 22:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\enuvtn5c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2010/11/18 17:30:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\enuvtn5c.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/06/25 07:10:44 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\enuvtn5c.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}

[2010/11/18 17:30:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\enuvtn5c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/06/25 07:10:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\enuvtn5c.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2009/07/05 16:06:25 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\enuvtn5c.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}

[2010/10/09 10:43:08 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\enuvtn5c.default\extensions\fblayouts@hotlayouts2u.com

[2010/11/18 17:30:45 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\enuvtn5c.default\extensions\personas@christopher.beard

[2009/12/29 03:16:18 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\enuvtn5c.default\extensions\searchrecs@veoh.com

[2009/03/23 02:14:24 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\enuvtn5c.default\bookmarkbackups\extensions

[2009/03/23 02:14:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\enuvtn5c.default\bookmarkbackups\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/11/30 21:14:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/22 11:26:22 | 000,051,039 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 applian.securesites.com

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (FBLayouts Plugin) - {FF4E1D1D-705B-4379-AB33-22D98C1ABF55} - C:\Program Files (x86)\FBLayouts\fblayouts.dll (HotLayouts2U)

O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

O3 - HKU\S-1-5-21-2459022056-3700178970-410671791-1001\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2459022056-3700178970-410671791-1001..\Run: [NetMeter] C:\Users\Ian\Documents\NetMeter114beta_4.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]

O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Ian\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()

O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Free YouTube Download - C:\Users\Ian\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()

O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2459022056-3700178970-410671791-1001\..Trusted Domains: moove.com ([]* in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\PFW: DllName - Reg Error: Key error. - Reg Error: Value error. File not found

O24 - Desktop WallPaper: C:\Users\Ian\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Ian\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/12/16 22:17:56 | 000,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]

O32 - AutoRun File - [2008/02/25 10:30:42 | 000,000,054 | RHS- | M] () - F:\autorun.in_2.org -- [ FAT32 ]

O32 - AutoRun File - [2008/11/05 13:19:36 | 000,000,052 | RHS- | M] () - H:\autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2009/02/21 17:32:32 | 000,000,000 | ---D | M] - H:\autorun -- [ FAT32 ]

O33 - MountPoints2\{67939b74-c0fe-11df-b980-00e0b8ee0dbf}\Shell\Auto\command - "" = G:\launcher.exe -- File not found

O33 - MountPoints2\{aeea1a81-9ef3-11de-870b-00e0b8ee0dbf}\Shell\AutoRun\command - "" = H:\Setup.exe -- [2008/12/03 13:38:50 | 000,319,488 | ---- | M] (Western Digital Corporation)

O33 - MountPoints2\{b2539139-3e78-11de-9223-00e0b8ee0dbf}\Shell\AutoRun\command - "" = G:\WDSetup.exe -- File not found

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\WDSetup.exe -- File not found

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Setup.exe -- [2008/12/03 13:38:50 | 000,319,488 | ---- | M] (Western Digital Corporation)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-2459022056-3700178970-410671791-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found

Drivers32:64bit: msacm.ac3acm - AC3ACM.acm (fccHandler)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: vidc.XVID - xvidvfw.dll ()

Drivers32: msacm.clmp3enc - C:\Program Files (x86)\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

Drivers32: VIDC.WMV3 - C:\Windows\SysWow64\wmv9vcm.dll (Microsoft Corporation)

Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()

Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/12/01 19:20:43 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Ian\Desktop\OTL.exe

[2010/11/29 01:26:37 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Avira

[2010/11/29 01:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2010/11/29 01:25:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2010/11/27 13:42:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2010/11/25 07:51:45 | 000,089,680 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2010/11/25 07:51:45 | 000,027,216 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys

[2010/11/25 07:51:45 | 000,022,096 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2010/11/25 07:51:44 | 000,064,592 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2010/11/25 07:51:44 | 000,058,448 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2010/11/25 07:51:01 | 001,256,296 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe

[2010/11/25 07:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software

[2010/11/21 16:56:25 | 000,237,568 | ---- | C] (moove (www.moove.com)) -- C:\Windows\SysWow64\demoover.exe

[2010/11/21 16:56:25 | 000,082,896 | ---- | C] (moove (www.moove.com)) -- C:\Windows\SysWow64\KickCom2.dll

[2010/11/21 16:56:03 | 000,000,000 | ---D | C] -- C:\moove

[2010/11/17 14:02:11 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server

[2010/11/05 21:19:09 | 000,000,000 | ---D | C] -- C:\Users\Ian\Desktop\melissa

[2009/06/12 19:42:36 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Ian\AppData\Roaming\pcouffin.sys

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/01 19:20:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ian\Desktop\OTL.exe

[2010/12/01 19:20:40 | 000,709,154 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/12/01 19:20:40 | 000,608,884 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/12/01 19:20:40 | 000,105,952 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/12/01 19:08:26 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/12/01 19:08:26 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/12/01 18:50:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/12/01 13:53:10 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2010/12/01 00:50:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/30 21:08:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml

[2010/11/30 21:08:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/11/30 21:08:15 | 3146,690,560 | -HS- | M] () -- C:\hiberfil.sys

[2010/11/29 02:44:32 | 000,001,356 | ---- | M] () -- C:\Users\Ian\AppData\Local\d3d9caps.dat

[2010/11/29 02:43:38 | 000,002,464 | ---- | M] () -- C:\Users\Ian\Desktop\attach.zip

[2010/11/28 17:29:43 | 618,837,006 | ---- | M] () -- C:\Users\Ian\Desktop\Part2.avi

[2010/11/28 14:45:58 | 862,484,480 | ---- | M] () -- C:\Users\Ian\Desktop\Part1.avi

[2010/11/24 16:29:37 | 000,199,168 | ---- | M] () -- C:\Users\Ian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/19 18:05:40 | 000,010,971 | -HS- | M] () -- C:\Users\Ian\Desktop\Folder.jpg

[2010/11/19 18:05:40 | 000,002,558 | -HS- | M] () -- C:\Users\Ian\Desktop\AlbumArtSmall.jpg

[2010/11/18 18:39:14 | 094,799,634 | ---- | M] () -- C:\Users\Ian\Desktop\Blood Bros_ First Blood.mp3

[2010/11/13 18:09:03 | 734,185,472 | ---- | M] () -- C:\Users\Ian\Desktop\www.scene-ddl.com_dmd-ts3.avi

[2010/11/12 17:44:36 | 735,913,984 | ---- | M] () -- C:\Users\Ian\Desktop\The.Road.2009.DvDrip-aXXo.avi

[2010/11/12 16:40:39 | 000,431,372 | ---- | M] () -- C:\Users\Ian\Documents\bookmarksbackupnov2010.html

[2010/11/03 11:54:06 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\VLC.lnk

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/30 21:08:15 | 3146,690,560 | -HS- | C] () -- C:\hiberfil.sys

[2010/11/29 02:43:38 | 000,002,464 | ---- | C] () -- C:\Users\Ian\Desktop\attach.zip

[2010/11/28 17:15:50 | 618,837,006 | ---- | C] () -- C:\Users\Ian\Desktop\Part2.avi

[2010/11/28 13:59:05 | 862,484,480 | ---- | C] () -- C:\Users\Ian\Desktop\Part1.avi

[2010/11/25 07:51:14 | 000,434,824 | ---- | C] () -- C:\Users\Ian\AppData\Local\dd_vcredistMSI7CF7.txt

[2010/11/25 07:51:11 | 000,011,670 | ---- | C] () -- C:\Users\Ian\AppData\Local\dd_vcredistUI7CF7.txt

[2010/11/21 16:56:26 | 000,091,072 | ---- | C] () -- C:\Windows\SysWow64\RoseCo2.dll

[2010/11/21 16:56:03 | 000,003,310 | ---- | C] () -- C:\Windows\SysWow64\advanced.ico

[2010/11/21 16:56:03 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\rosewaste.ico

[2010/11/19 18:05:40 | 000,010,971 | -HS- | C] () -- C:\Users\Ian\Desktop\Folder.jpg

[2010/11/19 18:05:40 | 000,002,558 | -HS- | C] () -- C:\Users\Ian\Desktop\AlbumArtSmall.jpg

[2010/11/18 18:38:02 | 094,799,634 | ---- | C] () -- C:\Users\Ian\Desktop\Blood Bros_ First Blood.mp3

[2010/11/13 17:30:30 | 734,185,472 | ---- | C] () -- C:\Users\Ian\Desktop\www.scene-ddl.com_dmd-ts3.avi

[2010/11/12 17:16:23 | 735,913,984 | ---- | C] () -- C:\Users\Ian\Desktop\The.Road.2009.DvDrip-aXXo.avi

[2010/11/12 16:40:38 | 000,431,372 | ---- | C] () -- C:\Users\Ian\Documents\bookmarksbackupnov2010.html

[2010/11/03 11:54:06 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\VLC.lnk

[2010/08/09 01:01:33 | 000,229,660 | ---- | C] () -- C:\Users\Ian\AppData\Local\dd_ATL90SP1_KB973924MSI4D0E.txt

[2010/08/09 01:01:31 | 000,011,696 | ---- | C] () -- C:\Users\Ian\AppData\Local\dd_ATL90SP1_KB973924UI4D0E.txt

[2010/07/17 15:29:59 | 000,001,356 | ---- | C] () -- C:\Users\Ian\AppData\Local\d3d9caps.dat

[2010/07/11 03:53:03 | 000,360,278 | ---- | C] () -- C:\Users\Ian\AppData\Local\dd_vcredistMSI7675.txt

[2010/07/11 03:53:01 | 000,011,198 | ---- | C] () -- C:\Users\Ian\AppData\Local\dd_vcredistUI7675.txt

[2010/07/10 23:10:22 | 000,359,304 | ---- | C] () -- C:\Users\Ian\AppData\Local\dd_vcredistMSI1E1D.txt

[2010/07/10 23:10:21 | 000,011,118 | ---- | C] () -- C:\Users\Ian\AppData\Local\dd_vcredistUI1E1D.txt

[2010/05/31 18:46:55 | 000,000,120 | ---- | C] () -- C:\Users\Ian\AppData\Local\Icufodoru.dat

[2010/05/31 18:46:55 | 000,000,000 | ---- | C] () -- C:\Users\Ian\AppData\Local\Jzikeciluvunebu.bin

[2010/05/12 12:23:07 | 000,422,782 | ---- | C] () -- C:\Users\Ian\AppData\Local\dd_vcredistMSI2CE2.txt

[2010/05/12 12:23:06 | 000,012,190 | ---- | C] () -- C:\Users\Ian\AppData\Local\dd_vcredistUI2CE2.txt

[2010/04/10 14:16:32 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2010/04/10 14:16:32 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2010/02/01 15:56:04 | 000,009,668 | -HS- | C] () -- C:\Users\Ian\AppData\Local\3067W2i6Qn

[2010/01/28 09:30:38 | 000,199,168 | ---- | C] () -- C:\Users\Ian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/27 08:03:09 | 000,011,006 | -HS- | C] () -- C:\Users\Ian\AppData\Local\WRblt8464P

[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

[2009/10/07 21:42:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\mpglib.dll

[2009/07/05 12:18:11 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2009/06/20 22:18:40 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009/06/20 22:14:03 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/12 19:45:51 | 000,000,671 | ---- | C] () -- C:\Users\Ian\AppData\Roaming\vso_ts_preview.xml

[2009/06/12 19:44:40 | 000,000,034 | ---- | C] () -- C:\Users\Ian\AppData\Roaming\pcouffin.log

[2009/06/12 19:42:36 | 000,099,384 | ---- | C] () -- C:\Users\Ian\AppData\Roaming\inst.exe

[2009/06/12 19:42:36 | 000,007,859 | ---- | C] () -- C:\Users\Ian\AppData\Roaming\pcouffin.cat

[2009/06/12 19:42:36 | 000,001,167 | ---- | C] () -- C:\Users\Ian\AppData\Roaming\pcouffin.inf

[2009/06/11 17:10:22 | 000,001,610 | ---- | C] () -- C:\Windows\TVEpaDrv.ini

[2009/04/23 18:08:38 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll

[2009/04/13 12:05:45 | 000,000,000 | ---- | C] () -- C:\Windows\cdplayer.ini

[2009/04/12 14:55:54 | 000,000,571 | ---- | C] () -- C:\Users\Ian\AppData\Roaming\AutoGK.ini

[2009/03/29 10:56:44 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2009/03/28 23:21:28 | 000,007,340 | ---- | C] () -- C:\Users\Ian\AppData\Local\d3d9caps64.dat

[2009/03/25 21:40:00 | 000,000,276 | ---- | C] () -- C:\Windows\wininit.ini

[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2007/09/04 10:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

========== LOP Check ==========

[2009/07/31 09:34:35 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Aisle 5 Games, Inc

[2009/10/07 21:39:01 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\AVCWare Studio

[2009/05/03 14:18:13 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\avidemux

[2010/09/29 16:26:11 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Coby

[2010/09/29 17:45:43 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Coby Media Manager

[2010/07/05 13:19:19 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\DonationCoder

[2010/08/09 22:52:43 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\DVDVideoSoftIEHelpers

[2010/06/12 12:05:30 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Facebook

[2009/06/05 14:43:55 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\HandBrake

[2010/03/17 19:11:06 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\ImgBurn

[2010/05/03 06:47:39 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Imprudence

[2009/04/10 06:16:30 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Ludia

[2009/04/10 06:27:58 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\My Games

[2010/11/30 21:06:28 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\NetMeter

[2010/10/08 18:43:36 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Orbit

[2010/06/12 17:14:16 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Outertech

[2009/04/10 06:38:34 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\PlayFirst

[2009/07/25 20:09:35 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\PoBros

[2009/07/29 20:34:38 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Reflexivev1002

[2010/09/09 10:36:38 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\SecondLife

[2010/07/13 13:25:46 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\SPORE

[2009/07/23 18:09:57 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\The Creative Assembly

[2009/04/17 00:43:29 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Ulead Systems

[2009/07/03 10:33:21 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\URSoft

[2010/02/27 15:43:30 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Vso

[2009/03/22 23:07:59 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\WildTangent

[2009/07/05 08:47:56 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\WinPatrol

[2010/07/10 23:36:51 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Worldwinner

[2010/01/02 09:09:02 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Xi

[2010/11/24 22:39:37 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2008/08/19 06:52:27 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2009/07/05 09:18:03 | 001,786,546 | ---- | M] () -- C:\caisslog.txt

[2010/11/30 21:08:15 | 3146,690,560 | -HS- | M] () -- C:\hiberfil.sys

[2008/08/19 06:56:49 | 000,000,165 | ---- | M] () -- C:\Labelprint.log

[2010/11/30 21:08:10 | 3460,427,776 | -HS- | M] () -- C:\pagefile.sys

[2009/01/12 16:02:28 | 000,000,163 | ---- | M] () -- C:\power2go.log

[2010/08/08 10:38:17 | 000,000,266 | ---- | M] () -- C:\rkill.log

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< MD5 for: EXPLORER.EXE >

[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe

[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe

[2008/10/29 01:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe

[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe

[2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe

[2008/10/27 21:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe

[2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=A9B42FC18B53B08BC31E124F4F3EA750 -- C:\Windows\explorer.exe

[2008/10/29 01:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe

[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe

[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe

[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe

[2008/10/30 00:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe

[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe

[2008/01/20 21:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe

[2008/01/20 21:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: WINLOGON.EXE >

[2009/04/11 02:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe

[2008/01/20 21:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe

[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe

[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe

[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008/01/20 21:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:5CF3BE26BFE3A219

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:42C1964D

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B3D74A13

< End of report >

And here is Extras.txt:

OTL Extras logfile created on: 12/1/2010 7:24:24 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Ian\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 144.04 Gb Total Space | 15.43 Gb Free Space | 10.71% Space Free | Partition Type: NTFS

Drive D: | 144.04 Gb Total Space | 10.95 Gb Free Space | 7.60% Space Free | Partition Type: NTFS

Drive F: | 232.83 Gb Total Space | 10.96 Gb Free Space | 4.71% Space Free | Partition Type: FAT32

Drive H: | 931.28 Gb Total Space | 64.17 Gb Free Space | 6.89% Space Free | Partition Type: FAT32

Computer Name: IL | User Name: Ian | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.ini[@ = GetDiz.Document] -- C:\Program Files (x86)\GetDiz\GetDiz.exe (Outertech - http://outertech.com)

.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.ini [@ = GetDiz.Document] -- C:\Program Files (x86)\GetDiz\GetDiz.exe (Outertech - http://outertech.com)

[HKEY_USERS\S-1-5-21-2459022056-3700178970-410671791-1001\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]

"DisableMonitoring" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 1

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

"VistaSp2" = 4B 8E 78 5B 75 F2 C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2459022056-3700178970-410671791-1001]

"EnableNotifications" = 0

"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0FD6D274-F7A5-47EF-AF65-8E019CF9742B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{170B602C-6CDB-456B-B27B-EAFF6F812CCE}" = lport=2869 | protocol=6 | dir=in | app=system |

"{18C1052E-F674-452F-AC22-BED7CB687EDF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{4BFA9081-7A29-478B-BB2D-C162687DA32B}" = lport=445 | protocol=6 | dir=in | app=system |

"{72E43BB1-641E-4BE5-964C-19EC6B4CF470}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{754278CB-96BC-47D5-967E-3DC69EFC4347}" = rport=138 | protocol=17 | dir=out | app=system |

"{879ACBE8-52E7-4AF3-862A-6B01D5270717}" = lport=139 | protocol=6 | dir=in | app=system |

"{981025BA-6F4F-4E8A-A496-8FD39B6D359B}" = lport=138 | protocol=17 | dir=in | app=system |

"{A50586E3-D80A-4D67-BD64-89D6AFE93558}" = lport=137 | protocol=17 | dir=in | app=system |

"{AD70B8B0-0C03-4B0A-8AB9-B4ACB3CC2223}" = rport=137 | protocol=17 | dir=out | app=system |

"{BAEDE7EF-6FA6-49C8-9309-C737C4FF7519}" = rport=445 | protocol=6 | dir=out | app=system |

"{E17F5F98-6964-4F18-94C4-51556FA091E9}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0D7657A9-FF99-4D41-9486-C2D29F27CFCC}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |

"{0EBF6D48-35E5-4FF1-80A2-53F851FF63E5}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |

"{2744A9C9-B066-42C8-AA35-D9D027BCECB7}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{29B3DA1A-6CDD-440F-AB83-55DF906047BF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{39900E8A-7424-402F-B3E9-52FFD78FCC6C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\killerklownfromouterspace\team fortress classic\hl.exe |

"{42906868-18DF-4514-96FB-16DFA342F078}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{615E62E8-BF80-479C-B93E-EB054D2027F0}" = dir=in | app=c:\program files (x86)\msn messenger\livecall.exe |

"{63F49934-8326-4AF2-9F78-FF124BD36851}" = dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |

"{6E54B13F-5BA5-40A0-9347-898B6D52E656}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\killerklownfromouterspace\team fortress classic\hl.exe |

"{7C7AB233-5078-4724-9BE1-4512263999DD}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe |

"{7FA6279E-61F5-4C4D-9047-6B90A5795B11}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe |

"{83C5DF9B-71DB-42DB-921A-4F2E2B38BC94}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe |

"{83DF7E6B-48B0-47C2-8036-175830F1BB4C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{8480BF6F-467D-4D5F-A6F2-45A7295B0ED9}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |

"{8B6BDC6C-0510-48C6-992A-373B97BAB541}" = protocol=17 | dir=in | app=c:\windows\system32\wuapp.exe |

"{9ABB79CD-3553-4B20-80DC-327A54355261}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{9ECE03A1-2B88-4F48-A3D8-C379B3AE4E5A}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |

"{B819EC73-06CC-4E94-9D6B-C8EF8DE9CAF8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{BBC474BF-1E98-4F53-8E64-124D2FD5A107}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{C5938BB4-D87B-4A42-8C89-40A08D43F91E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{D3A2BCD6-D3FC-4443-B74F-4390D3023D28}" = protocol=6 | dir=in | app=c:\windows\system32\wuapp.exe |

"{E617CB45-6131-4F1C-BE5C-231B734E64ED}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |

"{E94A6039-6B4C-4E0D-8D4E-E1B49AE97B8B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{F8566A96-1914-4089-BA1D-6CD68780F43A}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe |

"{FF1051EF-F642-4543-8C16-1C824CE34685}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"TCP Query User{285EE7FA-C99B-4518-B21D-77C5E1EBF370}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"TCP Query User{33BDDF70-85F8-4C48-B036-1BBC791DACF9}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"TCP Query User{717B0687-6A20-4C3F-88EB-793B6E2496D0}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |

"TCP Query User{B2055259-2A88-4B02-9389-980E28384D2D}C:\program files (x86)\xi\netxfer\nettransport.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xi\netxfer\nettransport.exe |

"TCP Query User{C0FD180E-4A47-4CB9-9BC1-38D85C04C3D5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"TCP Query User{C9AC6A24-3F03-46B4-9507-750A3DFF67FC}C:\program files (x86)\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\secondlifeviewer2\slvoice.exe |

"TCP Query User{F14B1561-C2E4-4D33-8988-4D1C8F8D56E8}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |

"UDP Query User{0BD8C10C-9781-49BF-9949-0FA066E170DF}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"UDP Query User{1EFC71E3-4C5B-4352-8CEB-02393BEEE245}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"UDP Query User{4C7B3C12-742B-4D6D-B2A8-A76787047844}C:\program files (x86)\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\secondlifeviewer2\slvoice.exe |

"UDP Query User{7B3F61B0-2AEA-4E7A-9796-B9AF840A9FCD}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |

"UDP Query User{A6F1A075-699D-4E92-8095-ACAC0CBD38C6}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{AEFA9585-0F06-4C1A-B657-FBD359A9A39C}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |

"UDP Query User{BBFFE112-C840-421E-B7AC-FB25ABD3117B}C:\program files (x86)\xi\netxfer\nettransport.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xi\netxfer\nettransport.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = CA Anti-Virus Plus

"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel

Link to post
Share on other sites
Gammo

Gammo

Posted
Posted

Hi,

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *winlogon*
    *explorer*
    *wininit*


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites
sknois7

sknois7

Posted
  • Author
Posted

SystemLook 04.09.10 by jpshortstuff

Log created at 19:17 on 06/12/2010 by Ian

Administrator - Elevation successful

WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "*winlogon*"

C:\Windows\System32\winlogon.exe --a---- 314368 bytes [03:14 21/06/2009] [06:28 11/04/2009] 898E7C06A350D4A1A64A9EA264D55452

C:\Windows\System32\en-US\winlogon.exe.mui --a---- 28672 bytes [02:52 21/01/2008] [02:52 21/01/2008] 26AC28BF50DC112BAA794A83E08588F0

C:\Windows\System32\licensing\ppdlic\Winlogon-Licensing-ppdlic.xrm-ms --a---- 3018 bytes [02:50 21/01/2008] [02:50 21/01/2008] E043EADA7489A167B0205E08488DAD37

C:\Windows\System32\migwiz\dlmanifests\winlogon-DL.man --a---- 2998 bytes [15:02 02/11/2006] [15:02 02/11/2006] CF8FF0BBE15306D64E7D360A748074C6

C:\Windows\System32\wbem\winlogon.mof --a---- 2794 bytes [12:24 02/11/2006] [21:41 18/09/2006] 545C578F290B9CDD280966939935B9EA

C:\Windows\SysWOW64\winlogon.exe --a---- 314368 bytes [03:14 21/06/2009] [06:28 11/04/2009] 898E7C06A350D4A1A64A9EA264D55452

C:\Windows\SysWOW64\en-US\winlogon.exe.mui --a---- 28672 bytes [02:52 21/01/2008] [02:52 21/01/2008] 26AC28BF50DC112BAA794A83E08588F0

C:\Windows\SysWOW64\licensing\ppdlic\Winlogon-Licensing-ppdlic.xrm-ms --a---- 3018 bytes [02:50 21/01/2008] [02:50 21/01/2008] E043EADA7489A167B0205E08488DAD37

C:\Windows\SysWOW64\migwiz\dlmanifests\winlogon-DL.man --a---- 2998 bytes [15:02 02/11/2006] [15:02 02/11/2006] CF8FF0BBE15306D64E7D360A748074C6

C:\Windows\SysWOW64\wbem\winlogon.mof --a---- 2794 bytes [12:24 02/11/2006] [21:41 18/09/2006] 545C578F290B9CDD280966939935B9EA

C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_5e9751023bf73111\winlogon-DL.man --a---- 2998 bytes [15:01 02/11/2006] [15:01 02/11/2006] CF8FF0BBE15306D64E7D360A748074C6

C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_6082ca0e3918fc5d\winlogon-DL.man --a---- 2998 bytes [15:01 02/11/2006] [15:01 02/11/2006] CF8FF0BBE15306D64E7D360A748074C6

C:\Windows\winsxs\amd64_microsoft-windows-winlogon-licensing_31bf3856ad364e35_6.0.6001.18000_none_8fcfeb3495d6db6e\Winlogon-Licensing-ppdlic.xrm-ms --a---- 3018 bytes [02:49 21/01/2008] [02:49 21/01/2008] ABE10B703FB4D47830A06CAE19730961

C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_da20a358315a3dca\winlogon.mof --a---- 2794 bytes [07:46 02/11/2006] [21:38 18/09/2006] 545C578F290B9CDD280966939935B9EA

C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_24e06b12bf88d29c\winlogon.exe.mui --a---- 19968 bytes [15:13 02/11/2006] [15:13 02/11/2006] 2D30AB05DBA78517B34C0AAC71DF5299

C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_27172d0ebc73e370\winlogon.exe.mui --a---- 19968 bytes [02:52 21/01/2008] [02:52 21/01/2008] 1DB95B0920FA9783476AC46F187C06F6

C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe --a---- 406016 bytes [02:49 21/01/2008] [02:49 21/01/2008] 856491FCED98093D824B9EB2892F564A

C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe --a---- 405504 bytes [03:14 21/06/2009] [07:11 11/04/2009] 6D0773A3A65D28B663F334C90441D01A

C:\Windows\winsxs\Backup\amd64_microsoft-windows-winlogon-sysntfy_31bf3856ad364e35_6.0.6001.18000_none_b1918ea5c810b684.manifest --a---- 10243 bytes [03:11 21/01/2008] [02:55 21/01/2008] 510E221AB66EA0064D9C85B1046E9E1F

C:\Windows\winsxs\Backup\amd64_microsoft-windows-winlogon-sysntfy_31bf3856ad364e35_6.0.6001.18000_none_b1918ea5c810b684_sysntfy.dll_6c0b60

ae --a---- 21504 bytes [03:11 21/01/2008] [02:55 21/01/2008] 009456399B31D69C67654F6C3618D9A8

C:\Windows\winsxs\Backup\amd64_microsoft-windows-winlogon-tools_31bf3856ad364e35_6.0.6000.16386_none_ee5b535d486e37bb.manifest --a---- 6390 bytes [13:08 02/11/2006] [13:05 02/11/2006] FC983E69C05D997FA7B5BBBD11045097

C:\Windows\winsxs\Backup\amd64_microsoft-windows-winlogon-tools_31bf3856ad364e35_6.0.6000.16386_none_ee5b535d486e37bb_mpnotify.exe_bd6992f

8 --a---- 17920 bytes [13:08 02/11/2006] [13:05 02/11/2006] 71A986FEAAA1ED1DE47E6F7CCBBFB588

C:\Windows\winsxs\Backup\amd64_microsoft-windows-winlogon-tools_31bf3856ad364e35_6.0.6000.16386_none_ee5b535d486e37bb_wlrmdr.exe_f8ebac58 --a---- 35840 bytes [13:08 02/11/2006] [13:05 02/11/2006] 5207D2B0470A3562F45422AB621E8323

C:\Windows\winsxs\Backup\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_27172d0ebc73e370.manifest --a---- 2703 bytes [03:11 21/01/2008] [02:55 21/01/2008] 8801F20FE0D30CC4FF540DC53A5AF7EB

C:\Windows\winsxs\Backup\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_27172d0ebc73e370_winlogon.exe.mui_3280fc46 --a---- 19968 bytes [03:11 21/01/2008] [02:55 21/01/2008] 1DB95B0920FA9783476AC46F187C06F6

C:\Windows\winsxs\Backup\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877.manifest --a---- 21483 bytes [13:30 21/06/2009] [13:11 21/06/2009] 58FEBE9F54A8F66CB5AE004BC299695F

C:\Windows\winsxs\Backup\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877_winlogon.exe_ac37

d0c5 --a---- 405504 bytes [13:30 21/06/2009] [13:11 21/06/2009] 6D0773A3A65D28B663F334C90441D01A

C:\Windows\winsxs\Backup\x86_microsoft-windows-winlogon-sysntfy_31bf3856ad364e35_6.0.6001.18000_none_5572f3220fb3454e.manifest --a---- 10231 bytes [03:10 21/01/2008] [02:55 21/01/2008] 484A800D1241C91C827DBCEBD5068705

C:\Windows\winsxs\Backup\x86_microsoft-windows-winlogon-sysntfy_31bf3856ad364e35_6.0.6001.18000_none_5572f3220fb3454e_sysntfy.dll_6c0b60

ae --a---- 15360 bytes [03:10 21/01/2008] [02:55 21/01/2008] 71F5A7104FDF16C0AC5283A6CE666553

C:\Windows\winsxs\Backup\x86_microsoft-windows-winlogon-tools_31bf3856ad364e35_6.0.6000.16386_none_923cb7d99010c685.manifest --a---- 6370 bytes [13:08 02/11/2006] [13:05 02/11/2006] 39EA6EDA2A25A6B81303D0AE92EB7AC5

C:\Windows\winsxs\Backup\x86_microsoft-windows-winlogon-tools_31bf3856ad364e35_6.0.6000.16386_none_923cb7d99010c685_mpnotify.exe_bd6992f

8 --a---- 14336 bytes [13:08 02/11/2006] [13:05 02/11/2006] 46DD33E12D12A03CABF009FBB3F3D0E4

C:\Windows\winsxs\Backup\x86_microsoft-windows-winlogon-tools_31bf3856ad364e35_6.0.6000.16386_none_923cb7d99010c685_wlrmdr.exe_f8ebac58 --a---- 34304 bytes [13:08 02/11/2006] [13:05 02/11/2006] A6BE08D85AB7FA9B45C10F180417CC35

C:\Windows\winsxs\Backup\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_caf8918b0416723a.manifest --a---- 2701 bytes [03:12 21/01/2008] [02:55 21/01/2008] 64DF20E97C1379A308CE920BF0CA38CD

C:\Windows\winsxs\Backup\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_caf8918b0416723a_winlogon.exe.mui_3280fc46 --a---- 28672 bytes [03:12 21/01/2008] [02:55 21/01/2008] 26AC28BF50DC112BAA794A83E08588F0

C:\Windows\winsxs\Backup\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741.manifest --a---- 21441 bytes [13:30 21/06/2009] [13:13 21/06/2009] 62AD4D43415EBD6C84B8F88B1EBE8DEC

C:\Windows\winsxs\Backup\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741_winlogon.exe_ac37

d0c5 --a---- 314368 bytes [13:30 21/06/2009] [13:13 21/06/2009] 898E7C06A350D4A1A64A9EA264D55452

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-winlogon-events_31bf3856ad364e35_6.0.6000.16386_none_67250626437d20c1.manifest --a---- 22182 bytes [12:31 02/11/2006] [12:16 02/11/2006] 23E575DDA343FF06648CA1DEF7AA602A

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-winlogon-events_31bf3856ad364e35_6.0.6001.18000_none_695bc82240683195.manifest --a---- 22735 bytes [02:38 21/01/2008] [02:38 21/01/2008] 515AD85CD2C3D0965F1F4284849A01A1

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-winlogon-licensing_31bf3856ad364e35_6.0.6000.16386_none_8d99293898ebca9a.manifest --a---- 2566 bytes [12:31 02/11/2006] [12:19 02/11/2006] 04C5804F7D863DB20B51C4B15F71DF0C

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-winlogon-licensing_31bf3856ad364e35_6.0.6001.18000_none_8fcfeb3495d6db6e.manifest --a---- 2566 bytes [02:40 21/01/2008] [02:40 21/01/2008] 2D33C07D17458D562A0CEBC42392E05F

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_da20a358315a3dca.manifest --a---- 1580 bytes [12:31 02/11/2006] [12:20 02/11/2006] 074A325FF168136A36E3B0A9B97F5C3D

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-winlogon-sysntfy_31bf3856ad364e35_6.0.6000.16386_none_af5acca9cb25a5b0.manifest --a---- 10188 bytes [12:30 02/11/2006] [12:21 02/11/2006] 84CF68CC1D5E974E7579EBBB59C9E4B3

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-winlogon-sysntfy_31bf3856ad364e35_6.0.6001.18000_none_b1918ea5c810b684.manifest --a---- 10243 bytes [02:41 21/01/2008] [02:41 21/01/2008] 510E221AB66EA0064D9C85B1046E9E1F

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-winlogon-tools_31bf3856ad364e35_6.0.6000.16386_none_ee5b535d486e37bb.manifest --a---- 6390 bytes [12:31 02/11/2006] [12:21 02/11/2006] FC983E69C05D997FA7B5BBBD11045097

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_24e06b12bf88d29c.manifest --a---- 2703 bytes [15:11 02/11/2006] [15:11 02/11/2006] 2EDE5C289CFADB75D4DFE6891C7FF0B2

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_27172d0ebc73e370.manifest --a---- 2703 bytes [02:44 21/01/2008] [02:44 21/01/2008] 8801F20FE0D30CC4FF540DC53A5AF7EB

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_c9aada9e9063dc57.manifest --a---- 21483 bytes [12:31 02/11/2006] [12:20 02/11/2006] 5633B5752B1221FEA4F7D95F452EEDE4

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b.manifest --a---- 21483 bytes [02:40 21/01/2008] [02:40 21/01/2008] 9DA15F1B9A472F27F7A609E8B4801470

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877.manifest ------- 21483 bytes [01:56 21/06/2009] [04:42 11/04/2009] 58FEBE9F54A8F66CB5AE004BC299695F

C:\Windows\winsxs\Manifests\x86_microsoft-windows-winlogon-events_31bf3856ad364e35_6.0.6000.16386_none_0b066aa28b1faf8b.manifest --a---- 22180 bytes [12:31 02/11/2006] [10:04 02/11/2006] 51E8557488A021987F303B1B4DD7AFBB

C:\Windows\winsxs\Manifests\x86_microsoft-windows-winlogon-events_31bf3856ad364e35_6.0.6001.18000_none_0d3d2c9e880ac05f.manifest --a---- 22733 bytes [02:40 21/01/2008] [02:40 21/01/2008] 0E3FAC2121D841CE29945EB381C6123B

C:\Windows\winsxs\Manifests\x86_microsoft-windows-winlogon-licensing_31bf3856ad364e35_6.0.6000.16386_none_317a8db4e08e5964.manifest --a---- 2564 bytes [12:31 02/11/2006] [10:09 02/11/2006] AF1221BA87FA6470EC749CAE14E58BFB

C:\Windows\winsxs\Manifests\x86_microsoft-windows-winlogon-licensing_31bf3856ad364e35_6.0.6001.18000_none_33b14fb0dd796a38.manifest --a---- 2564 bytes [02:42 21/01/2008] [02:42 21/01/2008] CD5224D9A4E5A3E5C7F8B8516299006B

C:\Windows\winsxs\Manifests\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_7e0207d478fccc94.manifest --a---- 1576 bytes [12:31 02/11/2006] [10:12 02/11/2006] 3223860A2537E723CCEC9A097B053963

C:\Windows\winsxs\Manifests\x86_microsoft-windows-winlogon-sysntfy_31bf3856ad364e35_6.0.6000.16386_none_533c312612c8347a.manifest --a---- 10176 bytes [12:31 02/11/2006] [10:13 02/11/2006] 50AB21FBE6748D4535B0B8B8FA489392

C:\Windows\winsxs\Manifests\x86_microsoft-windows-winlogon-sysntfy_31bf3856ad364e35_6.0.6001.18000_none_5572f3220fb3454e.manifest --a---- 10231 bytes [02:37 21/01/2008] [02:37 21/01/2008] 484A800D1241C91C827DBCEBD5068705

C:\Windows\winsxs\Manifests\x86_microsoft-windows-winlogon-tools_31bf3856ad364e35_6.0.6000.16386_none_923cb7d99010c685.manifest --a---- 6370 bytes [12:31 02/11/2006] [10:15 02/11/2006] 39EA6EDA2A25A6B81303D0AE92EB7AC5

C:\Windows\winsxs\Manifests\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c8c1cf8f072b6166.manifest --a---- 2701 bytes [15:11 02/11/2006] [15:11 02/11/2006] 6A6638DCFAEDE7DE97B4C676B957B933

C:\Windows\winsxs\Manifests\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_caf8918b0416723a.manifest --a---- 2701 bytes [02:44 21/01/2008] [02:44 21/01/2008] 64DF20E97C1379A308CE920BF0CA38CD

C:\Windows\winsxs\Manifests\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21.manifest --a---- 21441 bytes [12:31 02/11/2006] [10:11 02/11/2006] 440D7BBA2C8940011E5C828564F7FFE6

C:\Windows\winsxs\Manifests\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5.manifest --a---- 21441 bytes [02:41 21/01/2008] [02:41 21/01/2008] 897A9A0AA3DDF2EDD1B3CC301088BFF4

C:\Windows\winsxs\Manifests\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741.manifest ------- 21441 bytes [01:56 21/06/2009] [04:14 11/04/2009] 62AD4D43415EBD6C84B8F88B1EBE8DEC

C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\winlogon-DL.man --a---- 2998 bytes [15:02 02/11/2006] [15:02 02/11/2006] CF8FF0BBE15306D64E7D360A748074C6

C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\winlogon-DL.man --a---- 2998 bytes [15:02 02/11/2006] [15:02 02/11/2006] CF8FF0BBE15306D64E7D360A748074C6

C:\Windows\winsxs\x86_microsoft-windows-winlogon-licensing_31bf3856ad364e35_6.0.6001.18000_none_33b14fb0dd796a38\Winlogon-Licensing-ppdlic.xrm-ms --a---- 3018 bytes [02:50 21/01/2008] [02:50 21/01/2008] E043EADA7489A167B0205E08488DAD37

C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_7e0207d478fccc94\winlogon.mof --a---- 2794 bytes [12:24 02/11/2006] [21:41 18/09/2006] 545C578F290B9CDD280966939935B9EA

C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c8c1cf8f072b6166\winlogon.exe.mui --a---- 28672 bytes [15:13 02/11/2006] [15:13 02/11/2006] A1D2856F3EC3C86EBBF1442B0245A8B3

C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_caf8918b0416723a\winlogon.exe.mui --a---- 28672 bytes [02:52 21/01/2008] [02:52 21/01/2008] 26AC28BF50DC112BAA794A83E08588F0

C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe --a---- 314880 bytes [02:50 21/01/2008] [02:50 21/01/2008] C2610B6BDBEFC053BBDAB4F1B965CB24

C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe --a---- 314368 bytes [03:14 21/06/2009] [06:28 11/04/2009] 898E7C06A350D4A1A64A9EA264D55452

Searching for "*explorer*"

C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 226 bytes [15:33 02/11/2006] [03:20 21/01/2008] (Unable to calculate MD5)

C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 226 bytes [15:33 02/11/2006] [03:20 21/01/2008] 1549862E20C3C97A223A3536BAAA482F

C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 226 bytes [15:33 02/11/2006] [03:20 21/01/2008] 1549862E20C3C97A223A3536BAAA482F

C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 226 bytes [15:33 02/11/2006] [03:20 21/01/2008] 1549862E20C3C97A223A3536BAAA482F

C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 226 bytes [15:33 02/11/2006] [03:20 21/01/2008] 1549862E20C3C97A223A3536BAAA482F

C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 226 bytes [15:33 02/11/2006] [03:20 21/01/2008] 1549862E20C3C97A223A3536BAAA482F

C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 226 bytes [15:33 02/11/2006] [03:20 21/01/2008] 1549862E20C3C97A223A3536BAAA482F

C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 226 bytes [15:33 02/11/2006] [03:20 21/01/2008] 1549862E20C3C97A223A3536BAAA482F

C:\ProgramData\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 226 bytes [15:33 02/11/2006] [03:20 21/01/2008] 1549862E20C3C97A223A3536BAAA482F

C:\ProgramData\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 226 bytes [15:33 02/11/2006] [03:20 21/01/2008] 1549862E20C3C97A223A3536BAAA482F

C:\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 226 bytes [15:33 02/11/2006] [03:20 21/01/2008] 1549862E20C3C97A223A3536BAAA482F

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 226 bytes [15:33 02/11/2006] [03:20 21/01/2008] 1549862E20C3C97A223A3536BAAA482F

C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 226 bytes [15:33 02/11/2006] [03:20 21/01/2008] 1549862E20C3C97A223A3536BAAA482F

C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 226 bytes [15:33 02/11/2006] [03:20 21/01/2008] 1549862E20C3C97A223A3536BAAA482F

C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 226 bytes [15:33 02/11/2006] [03:20 21/01/2008] 1549862E20C3C97A223A3536BAAA482F

C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 226 bytes [15:33 02/11/2006] [03:20 21/01/2008] 1549862E20C3C97A223A3536BAAA482F

C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 226 bytes [15:33 02/11/2006] [03:20 21/01/2008] 1549862E20C3C97A223A3536BAAA482F

C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 226 bytes [15:33 02/11/2006] [03:20 21/01/2008] 1549862E20C3C97A223A3536BAAA482F

C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 226 bytes [15:33 02/11/2006] [03:20 21/01/2008] 1549862E20C3C97A223A3536BAAA482F

C:\Users\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 226 bytes [15:33 02/11/2006] [03:20 21/01/2008] 1549862E20C3C97A223A3536BAAA482F

C:\Users\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 226 bytes [15:33 02/11/2006] [03:20 21/01/2008] 1549862E20C3C97A223A3536BAAA482F

C:\Users\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 226 bytes [15:33 02/11/2006] [03:20 21/01/2008] 1549862E20C3C97A223A3536BAAA482F

C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 226 bytes [15:33 02/11/2006] [03:20 21/01/2008] 1549862E20C3C97A223A3536BAAA482F

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk --a---- 1537 bytes [15:25 02/11/2006] [03:20 21/01/2008] 13B637650BD7F61D44A77F08A743AFE6

C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk --a---- 951 bytes [00:12 23/03/2009] [12:09 05/06/2009] 7FF2D1BD84E11CEC56CFC14B97EC44C9

C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk --a---- 981 bytes [00:12 23/03/2009] [12:09 05/06/2009] 9518CBC1385BD70564D90124C72375AC

C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk --a---- 1537 bytes [00:12 23/03/2009] [03:20 21/01/2008] 13B637650BD7F61D44A77F08A743AFE6

C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk --a---- 1011 bytes [00:12 23/03/2009] [12:09 05/06/2009] E3E2A6E00B8BC553AFCA969CBBB76087

C:\Users\Ian\Favorites\Music\AM\Clips\HOHclips\explorer.wav --a---- 38580 bytes [22:09 30/05/2009] [00:10 22/06/2009] 69EA40A918CEC6C88E21A124067C3CC2

C:\Users\radioshack\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk --a---- 975 bytes [19:13 27/02/2009] [19:14 27/02/2009] 6868BA29022A9399B4E85459B8F4F64F

C:\Users\radioshack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk --a---- 951 bytes [19:14 27/02/2009] [19:14 27/02/2009] ABE8119B268E18A2B44208FF23C9DE9A

C:\Users\radioshack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk --a---- 981 bytes [19:14 27/02/2009] [19:14 27/02/2009] 5D52C8E0BC635E66AB6F2125BBBD3C32

C:\Users\radioshack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk --a---- 1537 bytes [19:12 27/02/2009] [03:20 21/01/2008] 13B637650BD7F61D44A77F08A743AFE6

C:\Users\radioshack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk --a---- 1011 bytes [19:14 27/02/2009] [19:14 27/02/2009] 9BDA92D6A2D23E99E48A8F46D1E2D60B

C:\Windows\explorer.exe --a---- 3079168 bytes [03:17 21/06/2009] [07:10 11/04/2009] A9B42FC18B53B08BC31E124F4F3EA750

C:\Windows\en-US\explorer.exe.mui --a---- 27136 bytes [15:13 02/11/2006] [15:13 02/11/2006] 872D519975CA4D7CC596FC93470D49E0

C:\Windows\Prefetch\EXPLORER.EXE-254441E9.pf --a---- 193960 bytes [23:15 25/11/2010] [23:15 25/11/2010] F5B76D485E3DC573D6801B806A05B39E

C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf --a---- 194090 bytes [01:04 22/11/2010] [00:51 03/12/2010] F8F9B58357919BCC676596DFD41BD50E

C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-8-Package-MiniLP~31bf3856ad364e35~amd64~en-US~8.0.6001.18702.cat --a---- 7576 bytes [18:17 03/06/2009] [22:18 08/03/2009] 04A478FB689AA1864EB3F26AEAE791E9

C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-8-Package-MiniLP~31bf3856ad364e35~amd64~en-US~8.0.6001.18702.mum --a---- 1646 bytes [18:17 03/06/2009] [22:16 08/03/2009] B0F8BE21EEF8ED0677468F01CB079B78

C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-8-Package-TopLevel~31bf3856ad364e35~amd64~~8.0.6001.18702.cat --a---- 7576 bytes [18:17 03/06/2009] [22:18 08/03/2009] 68F6381527D2980F520152D72F1186F9

C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-8-Package-TopLevel~31bf3856ad364e35~amd64~~8.0.6001.18702.mum --a---- 2029 bytes [18:17 03/06/2009] [22:16 08/03/2009] B08437AE9A2219FB2070D6E9A705A8B4

C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-8-Package~31bf3856ad364e35~amd64~en-US~8.0.6001.18702.cat --a---- 7591 bytes [18:17 03/06/2009] [22:18 08/03/2009] 86776B6A3FE96B8FE71A416F41CAD4FF

C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-8-Package~31bf3856ad364e35~amd64~en-US~8.0.6001.18702.mum --a---- 1383 bytes [18:17 03/06/2009] [22:16 08/03/2009] EB1036C931DF4684350B794BF8287656

C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-8-Package~31bf3856ad364e35~amd64~~8.0.6001.18702.cat --a---- 7576 bytes [18:17 03/06/2009] [22:18 08/03/2009] 795D42C5137E443985C69273325086B4

C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-8-Package~31bf3856ad364e35~amd64~~8.0.6001.18702.mum --a---- 1831 bytes [18:17 03/06/2009] [22:14 08/03/2009] FB4C5C141FB5DEB761D2380F8C5122EA

C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-8-RTM-Update~31bf3856ad364e35~amd64~en-US~8.0.6001.18702.cat --a---- 58700 bytes [18:18 03/06/2009] [22:18 08/03/2009] 3990D7F76C5581C1C452C97E70F31E5F

C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-8-RTM-Update~31bf3856ad364e35~amd64~en-US~8.0.6001.18702.mum --a---- 27379 bytes [18:18 03/06/2009] [22:16 08/03/2009] D81DB9AF88557A18E1D2FFBB1256FAB9

C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-8-RTM-Update~31bf3856ad364e35~amd64~~8.0.6001.18702.cat --a---- 388236 bytes [18:17 03/06/2009] [22:18 08/03/2009] CD98582B258BE3775EED89C64AA2CCDD

C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-8-RTM-Update~31bf3856ad364e35~amd64~~8.0.6001.18702.mum --a---- 39395 bytes [18:17 03/06/2009] [22:14 08/03/2009] 67DE64DC821A4CED94A035FF3ACA4D1C

C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-8-SP1-Update~31bf3856ad364e35~amd64~~8.0.6001.18702.cat --a---- 9347 bytes [18:17 03/06/2009] [22:18 08/03/2009] 8C6201454F75B37013A8970112E71DBF

C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-8-SP1-Update~31bf3856ad364e35~amd64~~8.0.6001.18702.mum --a---- 2765 bytes [18:17 03/06/2009] [22:14 08/03/2009] D40D53C48F8AD10E6D83E260AC83927B

C:\Windows\System32\explorer.exe --a---- 2926592 bytes [03:16 21/06/2009] [06:27 11/04/2009] D07D4C3038F3578FFCE1C0237F2A1253

C:\Windows\System32\ExplorerFrame.dll --a---- 20992 bytes [03:11 21/06/2009] [06:28 11/04/2009] 61216539E55DDF2F78E421E7EF140650

C:\Windows\System32\networkexplorer.dll --a---- 2226688 bytes [03:12 21/06/2009] [06:28 11/04/2009] 04044BF8E6989BE45FA718C24407CA28

C:\Windows\System32\en-US\explorer.exe.mui --a---- 36864 bytes [15:13 02/11/2006] [15:13 02/11/2006] 192DD053B43250E264383CDC3D564A18

C:\Windows\System32\en-US\NetworkExplorer.dll.mui --a---- 16384 bytes [15:13 02/11/2006] [15:13 02/11/2006] 0D3C95B3633EC94078981AE8ED3DB95D

C:\Windows\System32\migwiz\dlmanifests\explorer-DL.man --a---- 3219 bytes [15:02 02/11/2006] [15:02 02/11/2006] B9F1FC934E51B456456620B44ECFB661

C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-IE-InternetExplorer-DL.man --a---- 12754 bytes [02:47 21/01/2008] [02:47 21/01/2008] B9358283944BD34C6E7FCA3E2595683F

C:\Windows\SysWOW64\explorer.exe --a---- 2926592 bytes [03:16 21/06/2009] [06:27 11/04/2009] D07D4C3038F3578FFCE1C0237F2A1253

C:\Windows\SysWOW64\ExplorerFrame.dll --a---- 20992 bytes [03:11 21/06/2009] [06:28 11/04/2009] 61216539E55DDF2F78E421E7EF140650

C:\Windows\SysWOW64\networkexplorer.dll --a---- 2226688 bytes [03:12 21/06/2009] [06:28 11/04/2009] 04044BF8E6989BE45FA718C24407CA28

C:\Windows\SysWOW64\en-US\explorer.exe.mui --a---- 36864 bytes [15:13 02/11/2006] [15:13 02/11/2006] 192DD053B43250E264383CDC3D564A18

C:\Windows\SysWOW64\en-US\NetworkExplorer.dll.mui --a---- 16384 bytes [15:13 02/11/2006] [15:13 02/11/2006] 0D3C95B3633EC94078981AE8ED3DB95D

C:\Windows\SysWOW64\migwiz\dlmanifests\explorer-DL.man --a---- 3219 bytes [15:02 02/11/2006] [15:02 02/11/2006] B9F1FC934E51B456456620B44ECFB661

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IE-InternetExplorer-DL.man --a---- 12754 bytes [02:47 21/01/2008] [02:47 21/01/2008] B9358283944BD34C6E7FCA3E2595683F

C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_5fda60a52f142b56\explorer.exe.mui --a---- 27136 bytes [15:13 02/11/2006] [15:13 02/11/2006] 872D519975CA4D7CC596FC93470D49E0

C:\Windows\winsxs\amd64_microsoft-windows-explorerframe_31bf3856ad364e35_6.0.6001.18000_none_1e9ba4e72c2e5810\ExplorerFrame.dll --a---- 39936 bytes [02:48 21/01/2008] [02:48 21/01/2008] 61C090AFC693640742904A4FA2409BBC

C:\Windows\winsxs\amd64_microsoft-windows-explorerframe_31bf3856ad364e35_6.0.6002.18005_none_20871df32950235c\ExplorerFrame.dll --a---- 39936 bytes [02:48 21/01/2008] [02:48 21/01/2008] 61C090AFC693640742904A4FA2409BBC

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer-ppdlic.xrm-ms --a---- 3005 bytes [16:15 23/03/2009] [05:51 29/10/2008] 105F6084A6049379C91457C49EB91F46

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe --a---- 3087360 bytes [16:15 23/03/2009] [06:15 29/10/2008] 50514057C28A74BAC2BD04B7B990D615

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer-ppdlic.xrm-ms --a---- 3005 bytes [16:15 23/03/2009] [04:20 28/10/2008] FCCFC3AEC3DBDE287F4838C5E9FE2DC2

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe --a---- 3086848 bytes [16:15 23/03/2009] [02:30 28/10/2008] 72B9990E45C25AA3C75C4FB50A9D6CE0

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer-ppdlic.xrm-ms --a---- 3034 bytes [02:48 21/01/2008] [02:48 21/01/2008] FD018EE403557D8A4FA7FD563B7CD08B

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe --a---- 3080704 bytes [02:48 21/01/2008] [02:48 21/01/2008] F6D765FB6B457542D954682F50C26E4F

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer-ppdlic.xrm-ms --a---- 3034 bytes [16:15 23/03/2009] [06:16 29/10/2008] E1826E1EFFDD19248DA8FE8F5BB1221D

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe --a---- 3080704 bytes [16:15 23/03/2009] [06:49 29/10/2008] BBD8E74F23D7605CB0CDB57A1B25D826

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer-ppdlic.xrm-ms --a---- 3034 bytes [16:15 23/03/2009] [04:57 30/10/2008] FBC51F1E8E9BB6CC3D64AB073302D6CE

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe --a---- 3081216 bytes [16:15 23/03/2009] [05:30 30/10/2008] E404A65EF890140410E9F3D405841C95

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer-ppdlic.xrm-ms --a---- 3034 bytes [02:48 21/01/2008] [02:48 21/01/2008] FD018EE403557D8A4FA7FD563B7CD08B

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe --a---- 3079168 bytes [03:17 21/06/2009] [07:10 11/04/2009] 6B08E54A451B3F95E4109DBA7E594270

C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_5e9751023bf73111\explorer-DL.man --a---- 3219 bytes [15:02 02/11/2006] [15:02 02/11/2006] B9F1FC934E51B456456620B44ECFB661

C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_5e9751023bf73111\Microsoft-Windows-IE-InternetExplorer-DL.man --a---- 12754 bytes [02:47 21/01/2008] [02:47 21/01/2008] B9358283944BD34C6E7FCA3E2595683F

C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_6082ca0e3918fc5d\explorer-DL.man --a---- 3219 bytes [15:02 02/11/2006] [15:02 02/11/2006] B9F1FC934E51B456456620B44ECFB661

C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_6082ca0e3918fc5d\Microsoft-Windows-IE-InternetExplorer-DL.man --a---- 12754 bytes [02:47 21/01/2008] [02:47 21/01/2008] B9358283944BD34C6E7FCA3E2595683F

C:\Windows\winsxs\amd64_microsoft-windows-n..kexplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_e1badc36e32e0002\NetworkExplorer.dll.mui --a---- 6656 bytes [15:13 02/11/2006] [15:13 02/11/2006] 4A27F0F82E4C3575AA28D05210BFBCEC

C:\Windows\winsxs\amd64_microsoft-windows-networkexplorer_31bf3856ad364e35_6.0.6001.18000_none_9c70fc95fe3dcccf\networkexplorer.dll --a---- 2247168 bytes [02:51 21/01/2008] [02:51 21/01/2008] 0899EC56BBEB678A01675B56127EC34D

C:\Windows\winsxs\amd64_microsoft-windows-networkexplorer_31bf3856ad364e35_6.0.6002.18005_none_9e5c75a1fb5f981b\networkexplorer.dll --a---- 2247168 bytes [03:11 21/06/2009] [07:11 11/04/2009] E572915DB4DAD7F062D99334D9F10BFF

C:\Windows\winsxs\FileMaps\program_files_internet_explorer_a421d1bfaf856e2b.cdf-ms --a---- 4300 bytes [13:08 02/11/2006] [19:09 13/10/2010] B44D0BE06C2CE6F7F0AFA7EED475ECE3

C:\Windows\winsxs\FileMaps\program_files_internet_explorer_en-us_2650c83f8a48b821.cdf-ms --a---- 3184 bytes [15:15 02/11/2006] [18:20 03/06/2009] AC39F75266912DB6C2A8C29C10BA5ABB

C:\Windows\winsxs\FileMaps\program_files_x86_internet_explorer_cafab575245eacb0.cdf-ms --a---- 4552 bytes [13:08 02/11/2006] [19:09 13/10/2010] 836DDD1999D238BCA93305CE7E6825DB

C:\Windows\winsxs\FileMaps\program_files_x86_internet_explorer_en-us_1a6a9dd9f26fbb24.cdf-ms --a---- 3212 bytes [15:15 02/11/2006] [18:20 03/06/2009] 3D7C34C1E6554CEDDC5CCD775953A0DC

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-e..orkexplorersettings_31bf3856ad364e35_6.0.6000.16386_none_0b1cc26092553ff7.man

ifest --a---- 3456 bytes [14:59 02/11/2006] [14:59 02/11/2006] 9BE432337E5F470612F628D508A050FB

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_5fda60a52f142b56.manifest --a---- 2484 bytes [15:11 02/11/2006] [15:11 02/11/2006] 5BE49123217EC477E2A5D31A54B4F838

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-explorerframe_31bf3856ad364e35_6.0.6000.16386_none_1c64e2eb2f43473c.manifest --a---- 16845 bytes [12:32 02/11/2006] [12:21 02/11/2006] 7F61697189FD65FDB4FA318F6C0FB7B1

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-explorerframe_31bf3856ad364e35_6.0.6001.18000_none_1e9ba4e72c2e5810.manifest --a---- 19066 bytes [02:38 21/01/2008] [02:38 21/01/2008] 28E23D62E5AC97ED3AE35EB4FD81CECB

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-explorerframe_31bf3856ad364e35_6.0.6002.18005_none_20871df32950235c.manifest ------- 19021 bytes [01:56 21/06/2009] [05:10 11/04/2009] B45AF490EA73834776D31EF293731431

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_ab9c809a352ecf21.manifest --a---- 129174 bytes [12:32 02/11/2006] [12:17 02/11/2006] 583C2F017F07B97337FF66AE9621D246

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919.manifest ------- 129174 bytes [16:15 23/03/2009] [06:28 29/10/2008] DCA5A1349B60711BE5740DAEF49D2772

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41.manifest ------- 129174 bytes [16:15 23/03/2009] [04:56 28/10/2008] 92943794EB1722106774AB18E76E4D9D

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5.manifest --a---- 127288 bytes [02:38 21/01/2008] [02:38 21/01/2008] 2AB549CF0C08F1E2D3D5D58382D186C2

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e.manifest ------- 127288 bytes [16:15 23/03/2009] [07:16 29/10/2008] 778DD2456A2247D499A959D566D775EC

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317.manifest ------- 127288 bytes [16:15 23/03/2009] [05:57 30/10/2008] 082C187EDE3C1FEB884B94E5249B9599

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41.manifest ------- 127243 bytes [01:56 21/06/2009] [05:10 11/04/2009] E9E0B19BA28366B3A1F3CC0617BB9164

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gameexplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_688d2e242a7d1f26.manifest --a---- 2388 bytes [15:11 02/11/2006] [15:11 02/11/2006] ED02D9BBDF99B6C90933B7ADC3E083F6

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16386_none_9be828967caf61dd.manifest --a---- 87515 bytes [14:59 02/11/2006] [14:59 02/11/2006] AC0720E26C02EF49AFA5FE67052209E8

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_9c039c9a7c9b86cc.manifest --a---- 87515 bytes [11:12 19/08/2008] [05:23 08/03/2008] 93E46AAD104F214C98148B31EEDB46D6

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16772_none_9beefef27caad52c.manifest ------- 87515 bytes [16:18 23/03/2009] [10:42 01/11/2008] EB318B185339D31688FBA7FCF47F3B63

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_9c34e3b87c75a687.manifest ------- 87515 bytes [16:48 06/09/2009] [05:48 29/08/2009] AA0A413FAA6904146C80EE9391D31A88

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_9c73cba795cb2bca.manifest --a---- 87515 bytes [11:12 19/08/2008] [04:59 08/03/2008] 9E434255457A6E0E499FDB369D016FD6

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20949_none_9ca00f6d95a9cfab.manifest ------- 87515 bytes [16:18 23/03/2009] [09:27 01/11/2008] 34CF62DBA8F276EA94BC55F980B5E04A

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_9cbe58a595937993.manifest ------- 87515 bytes [16:48 06/09/2009] [05:37 29/08/2009] 994CBEE434A8F58EB7EADA34FABC6350

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18000_none_9e1eea92799a72b1.manifest --a---- 87515 bytes [02:36 21/01/2008] [02:36 21/01/2008] 73455F3C9666E168D204A96B58A8F865

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_9e007b6279b0f932.manifest --a---- 87515 bytes [11:12 19/08/2008] [06:01 08/03/2008] BCB24EE17A4C6C69BDAB2C601058D1DE

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18165_none_9de30e6279c69631.manifest ------- 94539 bytes [16:18 23/03/2009] [02:35 04/11/2008] EB01EDCD11C50CAF9F8E2F2D2F650B00

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_9e09506c79aaa208.manifest ------- 94539 bytes [16:48 06/09/2009] [14:22 29/08/2009] 3A53FB32FA024656E9E057EE2EB9CEE5

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_9e8a182d92ce98fc.manifest --a---- 87515 bytes [11:12 19/08/2008] [06:02 08/03/2008] 9E759DF7A708A74F909CAC4F53E4A4E0

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22299_none_9e503c9192f8ef2a.manifest ------- 87515 bytes [16:18 23/03/2009] [05:26 31/10/2008] 778FD4A7A83E5C6191821D7650DEA721

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_9eb1918f92afeb26.manifest ------- 87515 bytes [16:48 06/09/2009] [14:39 28/08/2009] 4D3452FFC7AF4236410185476CFEEDAD

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18005_none_a00a639e76bc3dfd.manifest ------- 87470 bytes [01:56 21/06/2009] [05:09 11/04/2009] 1AD9A3EC03052F5B64E747C73FD1C228

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_a006645c76bfd5c8.manifest ------- 94539 bytes [16:48 06/09/2009] [14:22 29/08/2009] 24492037FA0599A89E7BF4C2B0C6FAED

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18179_none_9fc2b73876f16417.manifest ------- 87515 bytes [15:26 18/03/2010] [19:11 06/01/2010] 3D6DB5C79E364E8896A2EE99ED0EEAD0

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_a08731cf8fe3c431.manifest ------- 87515 bytes [16:48 06/09/2009] [04:02 29/08/2009] A97E4F50CBDF20E19D4B249B1BE8C880

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22303_none_a09203a18fdba567.manifest ------- 87515 bytes [15:26 18/03/2010] [19:11 06/01/2010] D41111394D3C895E02685B3C94642124

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_97744c9e1037c6c6.manifest --a---- 3476 bytes [15:11 02/11/2006] [15:11 02/11/2006] D53431EFF7ACAA143886A86466B2BF42

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.6001.18702_en-us_7c9630f422ee47f7.manifest ------- 3627 bytes [18:15 03/06/2009] [22:16 08/03/2009] 379E744137A94C1BDE37F555F5B82E67

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_8949d990d570e12b.manifest --a---- 119597 bytes [12:32 02/11/2006] [12:21 02/11/2006] AED6F6E9BF4447FF9E633E5A1A4F94CE

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_89721e14d5531cd7.manifest --a---- 119621 bytes [11:05 19/08/2008] [05:14 21/02/2008] 3321280CB338CBEBFD0E01D2FDF86423

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_8944ddd0d57559ed.manifest --a---- 119621 bytes [11:14 19/08/2008] [05:31 25/04/2008] DF100A01F7DCB8840F9AF6AB7419CF46

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_89a3634cd52d3f6b.manifest ------- 119621 bytes [16:20 23/03/2009] [05:04 15/01/2009] 386369EFD27CFBBE49C09B8F701FBECB

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_8979f0eed54daf2f.manifest ------- 119621 bytes [20:32 18/04/2009] [04:54 03/03/2009] BFA9B2B6480E7E10610DE422B9B7C27B

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_89df4c43ee8575d0.manifest --a---- 119621 bytes [11:05 19/08/2008] [08:51 22/02/2008] 0F7CDDBE46F92ABB97D71F396AD4B347

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_8a115c9dee6081e6.manifest --a---- 119621 bytes [11:14 19/08/2008] [05:06 25/04/2008] 2018AE36E50DDF2B6C2EDB2ED03C7EB4

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_89c8afedee968ea9.manifest ------- 119621 bytes [16:20 23/03/2009] [05:19 15/01/2009] 967DDC539E552AC9A5C2E2103D9985E9

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_8a1136a5ee60b24f.manifest ------- 119621 bytes [20:32 18/04/2009] [04:49 03/03/2009] 701193C9C3BEDFCC49CAEFE2172B088E

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_8b809b8cd25bf1ff.manifest --a---- 119691 bytes [02:41 21/01/2008] [02:41 21/01/2008] 41C27EE8A2812A0A1212E997F79C1A32

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_8b71013cd266bc39.manifest ------- 119769 bytes [20:32 18/04/2009] [05:25 03/03/2009] CB74D933E53EB142B0E2A68E8A702576

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_8bbcbf5debb24fae.manifest ------- 119769 bytes [20:32 18/04/2009] [05:27 03/03/2009] 97787515BFB40CBFBCA2FF508464D02E

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_8d6c1498cf7dbd4b.manifest ------- 119675 bytes [01:56 21/06/2009] [05:10 11/04/2009] 121B32EEE20C65D4118C22B331FDA757

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_6e6bbde6e827625c.manifest ------- 131926 bytes [18:15 03/06/2009] [22:15 08/03/2009] AB7D363A776E1E70727BEB8185686509

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_6e61f02ae82e94cb.manifest ------- 135191 bytes [01:15 26/08/2009] [22:36 21/07/2009] 945A2155BDB0224EF986B156616B69EE

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_6e5c21b0e8322f6f.manifest ------- 135191 bytes [16:00 14/10/2009] [06:28 27/08/2009] 05305E4F6FA6DDB94FE489B476ED00AA

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_6e2de122e855532e.manifest ------- 135191 bytes [15:23 17/12/2009] [07:15 21/11/2009] 6D21481ECFFEE11556C5DAE345C83AE2

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_6e15406ce8683f0b.manifest ------- 135191 bytes [20:38 27/01/2010] [07:51 02/01/2010] 42DE4AA5FB6516F0622E6BB8B746053A

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_6e6dc246e8258f58.manifest ------- 135191 bytes [19:30 06/04/2010] [07:42 23/02/2010] 44A8D3F5BAC15638C0D7E2EBCC06747A

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_6e5c2396e8322c96.manifest ------- 135191 bytes [03:20 09/08/2010] [07:30 04/05/2010] 3A08B4C6DA8C71C4E69E375567CA89DF

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_6e41824ce846e5c5.manifest ------- 135191 bytes [20:36 11/08/2010] [07:10 26/06/2010] 52DFEAA4C2A4C901419BAB7FDBB08C5F

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_6e23131ce85d6c46.manifest ------- 135191 bytes [23:51 12/10/2010] [07:30 08/09/2010] 095305713884678BD76326BF4823822A

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_6ef65ce2014418a4.manifest ------- 135191 bytes [01:15 26/08/2009] [06:59 22/07/2009] D108336E6D977BBAEA0EF1587D7F58E4

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_6ef08e680147b348.manifest ------- 135191 bytes [16:00 14/10/2009] [14:38 27/08/2009] 4BBDB306A5A70D7AC6497430E049CDF7

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_6ec34e240169f05e.manifest ------- 135191 bytes [15:23 17/12/2009] [15:24 21/11/2009] 4769E5CC39E15524371E5235874BAECA

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_6eaaad6e017cdc3b.manifest ------- 135191 bytes [20:38 27/01/2010] [15:42 02/01/2010] 031BDA0DC7FCD876F33BAF19EF20D2D6

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_6e970e2a018b46cb.manifest ------- 135191 bytes [19:30 06/04/2010] [17:52 23/02/2010] D0BC9593B76BFF4DE61C427B136C1E30

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_6ef166d40146ffe1.manifest ------- 135191 bytes [03:20 09/08/2010] [07:31 04/05/2010] 63393D26B34AB1BE93BF2A8151CA58F6

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_6ec7f47601676fa5.manifest ------- 135191 bytes [20:36 11/08/2010] [18:35 28/06/2010] F9818BCDCA4DD6A7CC4F9846DB3FF831

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_6eb956a4017158e8.manifest ------- 135191 bytes [23:51 12/10/2010] [07:59 08/09/2010] 73C8F7C87882C362D19AC1061F0AA9E9

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-interface-explorer_31bf3856ad364e35_6.0.6000.16386_none_ef71f1b147070407.manifest --a---- 1222 bytes [12:33 02/11/2006] [12:16 02/11/2006] 2B65D71F66B5A77616FC5FB5354873A3

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-n..kexplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_e1badc36e32e0002.manifest --a---- 4291 bytes [15:11 02/11/2006] [15:11 02/11/2006] 22E5DC6C8BC83ED4128A1F9F40ACCAE7

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-networkexplorer_31bf3856ad364e35_6.0.6000.16386_none_9a3a3a9a0152bbfb.manifest --a---- 28149 bytes [12:30 02/11/2006] [12:23 02/11/2006] F4553F31CA8F94D22DB1B88E77670BBA

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-networkexplorer_31bf3856ad364e35_6.0.6001.18000_none_9c70fc95fe3dcccf.manifest --a---- 27804 bytes [02:42 21/01/2008] [02:42 21/01/2008] 9CE93CB37CA44E97BFCBAC748AF0B34D

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-networkexplorer_31bf3856ad364e35_6.0.6002.18005_none_9e5c75a1fb5f981b.manifest ------- 27804 bytes [01:57 21/06/2009] [04:46 11/04/2009] DADEE0DBFFCC8ABD4606584CF6B9EC96

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-shell-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_de38c5280d4a9eff.manifest --a---- 1377 bytes [12:32 02/11/2006] [12:16 02/11/2006] ACF481FD2FE4BD9BEA8E9B193BF0F853

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_6a2f0af76374ed51.manifest --a---- 2741 bytes [15:11 02/11/2006] [15:11 02/11/2006] 9AD02D0AF3C213E8FACFF6D35AA4BA19

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_b5f12aec698f911c.manifest --a---- 126347 bytes [12:32 02/11/2006] [09:58 02/11/2006] 461B6DB41AB2EB8F17380E578718099E

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14.manifest ------- 126347 bytes [16:15 23/03/2009] [06:31 29/10/2008] 46DA8F05C19B7C862648FBF235198ED7

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c.manifest ------- 126347 bytes [16:15 23/03/2009] [04:33 28/10/2008] 5A511F75A7F86B3C98450AAC3CB0B6D8

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0.manifest --a---- 124461 bytes [02:39 21/01/2008] [02:39 21/01/2008] F5D8906619112E5F63000662E9293EFB

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19.manifest ------- 124461 bytes [16:15 23/03/2009] [06:54 29/10/2008] 126F37C33058F0E8E3D3B5B6D33C7B95

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512.manifest ------- 124461 bytes [16:15 23/03/2009] [04:10 30/10/2008] 48710C3A7E9BFB721CFAAAC8416E5217

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c.manifest ------- 124461 bytes [01:55 21/06/2009] [03:41 11/04/2009] 2EDECEC9EA78C76378B54CEB2F4FD1A8

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16386_none_a63cd2e8b11023d8.manifest --a---- 79765 bytes [14:59 02/11/2006] [14:59 02/11/2006] E520D6E4D3487C021AA2D7D8DBCDBEE5

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_a65846ecb0fc48c7.manifest --a---- 79765 bytes [11:12 19/08/2008] [04:57 08/03/2008] 5D87468DDAADC8E1FD43D4ADBA3DD0E8

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16772_none_a643a944b10b9727.manifest ------- 79765 bytes [16:18 23/03/2009] [08:29 01/11/2008] 93A38846EB1823D3B7314761DDB03EDE

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_a6898e0ab0d66882.manifest ------- 79765 bytes [16:48 06/09/2009] [05:09 29/08/2009] A946B33721AF61EC39346A3732D2D2FB

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_a6c875f9ca2bedc5.manifest --a---- 79765 bytes [11:12 19/08/2008] [04:39 08/03/2008] 6643FBB46861A981B423DA166B8FEE16

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20949_none_a6f4b9bfca0a91a6.manifest ------- 79765 bytes [16:18 23/03/2009] [08:29 01/11/2008] 3611AD7768E2B4CECC66628679CD1D6E

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_a71302f7c9f43b8e.manifest ------- 79765 bytes [16:48 06/09/2009] [05:03 29/08/2009] 4B0EBC1E64DB251A43A3271CB25A778F

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18000_none_a87394e4adfb34ac.manifest --a---- 79765 bytes [02:36 21/01/2008] [02:36 21/01/2008] 19AB5E0F4416E3BF2CE8F308CD3C8D5B

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_a85525b4ae11bb2d.manifest --a---- 79765 bytes [11:12 19/08/2008] [05:12 08/03/2008] AF3FD9FF12D149263A1908A4801DA48E

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18165_none_a837b8b4ae27582c.manifest ------- 86420 bytes [16:18 23/03/2009] [02:35 04/11/2008] A82D690FDAC3E11363226D8208975931

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_a85dfabeae0b6403.manifest ------- 86420 bytes [16:48 06/09/2009] [14:22 29/08/2009] 502A30C4E11B9D8EFCC5A9602D28A792

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_a8dec27fc72f5af7.manifest --a---- 79765 bytes [11:12 19/08/2008] [04:31 08/03/2008] 87626AE03A986D0C3180B67EE3ED1326

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22299_none_a8a4e6e3c759b125.manifest ------- 79765 bytes [16:18 23/03/2009] [03:45 31/10/2008] 3129D36942E2E0723D88B4A0597478F3

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_a9063be1c710ad21.manifest ------- 79765 bytes [16:48 06/09/2009] [14:03 28/08/2009] 964062E8772FB991023AEAD2BDB038DA

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18005_none_aa5f0df0ab1cfff8.manifest ------- 79720 bytes [01:55 21/06/2009] [04:37 11/04/2009] 39257A7790EB8CE9671AD7EDAF5800BA

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_aa5b0eaeab2097c3.manifest ------- 86420 bytes [16:48 06/09/2009] [14:22 29/08/2009] C4FF57633FB7ECC0871FDEFCEFE64A7E

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18179_none_aa17618aab522612.manifest ------- 79765 bytes [15:26 18/03/2010] [18:51 06/01/2010] 6B056400A242378F76DCDF83F3F70687

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_aadbdc21c444862c.manifest ------- 79765 bytes [16:48 06/09/2009] [04:02 29/08/2009] 40601262C578FA0E28299B6C27C0F4B4

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22303_none_aae6adf3c43c6762.manifest ------- 79765 bytes [15:26 18/03/2010] [19:04 06/01/2010] 805421061D6105EA5E11D8045EB09DBC

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a1c8f6f0449888c1.manifest --a---- 3476 bytes [15:11 02/11/2006] [15:11 02/11/2006] 8AF4C137E7E24ECECE7C2EF586BA1C4A

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.6001.18702_en-us_86eadb46574f09f2.manifest ------- 3627 bytes [18:14 03/06/2009] [21:28 08/03/2009] 411D51D56DDE98C3EE3AA173600ABB48

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_939e83e309d1a326.manifest --a---- 114603 bytes [12:31 02/11/2006] [09:59 02/11/2006] B3726360F5B4A15D3F9F1B59D9BCB3F4

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_93c6c86709b3ded2.manifest --a---- 114607 bytes [11:05 19/08/2008] [05:01 21/02/2008] 9C42FB021D9545FC481CDEE8C1DCD147

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_9399882309d61be8.manifest --a---- 114607 bytes [11:14 19/08/2008] [05:12 25/04/2008] FE7C40B5A403363DE0954AB271186C72

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_93f80d9f098e0166.manifest ------- 114607 bytes [16:20 23/03/2009] [04:23 15/01/2009] 089A0252D23A6295F46859165D335E99

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_93ce9b4109ae712a.manifest ------- 114607 bytes [20:32 18/04/2009] [04:30 03/03/2009] 436367200B46967696CF6602C21DF2F9

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_9433f69622e637cb.manifest --a---- 114607 bytes [11:05 19/08/2008] [05:07 22/02/2008] C31A58B44F399A6623F01A81515FCFFD

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_946606f022c143e1.manifest --a---- 114607 bytes [11:14 19/08/2008] [04:39 25/04/2008] DCD87A6B38DAC4173904C513D5433843

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_941d5a4022f750a4.manifest ------- 114607 bytes [16:20 23/03/2009] [04:27 15/01/2009] A9C258D52637231F93034E4ADD1C368B

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_9465e0f822c1744a.manifest ------- 114607 bytes [20:32 18/04/2009] [04:28 03/03/2009] 98AD87E36D1694D2D70E5A25B3ABEB34

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_95d545df06bcb3fa.manifest --a---- 114677 bytes [02:37 21/01/2008] [02:37 21/01/2008] 48085EB348D7805FE3A4C53A4532410E

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_95c5ab8f06c77e34.manifest ------- 114755 bytes [20:32 18/04/2009] [04:51 03/03/2009] BACA9ACF72E303B77BA064EE934B5909

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_961169b0201311a9.manifest ------- 114755 bytes [20:32 18/04/2009] [04:45 03/03/2009] 48DD829C1BC52B830B19D6354790C884

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_97c0beeb03de7f46.manifest ------- 113933 bytes [01:55 21/06/2009] [04:37 11/04/2009] 5D6AF94845031D625D88F77785895120

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_78c068391c882457.manifest ------- 128135 bytes [18:14 03/06/2009] [21:26 08/03/2009] 0F9BD6B7B7FC29F5B57BB1291075F026

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_78b69a7d1c8f56c6.manifest ------- 129088 bytes [01:15 26/08/2009] [22:04 21/07/2009] 66FB29EEDF05F3D6965A57A64E7CDCD3

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_78b0cc031c92f16a.manifest ------- 129088 bytes [16:00 14/10/2009] [05:35 27/08/2009] 5291F9F2C00D78931926D4C8A54F5B75

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_78828b751cb61529.manifest ------- 129088 bytes [15:23 17/12/2009] [07:04 21/11/2009] F9E28EF25BB91200294B2DE6E9A87017

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_7869eabf1cc90106.manifest ------- 129088 bytes [20:38 27/01/2010] [07:00 02/01/2010] A1341FFE98F6416C4A8233C230628153

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_78c26c991c865153.manifest ------- 129088 bytes [19:30 06/04/2010] [06:52 23/02/2010] A2BBBCD9CBB06D40F2F9D434FA4CACBC

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_78b0cde91c92ee91.manifest ------- 129088 bytes [03:20 09/08/2010] [06:16 04/05/2010] 33BA0B02790F121565B1F9DB18DEDA3C

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_78962c9f1ca7a7c0.manifest ------- 129088 bytes [20:36 11/08/2010] [06:16 26/06/2010] 0F9BCAA9A3D3C6448B0E9BC8E8C9A22D

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_7877bd6f1cbe2e41.manifest ------- 129088 bytes [23:51 12/10/2010] [06:15 08/09/2010] 2950127FEC24EEF6E125EF237AABE58B

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_794b073435a4da9f.manifest ------- 129088 bytes [01:15 26/08/2009] [06:15 22/07/2009] F723068A377C69E0FB72222AA5A207E0

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_794538ba35a87543.manifest ------- 129088 bytes [16:00 14/10/2009] [13:43 27/08/2009] F0FF04920EA22E5D888F06472BAE9DA5

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_7917f87635cab259.manifest ------- 129088 bytes [15:23 17/12/2009] [15:27 21/11/2009] E9929BC609164A85839780C687265E9D

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_78ff57c035dd9e36.manifest ------- 129088 bytes [20:38 27/01/2010] [15:18 02/01/2010] 166494457718245DF9B60F5C3D5C65D0

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_78ebb87c35ec08c6.manifest ------- 129088 bytes [19:30 06/04/2010] [15:18 23/02/2010] 096FFB51A561C3134F74A9E314D67EE4

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_7946112635a7c1dc.manifest ------- 129088 bytes [03:20 09/08/2010] [06:49 04/05/2010] F63E01A41F670564FC06D515EA57E60D

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_791c9ec835c831a0.manifest ------- 129088 bytes [20:36 11/08/2010] [07:02 26/06/2010] 8BE144BEA981CEEC1D6DE82D37C758D4

C:\Windows\winsxs\Manifests\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_790e00f635d21ae3.manifest ------- 129088 bytes [23:51 12/10/2010] [06:37 08/09/2010] 99EF1CD6E42D6716D087816DB3A40F45

C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorerframe_31bf3856ad364e35_6.0.6000.16386_none_c046476776e5d606.manifest --a---- 16819 bytes [12:32 02/11/2006] [10:13 02/11/2006] D58B98ED8464C4CFEE3F0E92C558577B

C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorerframe_31bf3856ad364e35_6.0.6001.18000_none_c27d096373d0e6da.manifest --a---- 19040 bytes [02:39 21/01/2008] [02:39 21/01/2008] E4B7326DAA1514962E06EA0FC62EEAB0

C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorerframe_31bf3856ad364e35_6.0.6002.18005_none_c468826f70f2b226.manifest ------- 19040 bytes [01:56 21/06/2009] [04:17 11/04/2009] 3946550820CEB75FCB2FC6B83CD4109C

C:\Windows\winsxs\Manifests\x86_microsoft-windows-gameexplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_0c6e92a0721fadf0.manifest --a---- 2386 bytes [15:11 02/11/2006] [15:11 02/11/2006] 6D8CAE2413F938613C1701EC156A0010

C:\Windows\winsxs\Manifests\x86_microsoft-windows-interface-explorer_31bf3856ad364e35_6.0.6000.16386_none_9353562d8ea992d1.manifest --a---- 1218 bytes [12:33 02/11/2006] [10:03 02/11/2006] 2FBFA70F1918231946306AAF59DE4845

C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..kexplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_859c40b32ad08ecc.manifest --a---- 4289 bytes [15:11 02/11/2006] [15:11 02/11/2006] D99F781B6A15AB1630329C4517BBD88F

C:\Windows\winsxs\Manifests\x86_microsoft-windows-networkexplorer_31bf3856ad364e35_6.0.6000.16386_none_3e1b9f1648f54ac5.manifest --a---- 28103 bytes [12:31 02/11/2006] [10:18 02/11/2006] A56500CD09C8FC545B7457117557E30E

C:\Windows\winsxs\Manifests\x86_microsoft-windows-networkexplorer_31bf3856ad364e35_6.0.6001.18000_none_4052611245e05b99.manifest --a---- 27760 bytes [02:38 21/01/2008] [02:38 21/01/2008] B1A39B316EBCA62B62898DE0DD9E6939

C:\Windows\winsxs\Manifests\x86_microsoft-windows-networkexplorer_31bf3856ad364e35_6.0.6002.18005_none_423dda1e430226e5.manifest ------- 27760 bytes [01:56 21/06/2009] [04:19 11/04/2009] 0BEBAB451421B2016C40A4E954CD0549

C:\Windows\winsxs\Manifests\x86_microsoft-windows-shell-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_821a29a454ed2dc9.manifest --a---- 1373 bytes [12:32 02/11/2006] [10:03 02/11/2006] E3A4E86501962B42C994BED1D27000F2

C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_6a2f0af76374ed51\explorer.exe.mui --a---- 36864 bytes [15:13 02/11/2006] [15:13 02/11/2006] 192DD053B43250E264383CDC3D564A18

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe --a---- 2923520 bytes [16:15 23/03/2009] [06:20 29/10/2008] 37440D09DEAE0B672A04DCCF7ABF06BE

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe --a---- 2923520 bytes [16:15 23/03/2009] [02:15 28/10/2008] E7156B0B74762D9DE0E66BDCDE06E5FB

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe --a---- 2927104 bytes [02:49 21/01/2008] [02:49 21/01/2008] FFA764631CB70A30065C12EF8E174F9F

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe --a---- 2927104 bytes [16:15 23/03/2009] [06:29 29/10/2008] 4F554999D7D5F05DAAEBBA7B5BA1089D

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe --a---- 2927616 bytes [16:15 23/03/2009] [03:59 30/10/2008] 50BA5850147410CDE89C523AD3BC606E

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe --a---- 2926592 bytes [03:16 21/06/2009] [06:27 11/04/2009] D07D4C3038F3578FFCE1C0237F2A1253

C:\Windows\winsxs\x86_microsoft-windows-explorerframe_31bf3856ad364e35_6.0.6001.18000_none_c27d096373d0e6da\ExplorerFrame.dll --a---- 20992 bytes [02:49 21/01/2008] [02:49 21/01/2008] B43DC259D9D66075D0E1BCB8A235CBBD

C:\Windows\winsxs\x86_microsoft-windows-explorerframe_31bf3856ad364e35_6.0.6002.18005_none_c468826f70f2b226\ExplorerFrame.dll --a---- 20992 bytes [03:11 21/06/2009] [06:28 11/04/2009] 61216539E55DDF2F78E421E7EF140650

C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\explorer-DL.man --a---- 3219 bytes [15:02 02/11/2006] [15:02 02/11/2006] B9F1FC934E51B456456620B44ECFB661

C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\Microsoft-Windows-IE-InternetExplorer-DL.man --a---- 12754 bytes [02:47 21/01/2008] [02:47 21/01/2008] B9358283944BD34C6E7FCA3E2595683F

C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\explorer-DL.man --a---- 3219 bytes [15:02 02/11/2006] [15:02 02/11/2006] B9F1FC934E51B456456620B44ECFB661

C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\Microsoft-Windows-IE-InternetExplorer-DL.man --a---- 12754 bytes [02:47 21/01/2008] [02:47 21/01/2008] B9358283944BD34C6E7FCA3E2595683F

C:\Windows\winsxs\x86_microsoft-windows-n..kexplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_859c40b32ad08ecc\NetworkExplorer.dll.mui --a---- 16384 bytes [15:13 02/11/2006] [15:13 02/11/2006] 0D3C95B3633EC94078981AE8ED3DB95D

C:\Windows\winsxs\x86_microsoft-windows-networkexplorer_31bf3856ad364e35_6.0.6001.18000_none_4052611245e05b99\networkexplorer.dll --a---- 2226688 bytes [02:49 21/01/2008] [02:49 21/01/2008] E3C52CD56F4CB2D9736C75EFAA62A07F

C:\Windows\winsxs\x86_microsoft-windows-networkexplorer_31bf3856ad364e35_6.0.6002.18005_none_423dda1e430226e5\networkexplorer.dll --a---- 2226688 bytes [03:12 21/06/2009] [06:28 11/04/2009] 04044BF8E6989BE45FA718C24407CA28

Searching for "*wininit*"

C:\Windows\wininit.ini --a---- 276 bytes [02:40 26/03/2009] [15:34 14/03/2010] 7F01E1A530CE003F8FFC49DBD9C3C137

C:\Windows\System32\wininit.exe --a---- 96768 bytes [02:48 21/01/2008] [02:48 21/01/2008] EC7CB72753E7C62D1AA206780A859C51

C:\Windows\System32\en-US\wininit.exe.mui --a---- 5120 bytes [15:13 02/11/2006] [15:13 02/11/2006] 8B319B0E4689F18F8AEE2107B8D06461

C:\Windows\System32\wbem\wininit.mof --a---- 1333 bytes [12:24 02/11/2006] [21:41 18/09/2006] 9B876BF451B9A67511A8893F0B24CD96

C:\Windows\SysWOW64\wininit.exe --a---- 96768 bytes [02:48 21/01/2008] [02:48 21/01/2008] EC7CB72753E7C62D1AA206780A859C51

C:\Windows\SysWOW64\en-US\wininit.exe.mui --a---- 5120 bytes [15:13 02/11/2006] [15:13 02/11/2006] 8B319B0E4689F18F8AEE2107B8D06461

C:\Windows\SysWOW64\wbem\wininit.mof --a---- 1333 bytes [12:24 02/11/2006] [21:41 18/09/2006] 9B876BF451B9A67511A8893F0B24CD96

C:\Windows\winsxs\amd64_microsoft-windows-wininit-mof_31bf3856ad364e35_6.0.6000.16386_none_34c8b60104fbe5f7\wininit.mof --a---- 1333 bytes [09:27 02/11/2006] [21:38 18/09/2006] 9B876BF451B9A67511A8893F0B24CD96

C:\Windows\winsxs\amd64_microsoft-windows-wininit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_9f4d6a4dc5f9a609\wininit.exe.mui --a---- 4608 bytes [15:13 02/11/2006] [15:13 02/11/2006] 770AB4A53D18553F39D83D18024EDF07

C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe --a---- 123904 bytes [02:50 21/01/2008] [02:50 21/01/2008] 117EA87DF785CA1B9D821F6F213DCE07

C:\Windows\winsxs\Backup\amd64_microsoft-windows-wininit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_9f4d6a4dc5f9a609.manifest --a---- 2756 bytes [15:15 02/11/2006] [15:14 02/11/2006] 3982FCAD8A22E71FBE1F437C7DC6A777

C:\Windows\winsxs\Backup\amd64_microsoft-windows-wininit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_9f4d6a4dc5f9a609_wininit.exe.mui_997435f5 --a---- 4608 bytes [15:15 02/11/2006] [15:14 02/11/2006] 770AB4A53D18553F39D83D18024EDF07

C:\Windows\winsxs\Backup\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8.manifest --a---- 10762 bytes [03:10 21/01/2008] [02:55 21/01/2008] BC565B0380F401E1E07AC96452DF9AAE

C:\Windows\winsxs\Backup\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8_wininit.exe_7a527f

28 --a---- 123904 bytes [03:10 21/01/2008] [02:55 21/01/2008] 117EA87DF785CA1B9D821F6F213DCE07

C:\Windows\winsxs\Backup\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8_wmsgapi.dll_2b5c23

30 --a---- 14336 bytes [03:10 21/01/2008] [02:55 21/01/2008] 0C2E0A8562FE4B33D00E175A97E05793

C:\Windows\winsxs\Backup\x86_microsoft-windows-wininit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_432ececa0d9c34d3.manifest --a---- 2754 bytes [15:15 02/11/2006] [15:14 02/11/2006] E0805962347FF8573D6759A0756C3029

C:\Windows\winsxs\Backup\x86_microsoft-windows-wininit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_432ececa0d9c34d3_wininit.exe.mui_997435f5 --a---- 5120 bytes [15:15 02/11/2006] [15:14 02/11/2006] 8B319B0E4689F18F8AEE2107B8D06461

C:\Windows\winsxs\Backup\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2.manifest --a---- 10732 bytes [03:11 21/01/2008] [02:55 21/01/2008] E3331251C1A644527767AD79F1F2F423

C:\Windows\winsxs\Backup\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2_wininit.exe_7a527f

28 --a---- 96768 bytes [03:11 21/01/2008] [02:55 21/01/2008] 101BA3EA053480BB5D957EF37C06B5ED

C:\Windows\winsxs\Backup\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2_wmsgapi.dll_2b5c23

30 --a---- 10752 bytes [03:11 21/01/2008] [02:55 21/01/2008] F0321DA5203F1E71917F3B7A13DC4912

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-wininit-events_31bf3856ad364e35_6.0.6000.16386_none_d79fc6a637c96598.manifest --a---- 7558 bytes [12:31 02/11/2006] [12:16 02/11/2006] 33E8B7F0EA13942269781C14E5651D86

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-wininit-mof_31bf3856ad364e35_6.0.6000.16386_none_34c8b60104fbe5f7.manifest --a---- 1576 bytes [12:31 02/11/2006] [12:18 02/11/2006] B17515C97A9407FB873A6163FCC70F25

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-wininit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_9f4d6a4dc5f9a609.manifest --a---- 2756 bytes [15:11 02/11/2006] [15:11 02/11/2006] 3982FCAD8A22E71FBE1F437C7DC6A777

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_8ada9256bfc30704.manifest --a---- 10807 bytes [12:31 02/11/2006] [12:17 02/11/2006] CE31F8A3AD0D550783C81F1809DE524D

C:\Windows\winsxs\Manifests\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8.manifest --a---- 10762 bytes [02:41 21/01/2008] [02:41 21/01/2008] BC565B0380F401E1E07AC96452DF9AAE

C:\Windows\winsxs\Manifests\x86_microsoft-windows-wininit-events_31bf3856ad364e35_6.0.6000.16386_none_7b812b227f6bf462.manifest --a---- 7556 bytes [12:31 02/11/2006] [10:04 02/11/2006] 5594B85AA1488EC6EAA001DF3EA11DE7

C:\Windows\winsxs\Manifests\x86_microsoft-windows-wininit-mof_31bf3856ad364e35_6.0.6000.16386_none_d8aa1a7d4c9e74c1.manifest --a---- 1572 bytes [12:31 02/11/2006] [10:07 02/11/2006] 0593E16973B71FD0CBB49F864083B600

C:\Windows\winsxs\Manifests\x86_microsoft-windows-wininit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_432ececa0d9c34d3.manifest --a---- 2754 bytes [15:11 02/11/2006] [15:11 02/11/2006] E0805962347FF8573D6759A0756C3029

C:\Windows\winsxs\Manifests\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce.manifest --a---- 10777 bytes [12:31 02/11/2006] [10:06 02/11/2006] 3F2C9E0937A6F1495A85E956B07357BC

C:\Windows\winsxs\Manifests\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2.manifest --a---- 10732 bytes [02:37 21/01/2008] [02:37 21/01/2008] E3331251C1A644527767AD79F1F2F423

C:\Windows\winsxs\x86_microsoft-windows-wininit-mof_31bf3856ad364e35_6.0.6000.16386_none_d8aa1a7d4c9e74c1\wininit.mof --a---- 1333 bytes [12:24 02/11/2006] [21:41 18/09/2006] 9B876BF451B9A67511A8893F0B24CD96

C:\Windows\winsxs\x86_microsoft-windows-wininit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_432ececa0d9c34d3\wininit.exe.mui --a---- 5120 bytes [15:13 02/11/2006] [15:13 02/11/2006] 8B319B0E4689F18F8AEE2107B8D06461

C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe --a---- 96768 bytes [02:48 21/01/2008] [02:48 21/01/2008] 101BA3EA053480BB5D957EF37C06B5ED

-= EOF =-

Link to post
Share on other sites
Gammo

Gammo

Posted
Posted

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites
Gammo

Gammo

Posted
Posted

Hi,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:6522

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe | c:\windows\explorer.exe

KillAll::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites
Gammo

Gammo

Posted
Posted

Hi,

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware

  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    2. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    3. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    4. Check esetAcceptTerms.png
    5. Click the esetStart.png button.
    6. Accept any security warnings from your browser.
    7. Check esetScanArchives.png
    8. Push the Start button.
    9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    10. When the scan completes, push esetListThreats.png
    11. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    12. Push the esetBack.png button.
    13. Push esetFinish.png

Link to post
Share on other sites
sknois7

sknois7

Posted
  • Author
Posted

Hi, I've run TFC, restarted, and ran the newest version of MalwareBytes with the most recent update, the log for which is below. I'm not seeing duplicate tray icons anymore, things aren't running unusually slow like they were, and I'm not getting any more errors for explorer.exe. Does this mean my machine is clean? If so, would it be ok to go ahead and hook it up to my home network? I've had it disconnected and been shuttling the programs you asked me to run through external drives onto the laptop. But for the ESET scan I need it to be hooked up to the internet again. If the infection is gone, any idea how this could have happened? I really don't go to any weird, untrusted sites, always use updated Firefox with Adblock, have Windows Firewall on, run regular Avast and MalwareBytes scans, etc. I did have UAC turned off in Vista which I will turn back on. I've never been infected this bad so really not sure how this happened.

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5348

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

12/18/2010 12:43:32 PM

mbam-log-2010-12-18 (12-43-32).txt

Scan type: Quick scan

Objects scanned: 167496

Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites
sknois7

sknois7

Posted
  • Author
Posted

I've run the ESET scan, it came identifies two infections. Though I'm not sure they're false positives. I didn't check "remove threats" before I did the scan since you didn't indicate I should. I did check "scan archives".

C:\Qoobox\Quarantine\C\Users\Ian\AppData\Local\{83BF9EF9-36F6-49C5-B7D5-A3C8F22C40BE}\chrome\content\overlay.xul.vir probably a variant of Win32/Agent.NVQFFQI trojan

C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.DZ trojan

Link to post
Share on other sites
Gammo

Gammo

Posted
Posted

Hi,

Please download OTM

  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :Processes

    :Services

    :Reg

    :Files
    ipconfig /flushdns /c
    C:\Users\Public\Documents\Server

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]


  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

After that, your logs are clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. :rolleyes:

Remove Combofix now that we're done with it.

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files

Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall

You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated

It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.

  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?

If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,

Gammo :lol:

Link to post
Share on other sites
  • 1 month later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.