[code] OTS logfile created on: 5/17/2010 11:55:00 AM - Run 1 OTS by OldTimer - Version 3.1.31.0 Folder = D:\ Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 55.89 Gb Total Space | 5.00 Gb Free Space | 8.95% Space Free | Partition Type: NTFS Drive D: | 125.10 Mb Total Space | 115.33 Mb Free Space | 92.19% Space Free | Partition Type: FAT E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KATES-LAPTOP Current User Name: kate Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> D:\OTS.exe -> [2010/05/17 11:41:26 | 000,640,000 | ---- | M] (OldTimer Tools) explorer.exe -> C:\Windows\explorer.exe -> [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) msascui.exe -> C:\Program Files\Windows Defender\MSASCui.exe -> [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) [Modules - Safe List] ots.exe -> D:\OTS.exe -> [2010/05/17 11:41:26 | 000,640,000 | ---- | M] (OldTimer Tools) msscript.ocx -> C:\Windows\System32\msscript.ocx -> [2008/01/19 00:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll -> [2008/01/19 00:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (QBCFMonitorService) QBCFMonitorService [Auto | Stopped] -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -> [2010/03/18 02:52:56 | 000,045,056 | ---- | M] (Intuit) (QBFCService) Intuit QuickBooks FCS [On_Demand | Stopped] -> C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -> [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) (GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -> [2009/04/15 13:50:00 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) (getPlus(R) Helper) getPlus(R) Helper [On_Demand | Stopped] -> C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -> [2008/06/26 10:24:08 | 000,031,592 | ---- | M] (NOS Microsystems Ltd.) (WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) (nicconfigsvc) Dell Internal Network Card Power Management [Auto | Stopped] -> C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -> [2007/07/20 18:11:12 | 000,390,424 | ---- | M] (Dell Inc.) [Driver Services - Safe List] (BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\BCMWL6.SYS -> [2009/01/20 15:36:44 | 001,207,288 | ---- | M] (Broadcom Corporation) (BCM43XV) Broadcom Extensible 802.11 Network Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\BCMWL6.SYS -> [2009/01/20 15:36:44 | 001,207,288 | ---- | M] (Broadcom Corporation) (BCM42RLY) BCM42RLY [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\bcm42rly.sys -> [2009/01/20 15:36:12 | 000,018,424 | ---- | M] (Broadcom Corporation) (USBCCID) USB Smart Card reader [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\usbccid.sys -> [2008/01/18 22:49:30 | 000,030,208 | ---- | M] (Microsoft Corporation) (b57nd60x) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\b57nd60x.sys -> [2008/01/18 21:25:04 | 000,179,712 | ---- | M] (Broadcom Corporation) (STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\stwrt.sys -> [2006/11/22 14:56:52 | 000,647,680 | ---- | M] (SigmaTel, Inc.) (viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2006/11/22 07:54:41 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) (cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2006/11/22 07:54:41 | 000,016,488 | ---- | M] (CMD Technology, Inc.) (aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2006/11/22 07:54:41 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) (igfx) igfx [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\igdkmd32.sys -> [2006/11/06 10:29:14 | 001,473,024 | ---- | M] (Intel Corporation) (ialm) ialm [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\igdkmd32.sys -> [2006/11/06 10:29:14 | 001,473,024 | ---- | M] (Intel Corporation) (ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) (adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) (elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) (adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) (uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) (iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) (adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) (ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) (vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) (ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) (UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) (nvraid) nvraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) (nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) (iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) (SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) (nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) (arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) (LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) (SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) (HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) (arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) (iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) (iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) (LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) (Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) (LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) (Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) (Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) (Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) (megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) (Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) (BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) (BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) (BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) (BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) (BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) (HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\VSTAZL3.SYS -> [2006/11/02 00:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) (ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) (E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\E1G60I32.sys -> [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) (HSF_DPV) HSF_DPV [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\HSX_DPV.sys -> [2006/10/18 10:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) (HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\HSXHWAZL.sys -> [2006/10/18 10:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) (winachsf) winachsf [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\HSX_CNXT.sys -> [2006/10/18 10:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) (XAudio) XAudio [Kernel | Auto | Stopped] -> C:\Windows\System32\drivers\XAudio.sys -> [2006/08/04 16:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2029585302-1984738456-1462650449-1134\] > -> -> HKEY_USERS\S-1-5-21-2029585302-1984738456-1462650449-1134\: Main\\"Start Page" -> http://www.google.com/ -> HKEY_USERS\S-1-5-21-2029585302-1984738456-1462650449-1134\: Main\\"StartPageCache" -> 1 -> HKEY_USERS\S-1-5-21-2029585302-1984738456-1462650449-1134\: "ProxyEnable" -> 1 -> HKEY_USERS\S-1-5-21-2029585302-1984738456-1462650449-1134\: "ProxyOverride" -> -> HKEY_USERS\S-1-5-21-2029585302-1984738456-1462650449-1134\: "ProxyServer" -> http=127.0.0.1:5555 -> < FireFox Settings [Prefs.js] > -> C:\Users\Kate.FLYPIXELS\AppData\Roaming\Mozilla\FireFox\Profiles\k3nmjnim.default\prefs.js -> browser.startup.homepage -> "http://www.google.com/" -> extensions.enabledItems -> {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\Program Files\Real\RealPlayer\browserrecord [C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD] -> [2008/11/19 19:37:40 | 000,000,000 | ---D | M] HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2] -> [2009/06/26 15:45:33 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/06/15 10:55:04 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/04/09 06:54:59 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Users\Kate.FLYPIXELS\AppData\Roaming\mozilla\Extensions -> [2009/04/22 09:24:45 | 000,000,000 | ---D | M] -> C:\Users\Kate.FLYPIXELS\AppData\Roaming\mozilla\Firefox\Profiles\k3nmjnim.default\extensions -> [2009/07/23 11:03:11 | 000,000,000 | ---D | M] Microsoft .NET Framework Assistant -> C:\Users\Kate.FLYPIXELS\AppData\Roaming\mozilla\Firefox\Profiles\k3nmjnim.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/06/25 12:58:57 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > -> -> C:\Program Files\Mozilla Firefox\extensions -> [2009/10/28 21:32:52 | 000,000,000 | ---D | M] < HOSTS File > ([2006/09/18 14:41:30 | 000,000,736 | ---- | M] - 20 lines) -> C:\Windows\System32\drivers\etc\hosts -> Reset Hosts ::1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2008/04/23 17:45:36 | 001,377,576 | ---- | M] (Skype Technologies S.A.) {3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2008/11/19 19:37:39 | 000,304,736 | ---- | M] (RealPlayer) {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} [HKLM] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [HP Smart BHO Class] -> [2008/10/16 18:26:40 | 000,505,136 | ---- | M] (Hewlett-Packard Co.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "" -> [] -> File not found "BrMfcWnd" -> C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN] -> [2008/02/19 09:22:08 | 001,089,536 | R--- | M] (Brother Industries, Ltd.) "ControlCenter3" -> C:\Program Files\Brother\ControlCenter3\brctrcen.exe [C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun] -> [2007/12/21 18:57:24 | 000,086,016 | ---- | M] (Brother Industries, Ltd.) "Intuit SyncManager" -> C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup] -> [2010/01/26 22:04:04 | 001,337,608 | ---- | M] (Intuit Inc. All rights reserved.) "PDVDDXSrv" -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe ["C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"] -> [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) "SigmatelSysTrayApp" -> C:\Windows\sttray.exe [sttray.exe] -> [2006/11/22 14:56:00 | 000,303,104 | ---- | M] (SigmaTel, Inc.) "TkBellExe" -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2008/11/19 19:37:08 | 000,185,872 | ---- | M] (RealNetworks, Inc.) "Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/19 00:36:02 | 002,153,472 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/19 00:36:02 | 002,153,472 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-21-2029585302-1984738456-1462650449-1134\] > -> HKEY_USERS\S-1-5-21-2029585302-1984738456-1462650449-1134\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "sfjdpjts" -> C:\Users\Kate.FLYPIXELS\AppData\Local\abwcogwqo\mkvjqxctssd.exe [C:\Users\Kate.FLYPIXELS\AppData\Local\abwcogwqo\mkvjqxctssd.exe] -> [2010/05/16 12:23:07 | 000,349,440 | ---- | M] () < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoWelcomeScreen" -> [1] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2029585302-1984738456-1462650449-1134] > -> HKEY_USERS\S-1-5-21-2029585302-1984738456-1462650449-1134\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-2029585302-1984738456-1462650449-1134\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2029585302-1984738456-1462650449-1134] > -> HKEY_USERS\S-1-5-21-2029585302-1984738456-1462650449-1134\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\S-1-5-21-2029585302-1984738456-1462650449-1134\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2029585302-1984738456-1462650449-1134\] > -> HKEY_USERS\S-1-5-21-2029585302-1984738456-1462650449-1134\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000] -> [2009/05/04 08:40:04 | 018,333,536 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Button: Skype] -> [2008/04/23 17:45:36 | 001,377,576 | ---- | M] (Skype Technologies S.A.) {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 20:12:22 | 000,040,424 | ---- | M] (Microsoft Corporation) {DDE87865-83C5-48c4-8357-2F5B1AA84522}:{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [Button: HP Smart Select] -> [2008/10/16 18:26:40 | 000,505,136 | ---- | M] (Hewlett-Packard Co.) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2029585302-1984738456-1462650449-1134\] > -> HKEY_USERS\S-1-5-21-2029585302-1984738456-1462650449-1134\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2029585302-1984738456-1462650449-1134\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2029585302-1984738456-1462650449-1134\] > -> HKEY_USERS\S-1-5-21-2029585302-1984738456-1462650449-1134\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2029585302-1984738456-1462650449-1134\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} [HKLM] -> http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab [HPDDClientExec Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] -> {AA299E98-6FB5-409F-99D3-D30D749F4864} [HKLM] -> http://k2.binaryscience.com/inc/kaxRemote.dll [kasRmtHlp Class] -> {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} [HKLM] -> http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab [get_atlcom Class] -> {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [HKLM] -> [Reg Error: Value error.] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.0.2 -> Domain -> flypixels.net -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {6D6B676F-5C82-4BE5-BA0E-7AD3CBB45437}\\DhcpNameServer -> 192.168.0.2 (Broadcom NetXtreme 57xx Gigabit Controller) -> {BA2942F5-20A9-437C-A289-B3FB0CD2EA7C}\\DhcpNameServer -> 192.168.0.2 (Dell Wireless 1490 Dual Band WLAN Mini-Card) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\Windows\explorer.exe -> [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> GoToAssist -> C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll -> File not found igfxcui -> C:\Windows\System32\igfxdev.dll -> [2006/11/06 09:00:48 | 000,212,992 | ---- | M] (Intel Corporation) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{41433632-24ac-11de-a5ee-c92d1eca30a2} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41433632-24ac-11de-a5ee-c92d1eca30a2}\shell \{41433632-24ac-11de-a5ee-c92d1eca30a2}\shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41433632-24ac-11de-a5ee-c92d1eca30a2}\shell\AutoRun\command \{41433632-24ac-11de-a5ee-c92d1eca30a2}\shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found \{95d41f90-a5f9-11de-a5b7-b2bf78dca966} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95d41f90-a5f9-11de-a5b7-b2bf78dca966}\shell\AutoRun\command \{95d41f90-a5f9-11de-a5b7-b2bf78dca966}\shell\AutoRun\command\\"" -> [RESTORE\c-1-3-64-8794238531-8742492-9897532\DriveFix.exe] -> File not found \{95d41f90-a5f9-11de-a5b7-b2bf78dca966} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95d41f90-a5f9-11de-a5b7-b2bf78dca966}\shell\open\command \{95d41f90-a5f9-11de-a5b7-b2bf78dca966}\shell\open\command\\"" -> [RESTORE\c-1-3-64-8794238531-8742492-9897532\DriveFix.exe] -> File not found < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Registry - Additional Scans - Safe List] < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> batfile [open] -> "%1" %* -> cmdfile [open] -> "%1" %* -> comfile [open] -> "%1" %* -> cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2006/11/02 02:44:59 | 000,211,968 | ---- | M] (Microsoft Corporation) exefile [open] -> "%1" %* -> hlpfile [open] -> %SystemRoot%\winhlp32.exe %1 -> [2006/11/02 02:45:57 | 000,009,216 | ---- | M] (Microsoft Corporation) htmlfile [edit] -> "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 -> [2006/10/26 20:12:34 | 000,067,896 | ---- | M] (Microsoft Corporation) htmlfile [print] -> "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 -> [2006/10/26 20:12:34 | 000,067,896 | ---- | M] (Microsoft Corporation) inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2008/01/19 00:33:12 | 000,011,776 | ---- | M] (Microsoft Corporation) piffile [open] -> "%1" %* -> scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/01/19 00:32:56 | 000,368,640 | ---- | M] (Microsoft Corporation) scrfile [open] -> "%1" /S -> Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2008/01/19 00:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation) Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) Folder [open] -> %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L -> [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) Folder [explore] -> %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L -> [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 3/8/2010 3:01:50 PM Computer Name = Kates-laptop.flypixels.net | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Program Files\Intuit\QuickBooks 2010\TIUpload.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Application [ Error ] 3/8/2010 3:01:51 PM Computer Name = Kates-laptop.flypixels.net | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Program Files\Intuit\QuickBooks 2010\TIUpload.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Application [ Error ] 3/8/2010 3:19:56 PM Computer Name = Kates-laptop.flypixels.net | Source = QuickBooks | ID = 4 -> Description = An unexpected error has occured in "QuickBooks Pro 2010": An attempt to LogOff without a logo Application [ Error ] 3/8/2010 3:41:42 PM Computer Name = Kates-laptop.flypixels.net | Source = QuickBooks | ID = 4 -> Description = An unexpected error has occured in "QuickBooks Pro 2010": Trying to process a record 145 : Checking - Bank of the Cascades for List Review edlist without actually being in a write transacti Application [ Error ] 3/9/2010 12:46:40 PM Computer Name = Kates-laptop.flypixels.net | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Program Files\Intuit\QuickBooks 2010\TIUpload.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Application [ Error ] 3/9/2010 12:46:40 PM Computer Name = Kates-laptop.flypixels.net | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Program Files\Intuit\QuickBooks 2010\TIUpload.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Application [ Error ] 3/9/2010 3:06:41 PM Computer Name = Kates-laptop.flypixels.net | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Program Files\Intuit\QuickBooks 2010\TIUpload.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Application [ Error ] 3/9/2010 3:06:42 PM Computer Name = Kates-laptop.flypixels.net | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Program Files\Intuit\QuickBooks 2010\TIUpload.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Application [ Error ] 3/9/2010 6:05:47 PM Computer Name = Kates-laptop.flypixels.net | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Program Files\Intuit\QuickBooks 2010\TIUpload.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Application [ Error ] 3/9/2010 6:05:47 PM Computer Name = Kates-laptop.flypixels.net | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Program Files\Intuit\QuickBooks 2010\TIUpload.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. OSession [ Error ] 1/21/2010 8:56:36 PM Computer Name = Kates-laptop.flypixels.net | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 17540 seconds with 7860 seconds of active time. This session ended with a crash. OSession [ Error ] 1/27/2010 10:13:39 AM Computer Name = Kates-laptop.flypixels.net | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 115918 seconds with 10680 seconds of active time. This session ended with a crash. OSession [ Error ] 1/29/2010 2:26:24 PM Computer Name = Kates-laptop.flypixels.net | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 99614 seconds with 9960 seconds of active time. This session ended with a crash. OSession [ Error ] 2/12/2010 10:48:35 AM Computer Name = Kates-laptop.flypixels.net | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1458 seconds with 840 seconds of active time. This session ended with a crash. OSession [ Error ] 2/15/2010 6:51:40 PM Computer Name = Kates-laptop.flypixels.net | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 24388 seconds with 5460 seconds of active time. This session ended with a crash. OSession [ Error ] 2/19/2010 2:26:43 PM Computer Name = Kates-laptop.flypixels.net | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 186598 seconds with 16620 seconds of active time. This session ended with a crash. OSession [ Error ] 3/17/2010 5:40:02 PM Computer Name = Kates-laptop.flypixels.net | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 246147 seconds with 27360 seconds of active time. This session ended with a crash. OSession [ Error ] 4/15/2010 1:46:20 PM Computer Name = Kates-laptop.flypixels.net | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4664 seconds with 840 seconds of active time. This session ended with a crash. OSession [ Error ] 4/22/2010 8:02:29 PM Computer Name = Kates-laptop.flypixels.net | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 121915 seconds with 16200 seconds of active time. This session ended with a crash. OSession [ Error ] 5/13/2010 9:05:23 AM Computer Name = Kates-laptop.flypixels.net | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 84628 seconds with 11040 seconds of active time. This session ended with a crash. System [ Error ] 5/17/2010 1:32:09 PM Computer Name = Kates-laptop.flypixels.net | Source = DCOM | ID = 10010 -> Description = System [ Error ] 5/17/2010 2:39:45 PM Computer Name = Kates-laptop.flypixels.net | Source = Service Control Manager | ID = 7034 -> Description = System [ Error ] 5/17/2010 2:41:39 PM Computer Name = Kates-laptop.flypixels.net | Source = NETLOGON | ID = 5719 -> Description = This computer was not able to set up a secure session with a domain controller in domain FLYPIXELS due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. System [ Error ] 5/17/2010 2:41:58 PM Computer Name = Kates-laptop.flypixels.net | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 -> Description = System [ Error ] 5/17/2010 2:42:09 PM Computer Name = Kates-laptop.flypixels.net | Source = DCOM | ID = 10005 -> Description = System [ Error ] 5/17/2010 2:42:23 PM Computer Name = Kates-laptop.flypixels.net | Source = DCOM | ID = 10005 -> Description = System [ Error ] 5/17/2010 2:42:55 PM Computer Name = Kates-laptop.flypixels.net | Source = DCOM | ID = 10005 -> Description = System [ Error ] 5/17/2010 2:42:56 PM Computer Name = Kates-laptop.flypixels.net | Source = Service Control Manager | ID = 7001 -> Description = System [ Error ] 5/17/2010 2:42:56 PM Computer Name = Kates-laptop.flypixels.net | Source = Service Control Manager | ID = 7026 -> Description = System [ Error ] 5/17/2010 2:44:21 PM Computer Name = Kates-laptop.flypixels.net | Source = DCOM | ID = 10005 -> Description = [Files/Folders - Created Within 30 Days] Wise Installation Wizard -> C:\Program Files\Common Files\Wise Installation Wizard -> [2010/05/17 11:33:20 | 000,000,000 | ---D | C] abwcogwqo -> C:\Users\Kate.FLYPIXELS\AppData\Local\abwcogwqo -> [2010/05/16 12:24:05 | 000,000,000 | ---D | C] KATV -> C:\Users\Kate.FLYPIXELS\Desktop\KATV -> [2010/05/11 15:49:24 | 000,000,000 | ---D | C] [Files/Folders - Modified Within 30 Days] NTUSER.DAT -> C:\Users\Kate.FLYPIXELS\NTUSER.DAT -> [2010/05/17 11:53:49 | 004,456,448 | -HS- | M] () d3d9caps.dat -> C:\Users\Kate.FLYPIXELS\AppData\Local\d3d9caps.dat -> [2010/05/17 11:46:55 | 000,001,356 | ---- | M] () PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2010/05/17 11:46:48 | 000,707,452 | ---- | M] () perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2010/05/17 11:46:48 | 000,605,930 | ---- | M] () perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2010/05/17 11:46:48 | 000,105,300 | ---- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Kate.FLYPIXELS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/05/17 11:43:39 | 000,046,080 | ---- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2010/05/17 11:41:27 | 000,067,584 | --S- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/05/17 11:40:01 | 000,003,648 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/05/17 11:40:00 | 000,003,648 | -H-- | M] () SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/05/17 11:39:54 | 000,000,006 | -H-- | M] () NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Kate.FLYPIXELS\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/17 11:39:39 | 000,524,288 | -HS- | M] () NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf -> C:\Users\Kate.FLYPIXELS\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf -> [2010/05/17 11:39:39 | 000,065,536 | -HS- | M] () IconCache.db -> C:\Users\Kate.FLYPIXELS\AppData\Local\IconCache.db -> [2010/05/17 11:39:26 | 002,098,616 | -H-- | M] () the wait 4-1-10.pdf -> C:\Users\Kate.FLYPIXELS\Desktop\the wait 4-1-10.pdf -> [2010/05/13 05:58:38 | 002,399,677 | ---- | M] () QBChanUtil_Trigger.ini -> C:\Windows\QBChanUtil_Trigger.ini -> [2010/05/07 10:09:32 | 000,000,090 | ---- | M] () MpSigStub.exe -> C:\Windows\System32\MpSigStub.exe -> [2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) Google Chrome.lnk -> C:\Users\Kate.FLYPIXELS\Desktop\Google Chrome.lnk -> [2010/04/29 17:06:03 | 000,002,087 | ---- | M] () FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2010/04/29 06:32:53 | 000,387,744 | ---- | M] () Copy of 2010_openhouse_RV.xls -> C:\Users\Kate.FLYPIXELS\Documents\Copy of 2010_openhouse_RV.xls -> [2010/04/19 12:20:42 | 000,032,256 | ---- | M] () [Files - No Company Name] the wait 4-1-10.pdf -> C:\Users\Kate.FLYPIXELS\Desktop\the wait 4-1-10.pdf -> [2010/05/13 05:58:37 | 002,399,677 | ---- | C] () QBChanUtil_Trigger.ini -> C:\Windows\QBChanUtil_Trigger.ini -> [2009/10/12 11:54:14 | 000,000,090 | ---- | C] () Brpfx04a.ini -> C:\Windows\Brpfx04a.ini -> [2009/02/23 15:31:39 | 000,000,245 | ---- | C] () brpcfx.ini -> C:\Windows\brpcfx.ini -> [2009/02/23 15:31:39 | 000,000,094 | ---- | C] () BRWMARK.INI -> C:\Windows\BRWMARK.INI -> [2009/02/23 15:30:33 | 000,000,419 | ---- | C] () BRPP2KA.INI -> C:\Windows\BRPP2KA.INI -> [2009/02/23 15:30:33 | 000,000,027 | ---- | C] () Brfaxrx.ini -> C:\Windows\Brfaxrx.ini -> [2009/02/23 15:27:08 | 000,000,066 | ---- | C] () BrMuSNMP.dll -> C:\Windows\System32\BrMuSNMP.dll -> [2009/02/23 15:26:53 | 000,106,496 | ---- | C] () cpwmon2k.dll -> C:\Windows\System32\cpwmon2k.dll -> [2009/02/20 15:53:10 | 000,087,552 | ---- | C] () Primomonnt.dll -> C:\Windows\System32\Primomonnt.dll -> [2009/02/20 15:42:20 | 000,176,235 | ---- | C] () bcmwlrmt.dll -> C:\Windows\System32\bcmwlrmt.dll -> [2008/07/11 15:37:09 | 000,055,808 | ---- | C] () igfxCoIn_v1114.dll -> C:\Windows\System32\igfxCoIn_v1114.dll -> [2008/07/11 14:20:29 | 000,204,800 | ---- | C] () oemdspif.dll -> C:\Windows\System32\oemdspif.dll -> [2008/07/11 14:20:29 | 000,053,248 | ---- | C] () hccutils.dll -> C:\Windows\System32\hccutils.dll -> [2008/07/11 14:20:28 | 000,077,824 | ---- | C] () primopdf.ini -> C:\Windows\primopdf.ini -> [2008/04/28 10:13:33 | 000,000,302 | ---- | C] () GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 05:37:40 | 000,030,808 | ---- | C] () GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 05:37:40 | 000,029,779 | ---- | C] () GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 05:37:40 | 000,026,489 | ---- | C] () GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 05:37:40 | 000,026,040 | ---- | C] () igfxTMM.dll -> C:\Windows\System32\igfxTMM.dll -> [2006/11/02 03:25:21 | 000,061,440 | ---- | C] () pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 00:40:29 | 000,013,750 | ---- | C] () [File - Lop Check] app.destroytwitter.23CA2F9B070E2FB8C4472F982F88B1A471F11AE2.1 -> C:\Users\Kate.FLYPIXELS\AppData\Roaming\app.destroytwitter.23CA2F9B070E2FB8C4472F982F88B1A471F11AE2.1 -> [2009/07/17 07:00:17 | 000,000,000 | ---D | M] webex -> C:\Users\Kate.FLYPIXELS\AppData\Roaming\webex -> [2009/08/04 17:03:54 | 000,000,000 | ---D | M] SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2010/05/17 11:40:01 | 000,032,606 | ---- | M] () [File - Purity Scan] [Custom Scans] < netsvcs > < %SYSTEMDRIVE%\*.exe > < MD5 Scans Start> < %systemdrive%\AGP440.SYS /md5 /s > AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys -> [2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys -> [2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys -> [2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) AGP440.sys : MD5=313FF294978EA6AF715722D708FB249F -> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys -> [2008/07/11 14:06:52 | 000,053,864 | ---- | M] (Microsoft Corporation) AGP440.sys : MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -> C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys -> [2008/07/11 14:06:52 | 000,053,864 | ---- | M] (Microsoft Corporation) AGP440.sys : MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys -> [2008/07/11 14:06:52 | 000,053,864 | ---- | M] (Microsoft Corporation) AGP440.sys : MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -> C:\Windows\System32\drivers\AGP440.sys -> [2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) AGP440.sys : MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -> C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys -> [2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) < %systemdrive%\ATAPI.SYS /md5 /s > atapi.sys : MD5=1F05B78AB91C9075565A9D8A4B880BC4 -> C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys -> [2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=2D9C903DC76A66813D350A562DE40ED9 -> C:\Windows\System32\drivers\atapi.sys -> [2008/01/19 00:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=2D9C903DC76A66813D350A562DE40ED9 -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys -> [2008/01/19 00:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=2D9C903DC76A66813D350A562DE40ED9 -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys -> [2008/01/19 00:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys -> [2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=5653737BAD8C6C10136451C195C19881 -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys -> [2006/11/22 07:54:42 | 000,019,048 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=A779CA2C76DA4FCB595E692C05E8E4EB -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys -> [2006/11/22 07:54:41 | 000,019,048 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=A779CA2C76DA4FCB595E692C05E8E4EB -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys -> [2006/11/22 07:54:41 | 000,019,048 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=B35CFCEF838382AB6490B321C87EDF17 -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys -> [2008/07/11 17:23:37 | 000,021,560 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=B35CFCEF838382AB6490B321C87EDF17 -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys -> [2008/07/11 17:23:37 | 000,021,560 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=E03E8C99D15D0381E02743C36AFC7C6F -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys -> [2008/07/11 17:23:36 | 000,021,560 | ---- | M] (Microsoft Corporation) < %systemdrive%\CNGAUDIT.DLL /md5 /s > cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D -> C:\Windows\System32\cngaudit.dll -> [2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D -> C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll -> [2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) < %systemdrive%\IASTORV.SYS /md5 /s > iaStorV.sys : MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -> C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys -> [2008/01/19 00:42:51 | 000,235,064 | ---- | M] (Intel Corporation) iaStorV.sys : MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -> C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys -> [2008/01/19 00:42:51 | 000,235,064 | ---- | M] (Intel Corporation) iaStorV.sys : MD5=C957BF4B5D80B46C5017BF0101E6C906 -> C:\Windows\System32\drivers\iaStorV.sys -> [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) iaStorV.sys : MD5=C957BF4B5D80B46C5017BF0101E6C906 -> C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys -> [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) < %systemdrive%\NETLOGON.DLL /md5 /s > netlogon.dll : MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -> C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll -> [2006/11/02 02:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=95DAECF0FB120A7B5DA679CC54E37DDE -> C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll -> [2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -> C:\Windows\System32\netlogon.dll -> [2008/01/19 00:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -> C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll -> [2008/01/19 00:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) < %systemdrive%\NVSTOR.SYS /md5 /s > nvstor.sys : MD5=9E0BA19A28C498A6D323D065DB76DFFC -> C:\Windows\System32\drivers\nvstor.sys -> [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) nvstor.sys : MD5=9E0BA19A28C498A6D323D065DB76DFFC -> C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys -> [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) nvstor.sys : MD5=ABED0C09758D1D97DB0042DBB2688177 -> C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys -> [2008/01/19 00:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) nvstor.sys : MD5=ABED0C09758D1D97DB0042DBB2688177 -> C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys -> [2008/01/19 00:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) < %systemdrive%\SCECLI.DLL /md5 /s > scecli.dll : MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -> C:\Windows\System32\scecli.dll -> [2008/01/19 00:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -> C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll -> [2008/01/19 00:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=80E2839D05CA5970A86D7BE2A08BFF61 -> C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll -> [2006/11/02 02:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=8FC182167381E9915651267044105EE1 -> C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll -> [2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) < MD5 Scans End> < %systemroot%\*. /mp /s > CREATERESTOREPOINT Error creating restore point. < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > COMPONENTS.SAV -> C:\Windows\System32\config\COMPONENTS.SAV -> [2006/11/02 03:34:05 | 000,008,192 | ---- | M] () DEFAULT.SAV -> C:\Windows\System32\config\DEFAULT.SAV -> [2006/11/02 03:34:05 | 000,020,480 | ---- | M] () SECURITY.SAV -> C:\Windows\System32\config\SECURITY.SAV -> [2006/11/02 03:34:05 | 000,008,192 | ---- | M] () SOFTWARE.SAV -> C:\Windows\System32\config\SOFTWARE.SAV -> [2006/11/02 03:34:08 | 010,133,504 | ---- | M] () SYSTEM.SAV -> C:\Windows\System32\config\SYSTEM.SAV -> [2006/11/02 03:34:08 | 001,826,816 | ---- | M] () < End of report > [/code]