Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple Problems including infected registry and Google Redirect Prob


  • Please log in to reply

#1
vistaacc

vistaacc

    New Member

  • Member
  • Pip
  • 2 posts
Multiple Problems including infected registry and Google Redirect Problems – weekly scans with GTG recommended software has not resolved issue.

About a month ago I started running weekly scans with the recommended GTG tools for Malware removal including cleaning temp files with TFC and creating registry backups and system restore points. I also run SuperAntiSpyware each week in addition to the tools you guys recommend. (Prior to that I was doing it about once a month.) Despite this I am having multiple problems with my PC. It runs slowly and my QuickBooks won’t run due to some registry issue (according to QB support). QB support advised me that my registry is infected with a virus and they can not support my QB until I get this issue resolved first.

Additionally I have a Google Redirect problem which I tried to resolve with the removal guide at GTG a few weeks ago. I ran Goored Fix which seem to run okay, but my system would not run TDSSKILLER (I think because I’m running Vista). For the first few days it seemed the issue was resolved, but now I’m having trouble with it again.

The Malwarebyte’s log that I’m including is out of date because although I was able to install the software it will not update. The first time it would not update I uninstalled the program and re-installed it again with the same problem. The error it gives me is:
“An error has occurred. Please report this error code to our support team. MBAM_ERROR_UPDATING (12007, 0, WinHttpSendRequest)”
Malwarebyte’s definitions was last updated 4/29/10, database version 4052, fingerprints 227746.

I also run SuperAntiSpyware each week (and the definitions for this program are up to date). Let me know if I should include the log from this program as well.

When I installed and ran GMER the only options that were available for selection were Services, Registry, Files, C:\, and ADS. All other options were grayed out and not available for selection. When it finished running it gave me a message that, “GMER hasn’t found any system modification.” I tried to save a log anyway as ark.txt, but the file was completely empty so I did not include that log here.

I am currently using Webroot Anti Virus with Spy Sweeper. I’m not sure if this program is any good, someone recommended it to me and I’m using a paid version. Let me know if there is a better program you would suggest for anti virus please.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

8/5/2010 8:38:32 AM
mbam-log-2010-08-05 (08-38-32).txt

Scan type: Quick scan
Objects scanned: 149773
Time elapsed: 4 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files (x86)\BackupLib.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files (x86)\boost_regex-vc80-mt-p-1_33.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files (x86)\boost_serialization-vc80-mt-p-1_33.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files (x86)\QBMAPILibrary.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files (x86)\tlstubv5.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files (x86)\xmlparse_tok.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.


OTL logfile created on: 8/5/2010 9:51:36 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 73.00% Memory free
16.00 Gb Paging File | 13.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.86 Gb Total Space | 726.35 Gb Free Space | 79.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/05 09:50:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
PRC - [2010/04/23 10:23:42 | 000,030,192 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/01/25 10:19:10 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/12/08 22:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/11/06 16:20:10 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 13:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/11/06 13:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.exe
PRC - [2009/10/13 07:44:52 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/09/16 19:33:46 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/07/26 17:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/05 12:51:22 | 000,123,904 | ---- | M] (IOI) -- C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
PRC - [2009/02/06 19:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
PRC - [2008/12/24 14:29:30 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
PRC - [2008/05/30 12:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe
PRC - [2008/04/23 19:05:16 | 000,339,968 | ---- | M] (Creative) -- C:\Windows\CNYHKey.exe
PRC - [2008/02/01 13:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:\Windows\ChiFuncExt.exe
PRC - [2007/07/12 14:49:54 | 001,953,792 | ---- | M] (Online Backup) -- C:\Program Files (x86)\CBeyond\SecureBackup\Online-Backup.exe
PRC - [2007/01/08 16:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModLEDKey.exe
PRC - [2006/09/13 10:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\QBDBMgrN.exe


========== Modules (SafeList) ==========

MOD - [2010/08/05 09:50:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
MOD - [2008/01/20 21:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/08/18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/01/08 04:07:00 | 000,382,464 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\SysNative\ykx64mpcoinst.dll -- (yksvc)
SRV:64bit: - [2008/12/10 17:04:56 | 000,935,424 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/10 22:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/06/02 16:06:52 | 000,120,712 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2010/04/23 10:23:42 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/27 12:22:02 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/01/25 10:19:10 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/11/06 13:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/09/16 18:22:08 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 21:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 21:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/09/13 10:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\QBDBMgrN.exe -- (QuickBooksDB18)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/06/02 16:07:10 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/27 12:22:02 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/01/27 12:21:36 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2009/11/06 13:00:36 | 000,135,280 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2009/11/06 13:00:34 | 000,037,488 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV:64bit: - [2009/04/11 00:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/03/20 21:05:56 | 000,676,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\y_cx88x.sys -- (cxpl_mhd) CX23885/8 PCI-E AvStream Video Capture (PalomarMHD)
DRV:64bit: - [2009/01/08 04:07:00 | 000,405,504 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/12/25 04:30:52 | 000,190,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008/12/10 18:31:24 | 004,993,024 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/10/02 23:08:28 | 000,225,296 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2008/05/09 02:30:28 | 000,444,960 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2008/04/28 08:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/03/05 01:22:34 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/01/27 12:22:02 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...d=0509&m=dx4300
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...d=0509&m=dx4300
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...d=0509&m=dx4300
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...d=0509&m=dx4300

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...d=0509&m=dx4300
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...d=0509&m=dx4300
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/07/26 09:32:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/04/22 09:01:22 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions
[2010/04/22 09:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

O1 HOSTS File: ([2010/06/05 16:06:56 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [OEM Upgrade DVD] C:\OEM\Upgrade Kit\DVDMainStart.Launcher.exe (Acer Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] File not found
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LchDrvKey] C:\Windows\LchDrvKey.exe ()
O4 - HKLM..\Run: [LedKey] C:\Windows\CNYHKey.exe (Creative)
O4 - HKLM..\Run: [MSN Toolbar] c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.108 213.109.77.153 1.1.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O30:64bit: - LSA: Authentication Packages - (ows\S) - File not found
O30 - LSA: Authentication Packages - (ows\S) - File not found
O30:64bit: - LSA: Security Packages - (T2㐀 㠵ᘨ 協歰⹧汤l< 뻯㠵ᘨ㠵ᘨ&) - File not found
O30:64bit: - LSA: Security Packages - (䟢) - File not found
O30 - LSA: Security Packages - (T2㐀 㠵ᘨ 協歰⹧汤l< 뻯㠵ᘨ㠵ᘨ&) - File not found
O30 - LSA: Security Packages - (䟢) - File not found
O30 - LSA: Security Packages - (ᘨ㠵ᘨ&) - Fi) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cccfa24c-4772-11de-8ed7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cccfa24c-4772-11de-8ed7-806e6f6e6963}\Shell\AutoRun\command - "" = I:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/08/05 09:50:15 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2010/08/02 12:17:56 | 002,312,648 | ---- | C] (Apache Software Foundation) -- C:\Program Files (x86)\xerces-c_2_8.dll
[2010/08/02 12:17:54 | 001,974,272 | ---- | C] (Apache Software Foundation) -- C:\Program Files (x86)\xerces-c_2_4_0MT.dll
[2010/07/30 12:05:07 | 000,000,000 | ---D | C] -- C:\QB Extracted Installer Files
[2010/07/30 11:51:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Data
[2010/07/30 11:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SQL Anywhere 11
[2010/07/30 11:24:57 | 000,000,000 | ---D | C] -- C:\Windows\Intuit
[2010/07/23 15:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2010/07/23 15:48:38 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Intuit
[2010/07/23 15:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HelpResources
[2010/07/23 15:43:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Convert03
[2010/07/23 15:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Components
[2010/07/23 15:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2010/07/23 14:57:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eusing Free Registry Cleaner
[2010/07/23 12:49:20 | 000,000,000 | ---D | C] -- C:\QB Backups
[2010/07/09 18:00:29 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com
[2010/07/09 18:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/07/09 18:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/07/09 18:00:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/09 16:47:32 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes
[2010/07/09 16:47:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/09 16:47:23 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/07/09 16:47:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/09 16:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/28 12:06:11 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\LogMeIn
[2010/06/28 12:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2010/06/28 12:06:05 | 000,033,152 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2010/06/28 12:06:04 | 000,087,456 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2010/06/28 12:06:04 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys
[2010/06/28 12:06:01 | 000,080,768 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2010/06/28 12:05:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn
[2010/06/28 12:01:48 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Apps
[2010/06/28 12:01:46 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Deployment
[2010/06/28 11:16:46 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\IT SUPPORT - DO NOT DELETE
[2010/06/28 11:16:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/07 07:55:53 | 000,000,000 | ---D | C] -- C:\Windows\acerTemp
[2010/05/28 08:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/19 15:46:02 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Microsoft Games

========== Files - Modified Within 90 Days ==========

[2010/08/05 10:22:21 | 002,359,296 | -HS- | M] () -- C:\Users\owner\ntuser.dat
[2010/08/05 10:20:59 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/05 10:20:59 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{72EDB5BD-F36F-4944-9B56-03D8DD94DB63}.job
[2010/08/05 09:50:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2010/08/05 09:25:04 | 000,002,547 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CBeyond Secure Backup & Fileshare.lnk
[2010/08/05 09:25:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/05 09:21:25 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/05 09:21:25 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/05 09:21:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/05 09:21:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/05 09:16:05 | 000,524,288 | -HS- | M] () -- C:\Users\owner\ntuser.dat{ed3be5c7-9be7-11df-96fc-002268667b60}.TMContainer00000000000000000001.regtrans-ms
[2010/08/05 09:16:05 | 000,065,536 | -HS- | M] () -- C:\Users\owner\ntuser.dat{ed3be5c7-9be7-11df-96fc-002268667b60}.TM.blf
[2010/08/05 09:16:04 | 003,871,714 | -H-- | M] () -- C:\Users\owner\AppData\Local\IconCache.db
[2010/08/05 08:19:19 | 115,859,456 | R--- | M] () -- C:\VISTA AIR SERVICES.QBW
[2010/08/05 08:19:19 | 000,196,608 | R--- | M] () -- C:\VISTA AIR SERVICES.QBW.TLG
[2010/08/05 08:19:19 | 000,000,367 | ---- | M] () -- C:\VISTA AIR SERVICES.QBW.nd
[2010/08/05 08:04:35 | 000,000,057 | ---- | M] () -- C:\Program Files (x86)\asasrv.ini
[2010/08/02 16:08:04 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/02 16:08:04 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/02 16:08:04 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/02 16:00:01 | 000,001,716 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_LEAA001EE8FBC41BCA6C01E0167781008.job
[2010/08/02 12:17:34 | 000,145,790 | ---- | M] () -- C:\Program Files (x86)\qpstbl2.usa
[2010/08/02 12:17:34 | 000,079,254 | ---- | M] () -- C:\Program Files (x86)\ttchange.htm
[2010/08/02 12:17:34 | 000,008,378 | ---- | M] () -- C:\Program Files (x86)\shareupdate.htm
[2010/08/02 12:17:33 | 000,122,880 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\pr2frm32.usa
[2010/08/02 12:17:33 | 000,080,854 | ---- | M] () -- C:\Program Files (x86)\payrollforms.htm
[2010/08/02 12:17:33 | 000,025,533 | ---- | M] () -- C:\Program Files (x86)\epay.htm
[2010/08/02 12:17:33 | 000,015,252 | ---- | M] () -- C:\Program Files (x86)\payrollupdate.htm
[2010/08/02 12:17:33 | 000,004,523 | ---- | M] () -- C:\Program Files (x86)\header_tf_all.gif
[2010/08/02 12:17:33 | 000,004,500 | ---- | M] () -- C:\Program Files (x86)\header_ef_all.gif
[2010/08/02 12:17:33 | 000,004,488 | ---- | M] () -- C:\Program Files (x86)\header_payroll_all.gif
[2010/08/02 12:17:33 | 000,004,464 | ---- | M] () -- C:\Program Files (x86)\header_tt_all.gif
[2010/08/02 12:17:33 | 000,004,412 | ---- | M] () -- C:\Program Files (x86)\header_share_update_all.gif
[2010/08/02 12:17:33 | 000,003,770 | ---- | M] () -- C:\Program Files (x86)\header_update_news.gif
[2010/08/02 12:17:33 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\header_tt_changes.gif
[2010/08/02 12:17:33 | 000,003,684 | ---- | M] () -- C:\Program Files (x86)\header_share_update.gif
[2010/08/02 12:17:33 | 000,001,156 | ---- | M] () -- C:\Program Files (x86)\copyright.gif
[2010/08/02 12:17:33 | 000,000,091 | ---- | M] () -- C:\Program Files (x86)\bolt.gif
[2010/07/30 13:21:32 | 000,000,117 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/07/30 09:57:17 | 000,524,288 | -HS- | M] () -- C:\Users\owner\ntuser.dat{ed3be5c7-9be7-11df-96fc-002268667b60}.TMContainer00000000000000000002.regtrans-ms
[2010/07/30 09:50:00 | 000,524,288 | -HS- | M] () -- C:\Users\owner\ntuser.dat{403f1b18-1717-11df-85a1-002268667b60}.TMContainer00000000000000000001.regtrans-ms
[2010/07/30 09:50:00 | 000,065,536 | -HS- | M] () -- C:\Users\owner\ntuser.dat{403f1b18-1717-11df-85a1-002268667b60}.TM.blf
[2010/07/23 18:28:13 | 294,957,056 | R--- | M] () -- C:\Vista(OLD).QBW
[2010/07/23 18:28:13 | 000,720,896 | R--- | M] () -- C:\Vista(OLD).QBW.TLG
[2010/07/23 18:28:13 | 000,000,359 | ---- | M] () -- C:\Vista(OLD).QBW.nd
[2010/07/23 17:14:22 | 004,785,416 | ---- | M] () -- C:\Program Files (x86)\PrintEng.dll
[2010/07/23 17:14:22 | 002,312,648 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\xerces-c_2_8.dll
[2010/07/23 17:14:22 | 000,055,144 | ---- | M] () -- C:\Program Files (x86)\QBFormHelp.chm
[2010/07/23 16:59:40 | 000,055,726 | ---- | M] () -- C:\Program Files (x86)\fsdyf.chm
[2010/07/23 16:19:01 | 001,468,604 | ---- | M] () -- C:\Program Files (x86)\NozHelp.chm
[2010/07/23 16:19:01 | 000,015,476 | ---- | M] () -- C:\Program Files (x86)\UPSDynHelp.chm
[2010/07/23 16:05:43 | 000,000,352 | ---- | M] () -- C:\Program Files (x86)\ud.dat
[2010/07/23 16:05:43 | 000,000,059 | ---- | M] () -- C:\Program Files (x86)\util_db.ini
[2010/07/23 16:05:30 | 000,010,589 | ---- | M] () -- C:\Program Files (x86)\reboot.bat
[2010/07/23 16:02:46 | 000,009,432 | ---- | M] () -- C:\Program Files (x86)\qbm3t2.dat
[2010/07/23 15:49:12 | 000,001,803 | ---- | M] () -- C:\Users\Public\Desktop\QuickBooks Premier - Contractor Edition 2008.lnk
[2010/07/23 15:46:11 | 000,000,195 | ---- | M] () -- C:\Users\Public\Desktop\Process Credit Cards in QuickBooks.url
[2010/07/23 15:46:11 | 000,000,191 | ---- | M] () -- C:\Users\Public\Desktop\Support for QuickBooks.url
[2010/07/23 15:46:11 | 000,000,171 | ---- | M] () -- C:\Users\Public\Desktop\Checks & More for QuickBooks.url
[2010/07/23 15:46:11 | 000,000,156 | ---- | M] () -- C:\Users\Public\Desktop\Payroll for QuickBooks.url
[2010/07/23 15:24:21 | 000,000,970 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/23 14:57:02 | 000,000,894 | ---- | M] () -- C:\Users\owner\Desktop\Eusing Free Registry Cleaner.lnk
[2010/07/23 11:56:08 | 000,320,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/07/23 11:56:08 | 000,075,904 | ---- | M] () -- C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/23 11:53:50 | 000,002,335 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2010/07/23 10:31:49 | 000,019,456 | ---- | M] () -- C:\Users\owner\Documents\Vehicle Acknowledgement.doc
[2010/07/21 12:49:42 | 000,019,968 | ---- | M] () -- C:\Users\owner\Documents\INTENT TO LEIN.doc
[2010/07/21 12:24:31 | 000,001,122 | ---- | M] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat
[2010/07/19 08:00:05 | 000,001,716 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L1D65FADE97CE4F3FAF7EF07B7F757C7C.job
[2010/07/18 13:48:10 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2010/07/14 16:09:33 | 000,002,535 | ---- | M] () -- C:\Users\Public\Desktop\CBeyond Secure Backup & Fileshare.lnk
[2010/07/02 09:22:45 | 000,019,456 | ---- | M] () -- C:\Users\owner\Documents\Notice to Employees 4th of July.doc
[2010/06/28 12:05:59 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/06/22 10:49:37 | 000,019,968 | ---- | M] () -- C:\Users\owner\Documents\COVER SHEET.doc
[2010/06/08 10:35:51 | 000,040,960 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/05 16:06:56 | 000,000,761 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[2010/06/04 12:25:27 | 000,022,016 | ---- | M] () -- C:\Users\owner\Documents\Partial Lein Release.doc
[2010/06/02 16:07:10 | 000,087,456 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2010/06/02 16:07:00 | 000,033,152 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2010/06/02 16:06:58 | 000,080,768 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2010/05/28 12:28:40 | 000,166,490 | ---- | M] () -- C:\Users\owner\Documents\ralph reciept license.xps
[2010/05/26 08:27:52 | 000,023,552 | ---- | M] () -- C:\Users\owner\Documents\FINAL RELEASE AND WAIVER.doc
[2010/05/25 12:29:30 | 000,637,440 | ---- | M] () -- C:\Users\owner\Documents\check go 6801.wps
[2010/05/14 09:59:15 | 000,021,504 | ---- | M] () -- C:\Users\owner\Documents\LEIN.doc
[2010/05/14 08:22:34 | 000,021,504 | ---- | M] () -- C:\Users\owner\Documents\INTENT TO LEIN 2.doc

========== Files Created - No Company Name ==========

[2010/08/02 12:17:53 | 004,785,416 | ---- | C] () -- C:\Program Files (x86)\PrintEng.dll
[2010/08/02 12:17:51 | 000,008,378 | ---- | C] () -- C:\Program Files (x86)\shareupdate.htm
[2010/07/30 11:29:07 | 000,000,117 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/07/30 09:54:44 | 000,524,288 | -HS- | C] () -- C:\Users\owner\ntuser.dat{ed3be5c7-9be7-11df-96fc-002268667b60}.TMContainer00000000000000000002.regtrans-ms
[2010/07/30 09:54:44 | 000,524,288 | -HS- | C] () -- C:\Users\owner\ntuser.dat{ed3be5c7-9be7-11df-96fc-002268667b60}.TMContainer00000000000000000001.regtrans-ms
[2010/07/30 09:54:44 | 000,065,536 | -HS- | C] () -- C:\Users\owner\ntuser.dat{ed3be5c7-9be7-11df-96fc-002268667b60}.TM.blf
[2010/07/29 11:48:32 | 000,055,726 | ---- | C] () -- C:\Program Files (x86)\fsdyf.chm
[2010/07/29 11:48:30 | 000,055,144 | ---- | C] () -- C:\Program Files (x86)\QBFormHelp.chm
[2010/07/29 11:48:26 | 000,025,533 | ---- | C] () -- C:\Program Files (x86)\epay.htm
[2010/07/29 11:48:26 | 000,004,523 | ---- | C] () -- C:\Program Files (x86)\header_tf_all.gif
[2010/07/29 11:48:26 | 000,004,500 | ---- | C] () -- C:\Program Files (x86)\header_ef_all.gif
[2010/07/29 11:48:26 | 000,004,488 | ---- | C] () -- C:\Program Files (x86)\header_payroll_all.gif
[2010/07/29 11:48:26 | 000,004,464 | ---- | C] () -- C:\Program Files (x86)\header_tt_all.gif
[2010/07/29 11:48:26 | 000,004,412 | ---- | C] () -- C:\Program Files (x86)\header_share_update_all.gif
[2010/07/29 11:48:26 | 000,003,770 | ---- | C] () -- C:\Program Files (x86)\header_update_news.gif
[2010/07/29 11:48:26 | 000,003,768 | ---- | C] () -- C:\Program Files (x86)\header_tt_changes.gif
[2010/07/29 11:48:26 | 000,003,684 | ---- | C] () -- C:\Program Files (x86)\header_share_update.gif
[2010/07/29 11:48:26 | 000,001,156 | ---- | C] () -- C:\Program Files (x86)\copyright.gif
[2010/07/29 11:48:26 | 000,000,091 | ---- | C] () -- C:\Program Files (x86)\bolt.gif
[2010/07/23 16:02:46 | 000,009,432 | ---- | C] () -- C:\Program Files (x86)\qbm3t2.dat
[2010/07/23 15:57:14 | 001,468,604 | ---- | C] () -- C:\Program Files (x86)\NozHelp.chm
[2010/07/23 15:57:14 | 000,015,476 | ---- | C] () -- C:\Program Files (x86)\UPSDynHelp.chm
[2010/07/23 15:49:12 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\QuickBooks Premier - Contractor Edition 2008.lnk
[2010/07/23 15:48:39 | 000,000,057 | ---- | C] () -- C:\Program Files (x86)\asasrv.ini
[2010/07/23 15:46:59 | 000,010,589 | ---- | C] () -- C:\Program Files (x86)\reboot.bat
[2010/07/23 15:46:59 | 000,001,463 | ---- | C] () -- C:\Program Files (x86)\install.log
[2010/07/23 15:46:58 | 000,058,632 | R--- | C] () -- C:\Program Files (x86)\askforcd.exe
[2010/07/23 15:46:11 | 000,000,195 | ---- | C] () -- C:\Users\Public\Desktop\Process Credit Cards in QuickBooks.url
[2010/07/23 15:46:11 | 000,000,191 | ---- | C] () -- C:\Users\Public\Desktop\Support for QuickBooks.url
[2010/07/23 15:46:11 | 000,000,171 | ---- | C] () -- C:\Users\Public\Desktop\Checks & More for QuickBooks.url
[2010/07/23 15:46:11 | 000,000,156 | ---- | C] () -- C:\Users\Public\Desktop\Payroll for QuickBooks.url
[2010/07/23 14:57:02 | 000,000,894 | ---- | C] () -- C:\Users\owner\Desktop\Eusing Free Registry Cleaner.lnk
[2010/07/23 10:31:48 | 000,019,456 | ---- | C] () -- C:\Users\owner\Documents\Vehicle Acknowledgement.doc
[2010/07/16 16:04:53 | 000,196,608 | R--- | C] () -- C:\VISTA AIR SERVICES.QBW.TLG
[2010/07/02 09:22:43 | 000,019,456 | ---- | C] () -- C:\Users\owner\Documents\Notice to Employees 4th of July.doc
[2010/06/28 12:05:58 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010/06/09 08:02:21 | 000,001,716 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_LEAA001EE8FBC41BCA6C01E0167781008.job
[2010/05/28 12:28:34 | 000,166,490 | ---- | C] () -- C:\Users\owner\Documents\ralph reciept license.xps
[2010/05/25 12:29:29 | 000,637,440 | ---- | C] () -- C:\Users\owner\Documents\check go 6801.wps
[2010/05/14 08:22:52 | 000,021,504 | ---- | C] () -- C:\Users\owner\Documents\LEIN.doc
[2010/01/25 10:04:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/06 13:00:28 | 000,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2009/10/20 14:21:30 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/20 14:20:10 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/19 13:48:20 | 000,000,091 | ---- | C] () -- C:\Windows\Retrieve10.INI
[2009/05/23 03:41:47 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2009/05/23 03:41:47 | 000,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/09/18 14:37:50 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx12_ic.ini
[2006/09/18 14:37:48 | 000,667,280 | ---- | C] () -- C:\Windows\SysWow64\tx12.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

========== LOP Check ==========

[2009/12/03 10:55:07 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Blitware
[2009/12/02 14:37:55 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\CBeyond
[2009/12/02 12:27:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\DeviceDoctorSoftware
[2009/10/22 10:08:57 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Template
[2010/04/22 09:01:21 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Thunderbird
[2010/07/18 13:48:10 | 000,000,366 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2010/08/05 09:16:08 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/05 10:22:59 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{72EDB5BD-F36F-4944-9B56-03D8DD94DB63}.job
[2010/07/19 08:00:05 | 000,001,716 | ---- | M] () -- C:\Windows\Tasks\wrSpySweeper_L1D65FADE97CE4F3FAF7EF07B7F757C7C.job
[2010/08/02 16:00:01 | 000,001,716 | ---- | M] () -- C:\Windows\Tasks\wrSpySweeper_LEAA001EE8FBC41BCA6C01E0167781008.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/06/28 12:05:59 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/04/09 23:43:26 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2005/09/23 02:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/02/04 13:29:43 | 000,000,842 | ---- | M] () -- C:\netfxlog.txt
[2010/08/05 09:21:17 | 044,314,622 | -HS- | M] () -- C:\pagefile.sys
[2009/05/23 03:38:13 | 000,002,531 | ---- | M] () -- C:\RHDSetup.log
[2010/06/28 11:34:48 | 000,001,724 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_28.06.2010_11.34.48_log.txt
[2009/12/28 12:06:27 | 000,000,370 | ---- | M] () -- C:\VISTA AIR SERVICES.ND
[2010/08/05 08:19:19 | 115,859,456 | R--- | M] () -- C:\VISTA AIR SERVICES.QBW
[2010/08/05 08:19:19 | 000,000,367 | ---- | M] () -- C:\VISTA AIR SERVICES.QBW.nd
[2010/08/05 08:19:19 | 000,196,608 | R--- | M] () -- C:\VISTA AIR SERVICES.QBW.TLG
[2009/10/23 15:42:19 | 000,000,357 | ---- | M] () -- C:\Vista(OLD).ND
[2010/07/23 18:28:13 | 294,957,056 | R--- | M] () -- C:\Vista(OLD).QBW
[2010/07/23 18:28:13 | 000,000,359 | ---- | M] () -- C:\Vista(OLD).QBW.nd
[2010/07/23 18:28:13 | 000,720,896 | R--- | M] () -- C:\Vista(OLD).QBW.TLG

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 10:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 10:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 10:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/11/04 09:14:29 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 13:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/09/16 19:32:50 | 000,959,776 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\abmapi.DLL
[2007/08/14 13:59:54 | 000,008,069 | ---- | M] () -- C:\Program Files (x86)\about_legal.txt
[2000/08/03 17:10:52 | 000,002,155 | ---- | M] () -- C:\Program Files (x86)\accent.tlx
[2009/09/16 19:32:50 | 001,705,248 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Accountant.DLL
[2009/09/16 19:32:50 | 000,304,416 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\AccountRegistersUI.DLL
[2009/09/16 19:32:50 | 000,857,376 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\ACE.DLL
[2006/05/30 09:32:40 | 000,503,000 | ---- | M] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files (x86)\acfpdf.dll
[2007/06/28 13:29:34 | 000,318,064 | ---- | M] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files (x86)\acfpdf.drv
[2006/04/12 11:11:42 | 000,000,109 | ---- | M] () -- C:\Program Files (x86)\acfpdf.txt
[2006/05/30 09:32:40 | 000,282,488 | ---- | M] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files (x86)\acfpdfnt.dll
[2009/01/20 17:33:30 | 000,434,339 | ---- | M] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files (x86)\acfpdfu.dll
[2009/01/20 17:33:30 | 000,541,184 | ---- | M] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files (x86)\acfpdfuamd64.dll
[2009/01/20 17:33:30 | 000,403,973 | ---- | M] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files (x86)\acfpdfui.dll
[2006/07/12 15:11:26 | 001,093,632 | ---- | M] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files (x86)\acfpdfuia64.dll
[2009/01/20 17:33:30 | 000,425,472 | ---- | M] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files (x86)\acfpdfuiamd64.dll
[2006/07/12 15:11:26 | 000,346,112 | ---- | M] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files (x86)\acfpdfuiia64.dll
[2009/09/16 19:32:52 | 000,070,944 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\ACM.DLL
[2007/06/28 14:09:26 | 001,843,200 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\acXMLParser.dll
[2009/09/16 19:32:52 | 000,349,472 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\ADR.DLL
[2009/01/20 17:33:30 | 000,003,144 | ---- | M] () -- C:\Program Files (x86)\amyuni.inf
[2009/09/16 19:32:52 | 001,123,616 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\APPCORE.DLL
[2010/08/05 08:04:35 | 000,000,057 | ---- | M] () -- C:\Program Files (x86)\asasrv.ini
[2007/09/04 16:35:08 | 000,058,632 | R--- | M] () -- C:\Program Files (x86)\askforcd.exe
[2009/01/20 17:33:30 | 000,010,739 | ---- | M] () -- C:\Program Files (x86)\atpdf300.cat
[2009/09/16 19:32:44 | 000,333,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\AutoBackupEXE.exe
[2009/09/16 19:32:52 | 000,054,560 | ---- | M] ( ) -- C:\Program Files (x86)\AxSHDocVw.dll
[2004/09/10 15:00:36 | 000,088,348 | ---- | M] () -- C:\Program Files (x86)\big5bin.ust
[2004/09/10 15:00:34 | 000,122,194 | ---- | M] () -- C:\Program Files (x86)\big5hk.uct
[2009/09/16 19:32:54 | 000,165,152 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\BizUtil.dll
[2010/08/02 12:17:33 | 000,000,091 | ---- | M] () -- C:\Program Files (x86)\bolt.gif
[2009/09/16 19:32:56 | 000,128,288 | ---- | M] (Intuit Technology Services) -- C:\Program Files (x86)\BopSdkRequestProcessor.dll
[2009/09/16 19:32:56 | 001,987,872 | ---- | M] (Intuit) -- C:\Program Files (x86)\BusinessObjectProvider.dll
[2006/06/30 06:50:38 | 000,060,623 | ---- | M] () -- C:\Program Files (x86)\bustax.scd
[2009/01/20 17:33:30 | 003,833,856 | ---- | M] (Amyuni Technologies
http://www.amyuni.com) -- C:\Program Files (x86)\cdintf.dll
[2006/09/14 10:23:10 | 000,295,606 | ---- | M] () -- C:\Program Files (x86)\Checks & More for QuickBooks.ico
[2009/09/16 19:32:56 | 000,103,712 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\cindexdb.dll
[2005/06/28 14:48:06 | 000,021,551 | ---- | M] () -- C:\Program Files (x86)\coa.dat
[2003/03/13 12:27:46 | 000,000,362 | ---- | M] () -- C:\Program Files (x86)\components.dat
[2007/09/04 15:02:22 | 004,300,552 | ---- | M] () -- C:\Program Files (x86)\convertible.exe
[2007/09/20 17:10:40 | 000,000,816 | ---- | M] () -- C:\Program Files (x86)\convert_stub.dat
[2007/10/29 15:10:58 | 000,037,888 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\convert_stub.dll
[2010/08/02 12:17:33 | 000,001,156 | ---- | M] () -- C:\Program Files (x86)\copyright.gif
[2000/08/03 17:10:52 | 000,021,491 | ---- | M] () -- C:\Program Files (x86)\correct.tlx
[2004/09/10 15:00:34 | 000,002,947 | ---- | M] () -- C:\Program Files (x86)\cp037.uct
[2004/09/10 15:00:34 | 000,003,320 | ---- | M] () -- C:\Program Files (x86)\cp1006.uct
[2004/09/10 15:00:34 | 000,003,015 | ---- | M] () -- C:\Program Files (x86)\cp1026.uct
[2004/09/10 15:00:34 | 000,002,950 | ---- | M] () -- C:\Program Files (x86)\cp1140.uct
[2004/09/10 15:00:34 | 000,002,950 | ---- | M] () -- C:\Program Files (x86)\cp1141.uct
[2004/09/10 15:00:34 | 000,002,950 | ---- | M] () -- C:\Program Files (x86)\cp1142.uct
[2004/09/10 15:00:34 | 000,002,950 | ---- | M] () -- C:\Program Files (x86)\cp1143.uct
[2004/09/10 15:00:34 | 000,002,950 | ---- | M] () -- C:\Program Files (x86)\cp1144.uct
[2004/09/10 15:00:34 | 000,002,950 | ---- | M] () -- C:\Program Files (x86)\cp1145.uct
[2004/09/10 15:00:34 | 000,002,950 | ---- | M] () -- C:\Program Files (x86)\cp1146.uct
[2004/09/10 15:00:34 | 000,002,950 | ---- | M] () -- C:\Program Files (x86)\cp1147.uct
[2004/09/10 15:00:34 | 000,002,950 | ---- | M] () -- C:\Program Files (x86)\cp1148.uct
[2004/09/10 15:00:34 | 000,002,950 | ---- | M] () -- C:\Program Files (x86)\cp1149.uct
[2004/09/10 15:00:34 | 000,003,256 | ---- | M] () -- C:\Program Files (x86)\cp1250.uct
[2004/09/10 15:00:34 | 000,003,197 | ---- | M] () -- C:\Program Files (x86)\cp1251.uct
[2004/09/10 15:00:34 | 000,003,198 | ---- | M] () -- C:\Program Files (x86)\cp1252.uct
[2004/09/10 15:00:34 | 000,003,186 | ---- | M] () -- C:\Program Files (x86)\cp1253.uct
[2004/09/10 15:00:34 | 000,003,250 | ---- | M] () -- C:\Program Files (x86)\cp1254.uct
[2004/09/10 15:00:34 | 000,003,210 | ---- | M] () -- C:\Program Files (x86)\cp1255.uct
[2004/09/10 15:00:34 | 000,003,349 | ---- | M] () -- C:\Program Files (x86)\cp1256.uct
[2004/09/10 15:00:34 | 000,003,255 | ---- | M] () -- C:\Program Files (x86)\cp1257.uct
[2004/09/10 15:00:34 | 000,003,346 | ---- | M] () -- C:\Program Files (x86)\cp1258.uct
[2004/09/10 15:00:34 | 000,002,947 | ---- | M] () -- C:\Program Files (x86)\cp273.uct
[2004/09/10 15:00:34 | 000,002,947 | ---- | M] () -- C:\Program Files (x86)\cp277.uct
[2004/09/10 15:00:34 | 000,002,947 | ---- | M] () -- C:\Program Files (x86)\cp278.uct
[2004/09/10 15:00:34 | 000,002,947 | ---- | M] () -- C:\Program Files (x86)\cp280.uct
[2004/09/10 15:00:34 | 000,002,947 | ---- | M] () -- C:\Program Files (x86)\cp284.uct
[2004/09/10 15:00:34 | 000,002,947 | ---- | M] () -- C:\Program Files (x86)\cp285.uct
[2004/09/10 15:00:34 | 000,002,947 | ---- | M] () -- C:\Program Files (x86)\cp297.uct
[2004/09/10 15:00:34 | 000,060,758 | ---- | M] () -- C:\Program Files (x86)\cp300.uct
[2004/09/10 15:00:36 | 000,002,971 | ---- | M] () -- C:\Program Files (x86)\cp424.uct
[2004/09/10 15:00:36 | 000,003,309 | ---- | M] () -- C:\Program Files (x86)\cp437.uct
[2004/09/10 15:00:36 | 000,002,947 | ---- | M] () -- C:\Program Files (x86)\cp500.uct
[2004/09/10 15:00:36 | 000,003,259 | ---- | M] () -- C:\Program Files (x86)\cp737.uct
[2004/09/10 15:00:36 | 000,003,247 | ---- | M] () -- C:\Program Files (x86)\cp775.uct
[2004/09/10 15:00:36 | 000,115,694 | ---- | M] () -- C:\Program Files (x86)\cp834.uct
[2004/09/10 15:00:36 | 000,101,030 | ---- | M] () -- C:\Program Files (x86)\cp835.uct
[2004/09/10 15:00:36 | 000,066,518 | ---- | M] () -- C:\Program Files (x86)\cp837.uct
[2004/09/10 15:00:36 | 000,003,213 | ---- | M] () -- C:\Program Files (x86)\cp850.uct
[2004/09/10 15:00:36 | 000,003,260 | ---- | M] () -- C:\Program Files (x86)\cp852.uct
[2004/09/10 15:00:36 | 000,003,142 | ---- | M] () -- C:\Program Files (x86)\cp855.uct
[2004/09/10 15:00:36 | 000,003,134 | ---- | M] () -- C:\Program Files (x86)\cp856.uct
[2004/09/10 15:00:36 | 000,003,194 | ---- | M] () -- C:\Program Files (x86)\cp857.uct
[2004/09/10 15:00:36 | 000,003,265 | ---- | M] () -- C:\Program Files (x86)\cp858.uct
[2004/09/10 15:00:36 | 000,003,287 | ---- | M] () -- C:\Program Files (x86)\cp860.uct
[2004/09/10 15:00:36 | 000,003,308 | ---- | M] () -- C:\Program Files (x86)\cp861.uct
[2004/09/10 15:00:36 | 000,003,333 | ---- | M] () -- C:\Program Files (x86)\cp862.uct
[2004/09/10 15:00:36 | 000,003,370 | ---- | M] () -- C:\Program Files (x86)\cp863.uct
[2004/09/10 15:00:36 | 000,003,407 | ---- | M] () -- C:\Program Files (x86)\cp864.uct
[2004/09/10 15:00:36 | 000,003,309 | ---- | M] () -- C:\Program Files (x86)\cp865.uct
[2004/09/10 15:00:36 | 000,003,141 | ---- | M] () -- C:\Program Files (x86)\cp866.uct
[2004/09/10 15:00:36 | 000,003,130 | ---- | M] () -- C:\Program Files (x86)\cp869.uct
[2004/09/10 15:00:36 | 000,002,947 | ---- | M] () -- C:\Program Files (x86)\cp871.uct
[2004/09/10 15:00:36 | 000,003,196 | ---- | M] () -- C:\Program Files (x86)\cp874.uct
[2004/09/10 15:00:36 | 000,002,957 | ---- | M] () -- C:\Program Files (x86)\cp874ibm.uct
[2004/09/10 15:00:36 | 000,061,586 | ---- | M] () -- C:\Program Files (x86)\cp932.uct
[2004/09/10 15:00:36 | 000,090,404 | ---- | M] () -- C:\Program Files (x86)\cp932bin.ust
[2004/09/10 15:00:36 | 000,063,278 | ---- | M] () -- C:\Program Files (x86)\cp932ms.uct
[2004/09/10 15:00:36 | 000,063,278 | ---- | M] () -- C:\Program Files (x86)\cp932ms2.uct
[2005/11/02 17:29:26 | 000,063,278 | ---- | M] () -- C:\Program Files (x86)\cp932ms3.uct
[2004/09/10 15:00:36 | 000,094,134 | ---- | M] () -- C:\Program Files (x86)\cp936.uct
[2004/09/10 15:00:36 | 000,105,996 | ---- | M] () -- C:\Program Files (x86)\cp949.uct
[2004/09/10 15:00:36 | 000,107,370 | ---- | M] () -- C:\Program Files (x86)\cp950.uct
[2004/09/10 15:00:36 | 000,002,156 | ---- | M] () -- C:\Program Files (x86)\cyrdict.ust
[2009/09/16 19:32:58 | 007,415,072 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\DatabaseManager.DLL
[2006/10/24 10:27:06 | 000,185,872 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\dbcon9.dll
[2006/10/24 10:27:06 | 000,230,928 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\dbctrs9.dll
[2006/10/24 10:27:08 | 000,484,880 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\dbdata9.dll
[2006/01/18 15:06:58 | 001,017,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\dbghelp.dll
[2006/10/24 10:27:08 | 000,665,104 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\dblgen9.dll
[2006/10/24 10:27:08 | 000,505,360 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\dblib9.dll
[2009/09/16 19:32:44 | 000,070,944 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\DBManagerExe.exe
[2006/02/23 13:50:46 | 000,005,770 | ---- | M] () -- C:\Program Files (x86)\dbmem.vxd
[2008/01/10 18:44:18 | 000,558,384 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\dbmlhttps9.dll
[2004/10/19 17:52:38 | 000,483,328 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\dbmlrsa9.dll
[2006/02/23 13:13:24 | 000,126,976 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\dbmlsock9.dll
[2006/02/23 12:36:24 | 000,204,800 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\dbmlsync.exe
[2004/01/12 17:08:12 | 000,000,328 | ---- | M] () -- C:\Program Files (x86)\dbmngr.dat
[2006/10/24 10:27:10 | 003,773,968 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\dbserv9.dll
[2008/01/17 10:10:30 | 000,935,216 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\dbtool9.dll
[2008/01/17 10:10:30 | 000,935,216 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\dbtool9a.dll
[2006/10/24 10:27:10 | 000,460,304 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\dbunic9.dll
[2008/01/20 22:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2009/09/16 19:32:58 | 000,214,304 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\DMAUDIT.DLL
[2009/09/16 19:32:58 | 000,087,328 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\DMBUDGET.DLL
[2009/09/16 19:32:58 | 000,202,016 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\DMCore.dll
[2009/09/16 19:33:00 | 000,554,272 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\DMdqe.DLL
[2009/09/16 19:33:00 | 001,213,728 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\DMEDL.dll
[2009/09/16 19:33:00 | 000,095,520 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\DMInventory.DLL
[2009/09/16 19:33:00 | 000,083,232 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\dmolb.dll
[2009/09/16 19:33:00 | 000,177,440 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\DMPAYROLL.DLL
[2009/09/16 19:33:00 | 000,065,824 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\DMPREFS.DLL
[2009/09/16 19:33:00 | 000,083,232 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\DMSYSTEM.DLL
[2009/09/16 19:33:00 | 000,087,328 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\DMTIME.DLL
[2009/09/16 19:33:02 | 003,937,568 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\dmtxn.dll
[2009/09/16 19:33:02 | 000,099,616 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\DMUI.DLL
[2009/09/16 19:33:02 | 000,144,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\DMUSERS.dll
[2004/09/10 15:00:36 | 000,075,984 | ---- | M] () -- C:\Program Files (x86)\dynix.ust
[2009/09/16 19:33:02 | 000,902,432 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\ELCORE.DLL
[2010/08/02 12:17:33 | 000,025,533 | ---- | M] () -- C:\Program Files (x86)\epay.htm
[2007/08/20 01:23:36 | 000,037,761 | ---- | M] () -- C:\Program Files (x86)\err_rep.chm
[2009/09/16 19:33:02 | 000,024,864 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\ESHELL.DLL
[2004/09/10 15:00:36 | 000,087,924 | ---- | M] () -- C:\Program Files (x86)\euccns.uct
[2004/09/10 15:00:36 | 000,058,834 | ---- | M] () -- C:\Program Files (x86)\eucgb.uct
[2004/09/10 15:00:36 | 000,087,800 | ---- | M] () -- C:\Program Files (x86)\eucjisbn.ust
[2004/09/10 15:00:36 | 000,085,426 | ---- | M] () -- C:\Program Files (x86)\eucksc.uct
[2004/09/10 15:00:36 | 000,133,376 | ---- | M] () -- C:\Program Files (x86)\euckscbn.ust
[2007/08/27 10:59:12 | 000,076,888 | ---- | M] () -- C:\Program Files (x86)\EULA.html
[2007/08/28 10:43:38 | 000,074,238 | ---- | M] () -- C:\Program Files (x86)\EULA.txt
[2003/07/09 16:33:52 | 000,000,831 | ---- | M] () -- C:\Program Files (x86)\EURD.txt
[2009/09/16 19:33:04 | 000,173,344 | ---- | M] (Intuit) -- C:\Program Files (x86)\ExcelPayrollDataSource.dll
[2009/09/16 19:33:04 | 000,095,520 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\FeatureMgr.DLL
[2009/09/16 19:33:04 | 005,358,880 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\FEATURES.DLL
[2007/11/12 21:36:06 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\feedback.chm
[2009/09/16 19:32:44 | 000,685,344 | ---- | M] () -- C:\Program Files (x86)\FileManagement.exe
[2006/07/07 16:16:50 | 000,001,603 | ---- | M] () -- C:\Program Files (x86)\FileManagement.exe.config
[2009/09/16 19:33:04 | 000,042,784 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\FileManifest.DLL
[2009/09/16 19:33:04 | 000,124,192 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\FileMovement.DLL
[2009/09/16 19:32:44 | 000,083,232 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\FileMovementExe.exe
[1999/11/16 12:57:54 | 000,133,004 | ---- | M] () -- C:\Program Files (x86)\filters.il
[2010/07/23 16:59:40 | 000,055,726 | ---- | M] () -- C:\Program Files (x86)\fsdyf.chm
[2004/09/10 15:00:36 | 000,105,106 | ---- | M] () -- C:\Program Files (x86)\gb18030.uct
[2004/09/10 15:00:36 | 000,083,356 | ---- | M] () -- C:\Program Files (x86)\gb2312bn.ust
[2004/09/10 15:00:36 | 000,075,984 | ---- | M] () -- C:\Program Files (x86)\gbpinyin.ust
[2009/09/16 19:33:04 | 000,779,552 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\GBTDataAccess.dll
[2004/05/04 11:53:40 | 001,645,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\gdiplus.dll
[2009/09/16 19:32:46 | 001,831,200 | ---- | M] (Google) -- C:\Program Files (x86)\GoogleDesktopSetup.exe
[2004/09/10 15:00:36 | 000,002,951 | ---- | M] () -- C:\Program Files (x86)\greek8.uct
[2010/08/02 12:17:33 | 000,004,500 | ---- | M] () -- C:\Program Files (x86)\header_ef_all.gif
[2010/08/02 12:17:33 | 000,004,488 | ---- | M] () -- C:\Program Files (x86)\header_payroll_all.gif
[2010/08/02 12:17:33 | 000,003,684 | ---- | M] () -- C:\Program Files (x86)\header_share_update.gif
[2010/08/02 12:17:33 | 000,004,412 | ---- | M] () -- C:\Program Files (x86)\header_share_update_all.gif
[2010/08/02 12:17:33 | 000,004,523 | ---- | M] () -- C:\Program Files (x86)\header_tf_all.gif
[2010/08/02 12:17:33 | 000,004,464 | ---- | M] () -- C:\Program Files (x86)\header_tt_all.gif
[2010/08/02 12:17:33 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\header_tt_changes.gif
[2010/08/02 12:17:33 | 000,003,770 | ---- | M] () -- C:\Program Files (x86)\header_update_news.gif
[2009/09/16 19:33:04 | 000,070,944 | ---- | M] (TODO: <Company name>) -- C:\Program Files (x86)\HelpAsyncPluggableProtocol.dll
[2009/09/16 19:33:06 | 000,042,272 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\HelpDataAccess.dll
[2009/09/16 19:33:06 | 000,046,368 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\HelpFileSystem.dll
[2009/09/16 19:33:06 | 000,024,352 | ---- | M] (TODO: <Company name>) -- C:\Program Files (x86)\HelpInterfaces.dll
[2009/09/16 19:33:06 | 000,025,888 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\HelpSearch.dll
[2009/09/16 19:33:06 | 000,025,888 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\HelpSystem.dll
[2009/09/16 19:33:06 | 000,029,984 | ---- | M] () -- C:\Program Files (x86)\HelpUtilities.dll
[2009/09/16 19:33:06 | 000,169,248 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\HelpViewer.dll
[1999/11/11 13:14:46 | 000,000,079 | ---- | M] () -- C:\Program Files (x86)\help_close.gif
[2006/10/24 11:30:16 | 000,004,006 | ---- | M] () -- C:\Program Files (x86)\HowToRestoreExternalFiles.txt
[2009/09/16 19:33:06 | 000,066,848 | ---- | M] () -- C:\Program Files (x86)\htmlhelper.dll
[2006/10/24 10:27:12 | 000,140,816 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\iAnywhere.Data.AsaClient.dll
[2009/09/16 19:33:06 | 000,181,536 | ---- | M] (ICSharpCode.net) -- C:\Program Files (x86)\ICSharpCode.SharpZipLib.dll
[2009/09/16 19:33:08 | 000,161,056 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\ICWrapper.dll
[1999/11/16 12:57:54 | 000,232,960 | ---- | M] (Puma Technology, Inc.) -- C:\Program Files (x86)\ilchoose.dll
[2002/07/25 14:49:24 | 000,000,526 | ---- | M] () -- C:\Program Files (x86)\iloptcfg.cfg
[1999/11/16 12:57:54 | 002,259,968 | ---- | M] () -- C:\Program Files (x86)\ilsdk.fil
[1999/11/16 12:57:54 | 001,276,928 | ---- | M] (Puma Technology, Inc.) -- C:\Program Files (x86)\ilsync.dll
[1999/11/16 12:57:54 | 000,627,200 | ---- | M] (Puma Technology, Inc.) -- C:\Program Files (x86)\iltif32.dll
[1999/11/16 12:57:54 | 000,339,968 | ---- | M] (Puma Technology, Inc.) -- C:\Program Files (x86)\ilx32.dll
[2000/03/21 15:12:36 | 000,415,744 | ---- | M] (Puma Technology, Inc.) -- C:\Program Files (x86)\ilxact3.fil
[2000/03/21 15:12:36 | 000,010,752 | ---- | M] (Puma Technology, Inc.) -- C:\Program Files (x86)\Ilxact3res.dll
[1999/11/16 12:57:54 | 001,955,328 | ---- | M] (Puma Technology, Inc.) -- C:\Program Files (x86)\ilxolk.fil
[1999/11/16 12:57:54 | 000,188,416 | ---- | M] (Puma Technology, Inc.) -- C:\Program Files (x86)\ilxolk_aux.dll
[2000/11/01 15:04:38 | 000,000,586 | ---- | M] () -- C:\Program Files (x86)\InboxMsg.ximt
[2009/01/20 17:33:30 | 000,221,184 | ---- | M] () -- C:\Program Files (x86)\Install.exe
[2010/07/23 16:05:31 | 000,001,463 | ---- | M] () -- C:\Program Files (x86)\install.log
[2009/09/16 19:33:08 | 000,021,280 | ---- | M] ( ) -- C:\Program Files (x86)\Interop.GoogleDesktopAPILib.dll
[2009/09/16 19:33:08 | 000,011,552 | ---- | M] ( ) -- C:\Program Files (x86)\Interop.HelpInterfaces.dll
[2009/09/16 19:33:08 | 000,015,648 | ---- | M] ( ) -- C:\Program Files (x86)\Interop.QBXMLRP2Lib.dll
[2005/04/07 16:05:14 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\IntuitSOPackingSlip.DES
[2005/07/05 13:58:14 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\IntuitSOPickList.DES
[2009/09/16 19:33:08 | 000,025,888 | ---- | M] () -- C:\Program Files (x86)\Intuit_FMM.dll
[2007/11/12 20:34:24 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\intuprod.des
[2007/11/12 20:34:24 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\intuprof.des
[2007/11/12 20:34:24 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\intuserv.des
[2007/11/12 20:34:24 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\intustmt.des
[2006/11/02 11:58:20 | 000,047,120 | ---- | M] (Intuit) -- C:\Program Files (x86)\iprof32.dll
[2004/09/10 15:00:36 | 000,003,078 | ---- | M] () -- C:\Program Files (x86)\iso10.uct
[2004/09/10 15:00:36 | 000,003,081 | ---- | M] () -- C:\Program Files (x86)\iso13.uct
[2004/09/10 15:00:36 | 000,003,304 | ---- | M] () -- C:\Program Files (x86)\iso14.uct
[2004/09/10 15:00:36 | 000,002,997 | ---- | M] () -- C:\Program Files (x86)\iso15.uct
[2004/09/10 15:00:36 | 000,003,097 | ---- | M] () -- C:\Program Files (x86)\iso88592.uct
[2004/09/10 15:00:36 | 000,003,067 | ---- | M] () -- C:\Program Files (x86)\iso88593.uct
[2004/09/10 15:00:36 | 000,003,096 | ---- | M] () -- C:\Program Files (x86)\iso88594.uct
[2004/09/10 15:00:36 | 000,002,965 | ---- | M] () -- C:\Program Files (x86)\iso88595.uct
[2004/09/10 15:00:36 | 000,002,912 | ---- | M] () -- C:\Program Files (x86)\iso88596.uct
[2004/09/10 15:00:36 | 000,002,963 | ---- | M] () -- C:\Program Files (x86)\iso88597.uct
[2004/09/10 15:00:36 | 000,002,978 | ---- | M] () -- C:\Program Files (x86)\iso88598.uct
[2004/09/10 15:00:36 | 000,003,015 | ---- | M] () -- C:\Program Files (x86)\iso88599.uct
[1999/12/29 15:48:38 | 000,002,097 | ---- | M] () -- C:\Program Files (x86)\ivpay.iif
[2004/09/10 15:00:36 | 000,003,268 | ---- | M] () -- C:\Program Files (x86)\koi8.uct
[2007/11/12 20:34:24 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\Layaway Sales Order.DES
[2006/10/24 10:27:12 | 000,087,568 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\libsybbr.dll
[1999/10/18 12:14:12 | 000,106,678 | ---- | M] () -- C:\Program Files (x86)\logo.bmp
[2009/09/16 19:33:08 | 000,091,424 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\lwtracking.dll
[2004/09/10 15:00:36 | 000,003,247 | ---- | M] () -- C:\Program Files (x86)\mac.uct
[2004/09/10 15:00:36 | 000,003,100 | ---- | M] () -- C:\Program Files (x86)\macgrk2.uct
[2004/09/10 15:00:36 | 000,002,998 | ---- | M] () -- C:\Program Files (x86)\macthai.uct
[2004/09/10 15:00:36 | 000,003,356 | ---- | M] () -- C:\Program Files (x86)\macturk.uct
[2004/09/10 15:00:36 | 000,003,178 | ---- | M] () -- C:\Program Files (x86)\mac_cyr.uct
[2004/09/10 15:00:36 | 000,003,227 | ---- | M] () -- C:\Program Files (x86)\mac_ee.uct
[2004/09/10 15:00:36 | 000,003,351 | ---- | M] () -- C:\Program Files (x86)\mac_euro.uct
[2004/09/10 15:00:36 | 000,003,052 | ---- | M] () -- C:\Program Files (x86)\mac_grk.uct
[2009/09/16 19:33:08 | 000,116,000 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\MasRecon.dll
[2009/09/16 19:33:08 | 000,054,560 | ---- | M] () -- C:\Program Files (x86)\mbpopup.dll
[2009/09/16 19:33:08 | 000,132,384 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\MerchantCard.dll
[2009/09/16 19:33:10 | 008,013,088 | ---- | M] ( ) -- C:\Program Files (x86)\Microsoft.mshtml.dll
[2009/09/16 19:33:10 | 000,492,832 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\MigrationEngine.DLL
[2009/09/16 19:33:10 | 000,230,688 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\msgDBAddIn.dll
[2009/09/16 19:33:10 | 000,024,352 | ---- | M] ( ) -- C:\Program Files (x86)\MsHtmHstInterop.dll
[2009/09/16 19:33:12 | 008,086,816 | ---- | M] ( ) -- C:\Program Files (x86)\MSHTML.dll
[2009/09/16 19:33:12 | 000,202,016 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\NAAuthTool.dll
[2009/09/16 19:33:12 | 000,218,400 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\NetworkAdapterManager.dll
[2010/07/23 16:19:01 | 001,468,604 | ---- | M] () -- C:\Program Files (x86)\NozHelp.chm
[2007/07/10 20:26:28 | 000,002,054 | ---- | M] () -- C:\Program Files (x86)\NUCOA1040.iif
[2007/07/11 16:49:36 | 000,001,992 | ---- | M] () -- C:\Program Files (x86)\NUCOA1065.iif
[2007/07/11 16:49:36 | 000,001,932 | ---- | M] () -- C:\Program Files (x86)\NUCOA1120.iif
[2007/07/11 16:49:36 | 000,001,845 | ---- | M] () -- C:\Program Files (x86)\NUCOA1120s.iif
[2007/07/11 16:49:36 | 000,001,768 | ---- | M] () -- C:\Program Files (x86)\NUCOA_US.iif
[2004/02/25 16:25:34 | 000,004,145 | ---- | M] () -- C:\Program Files (x86)\nuitems.iif
[2007/07/11 16:49:34 | 000,001,886 | ---- | M] () -- C:\Program Files (x86)\NUUCOA.IIF
[2006/11/02 11:58:20 | 002,876,944 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\oesdkrf.dll
[2002/03/20 13:04:30 | 000,058,368 | ---- | M] () -- C:\Program Files (x86)\ofxroots.crt
[2009/09/16 18:46:04 | 000,143,360 | ---- | M] (Connected Corporation) -- C:\Program Files (x86)\OLBService.dll
[2009/09/16 19:33:12 | 000,095,520 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\OPAQUEBUFFER.DLL
[2007/11/12 20:34:24 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\PackingSlip.DES
[2002/02/27 18:50:00 | 000,197,120 | ---- | M] () -- C:\Program Files (x86)\patchw32.dll
[2009/09/16 19:33:14 | 001,656,096 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\paycore.DLL
[2009/09/16 19:33:14 | 004,785,440 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\PAYRES.DLL
[2010/08/02 12:17:33 | 000,080,854 | ---- | M] () -- C:\Program Files (x86)\payrollforms.htm
[2010/08/02 12:17:33 | 000,015,252 | ---- | M] () -- C:\Program Files (x86)\payrollupdate.htm
[2006/09/14 10:23:12 | 000,295,606 | ---- | M] () -- C:\Program Files (x86)\payroll_employee.ico
[2009/09/16 19:33:14 | 001,721,632 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\PAYSERV.DLL
[2009/09/16 19:33:14 | 000,840,992 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\PAYUTIL.DLL
[2009/09/16 19:33:14 | 000,505,120 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\payxsgen.DLL
[2009/09/16 19:33:14 | 000,136,480 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\PM.DLL
[2009/09/16 19:33:16 | 002,372,896 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\PortFile.DLL
[2010/08/02 12:17:33 | 000,122,880 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\pr2frm32.usa
[2009/09/16 19:33:16 | 001,496,352 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\PREFS.DLL
[2010/07/23 17:14:22 | 004,785,416 | ---- | M] () -- C:\Program Files (x86)\PrintEng.dll
[2009/09/16 19:33:16 | 000,075,040 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\PRLoader.dll
[2009/09/16 19:33:16 | 000,066,848 | ---- | M] (TODO: <Company name>) -- C:\Program Files (x86)\PRNotificationLoader.dll
[2006/09/14 10:23:12 | 000,295,606 | ---- | M] () -- C:\Program Files (x86)\Process Credit Cards in QuickBooks.ico
[1999/03/12 21:30:30 | 000,000,166 | ---- | M] () -- C:\Program Files (x86)\pubkey
[2009/09/16 19:33:16 | 000,247,072 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\QBA32_V2.DLL
[2009/09/16 19:33:16 | 000,173,344 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\QBATTR32.DLL
[2009/09/16 19:33:16 | 000,611,616 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\qbbrow32.DLL
[2000/01/19 16:39:14 | 000,007,017 | ---- | M] () -- C:\Program Files (x86)\qbcact.sys
[2009/09/16 19:33:18 | 001,320,224 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\QBCHAO32.DLL
[2009/09/16 19:33:18 | 000,148,768 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\qbci32.dll
[2009/09/16 19:33:18 | 000,726,304 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\QBCONV32.DLL
[2004/05/10 10:39:42 | 000,001,197 | ---- | M] () -- C:\Program Files (x86)\qbcpgs.sys
[2002/09/27 13:30:22 | 000,005,500 | ---- | M] () -- C:\Program Files (x86)\qbcqst.sys
[2006/09/13 10:32:04 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\QBDBMgr.exe
[2006/09/13 10:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\QBDBMgrN.exe
[2009/09/16 19:33:18 | 000,009,504 | ---- | M] () -- C:\Program Files (x86)\QBDIE.dll
[2009/09/16 19:33:18 | 000,009,504 | ---- | M] () -- C:\Program Files (x86)\QBDIEIIFFileIO.dll
[2009/09/16 19:33:18 | 000,009,504 | ---- | M] (Intuit) -- C:\Program Files (x86)\QBDIEInterfaces.dll
[2009/09/16 19:33:18 | 000,009,504 | ---- | M] () -- C:\Program Files (x86)\QBDIESDKProxy.dll
[2009/09/16 19:33:18 | 000,009,504 | ---- | M] () -- C:\Program Files (x86)\QBDIEUtil.dll
[2009/09/16 19:33:18 | 002,286,880 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\qbdomain.DLL
[2001/03/28 14:13:54 | 000,001,646 | ---- | M] () -- C:\Program Files (x86)\qbdtsrc.sys
[2009/09/16 19:32:46 | 001,021,216 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\QBEGTool.exe
[2009/09/16 19:33:20 | 001,537,312 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\qbform32.DLL
[2010/07/23 17:14:22 | 000,055,144 | ---- | M] () -- C:\Program Files (x86)\QBFormHelp.chm
[2009/09/16 19:32:48 | 002,512,160 | ---- | M] (Intuit) -- C:\Program Files (x86)\QBGDSPlugin.exe
[2006/12/28 16:33:30 | 000,000,199 | ---- | M] () -- C:\Program Files (x86)\QBGDSPlugin.exe.config
[2009/09/16 19:32:48 | 000,062,752 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\QBHelp.exe
[2007/06/15 18:01:04 | 000,000,449 | ---- | M] () -- C:\Program Files (x86)\QBHelp.exe.config
[2009/09/16 19:32:48 | 000,009,504 | ---- | M] (Intuit) -- C:\Program Files (x86)\QBImport.exe
[2009/09/16 19:33:20 | 000,103,712 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\QBInbox.dll
[2009/09/16 19:33:20 | 000,582,944 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\QBINSTAL.DLL
[2009/09/16 19:33:20 | 000,865,568 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\QBINTR32.DLL
[2009/09/16 19:33:20 | 000,173,344 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\QBITools.dll
[2009/09/16 19:33:22 | 003,286,304 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\qblist32.DLL
[2010/07/23 16:02:46 | 000,009,432 | ---- | M] () -- C:\Program Files (x86)\qbm3t2.dat
[2006/08/18 09:59:54 | 000,006,872 | ---- | M] () -- C:\Program Files (x86)\QBMAnifest.xml
[2009/09/16 19:33:22 | 000,018,208 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\QBMFCT32.DLL
[2005/12/12 21:58:00 | 000,136,720 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\QBMRUConfig.exe
[2009/09/16 19:33:22 | 000,775,456 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\qbmsintg.DLL
[2009/09/16 19:33:22 | 001,611,040 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\QBOESD32.DLL
[2009/09/16 19:33:24 | 002,811,168 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\QBONLI32.DLL
[2009/09/16 19:33:24 | 000,361,760 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\qbot.dll
[2007/11/12 21:36:06 | 000,082,653 | ---- | M] () -- C:\Program Files (x86)\qbplan.chm
[2009/09/16 19:33:24 | 000,337,184 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\QBPrefs.dll
[2009/09/16 19:33:24 | 000,337,184 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\QBQWUT32.dll
[2009/09/16 19:33:24 | 000,320,800 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\QBSDKNotify.DLL
[2009/09/16 19:33:26 | 000,595,232 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\QBSendError20.dll
[2009/09/16 19:33:26 | 000,992,544 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\QBSTYL32.DLL
[2009/09/16 19:33:26 | 001,398,048 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\qbtool32.DLL
[2009/09/16 19:33:26 | 001,844,512 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\qbtxn32.DLL
[2009/09/16 19:33:26 | 000,562,464 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\qbutilities.DLL
[2009/09/16 19:32:48 | 001,135,904 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\QBW32.EXE
[2007/11/12 21:25:02 | 000,001,630 | ---- | M] () -- C:\Program Files (x86)\qbw32.exe.config
[2009/09/16 19:33:50 | 000,693,536 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\QBW32PremierContractor.exe
[2009/09/16 19:33:28 | 007,312,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\qbwfls32.dll
[2009/09/16 19:33:28 | 005,215,520 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\QBWIN32.DLL
[2009/09/16 19:33:28 | 004,703,520 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\QBWMain.DLL
[2006/01/19 22:50:16 | 000,160,256 | ---- | M] () -- C:\Program Files (x86)\qbword.dot
[2009/09/16 19:33:28 | 000,443,680 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\qbwpr32.DLL
[2006/11/02 11:58:20 | 000,198,160 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\qbwpsrun.dll
[2009/09/16 19:33:30 | 002,901,280 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\QBWRPT32.DLL
[2009/09/16 19:33:30 | 000,709,920 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\QBXLAdin.dll
[2009/09/16 19:33:30 | 000,378,144 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\QBXMLRP.dll
[1999/12/06 14:11:20 | 000,021,830 | ---- | M] () -- C:\Program Files (x86)\qb_ps_logo.gif
[2007/10/29 09:41:16 | 000,528,384 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\qdb.dll
[2010/08/02 12:17:34 | 000,145,790 | ---- | M] () -- C:\Program Files (x86)\qpstbl2.usa
[2007/07/10 17:26:02 | 000,295,606 | ---- | M] () -- C:\Program Files (x86)\QuickBooks Technical Support.ico
[2009/09/16 16:37:32 | 000,027,914 | ---- | M] () -- C:\Program Files (x86)\quickbooks.qbot
[2007/09/20 17:11:20 | 003,605,792 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\qwutil.dll
[2009/09/16 19:33:32 | 000,103,712 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\RcnFndRequestHandler.dll
[2009/09/16 19:33:32 | 000,140,576 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\RcvPmtRequestHandler.dll
[2006/10/10 11:27:06 | 000,004,781 | ---- | M] () -- C:\Program Files (x86)\readme.txt
[2010/07/23 16:05:30 | 000,010,589 | ---- | M] () -- C:\Program Files (x86)\reboot.bat
[2004/08/31 13:50:06 | 000,012,816 | ---- | M] () -- C:\Program Files (x86)\regqb.dat
[2007/06/28 13:17:48 | 000,002,164 | ---- | M] () -- C:\Program Files (x86)\reg_legal.html
[2007/11/12 20:34:26 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Retail Estimate.DES
[2007/11/12 20:34:26 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Retail Sales Order.DES
[2007/11/12 20:34:26 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Return Receipt.DES
[2009/09/16 19:33:32 | 000,218,400 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\ReverseMigrator.DLL
[2004/09/10 15:00:36 | 000,003,173 | ---- | M] () -- C:\Program Files (x86)\roman8.uct
[2004/09/10 15:00:36 | 000,003,181 | ---- | M] () -- C:\Program Files (x86)\roman9.uct
[2004/09/10 15:00:36 | 000,002,156 | ---- | M] () -- C:\Program Files (x86)\rusdict.ust
[2006/09/18 14:37:48 | 000,143,006 | ---- | M] () -- C:\Program Files (x86)\SAMPLE_PRODUCT-BASED BUSINESS.BPW
[2004/11/09 18:49:28 | 000,069,006 | ---- | M] () -- C:\Program Files (x86)\sample_product-based business.lmr
[2006/09/18 14:37:48 | 000,137,265 | ---- | M] () -- C:\Program Files (x86)\SAMPLE_SERVICE-BASED BUSINESS.BPW
[2004/11/09 18:49:36 | 000,069,006 | ---- | M] () -- C:\Program Files (x86)\sample_service-based business.lmr
[2009/09/16 19:33:32 | 000,165,152 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\sdkcore.dll
[2009/09/16 19:33:32 | 004,859,168 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\sdkdatabind.DLL
[2009/09/16 19:33:32 | 000,039,712 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\sdkevent.dll
[2009/09/16 19:33:34 | 005,342,496 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\sdkqbimpl.dll
[2009/09/16 19:33:34 | 000,464,160 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\sdkutil.dll
[2009/09/16 19:33:34 | 000,288,032 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\SendForms.dll
[2010/08/02 12:17:34 | 000,008,378 | ---- | M] () -- C:\Program Files (x86)\shareupdate.htm
[2009/09/16 19:33:34 | 000,136,480 | ---- | M] ( ) -- C:\Program Files (x86)\SHDocVw.dll
[2009/09/16 19:33:34 | 000,116,000 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\ShoeBox.dll
[2004/09/10 15:00:36 | 000,060,230 | ---- | M] () -- C:\Program Files (x86)\sjis.uct
[2004/09/10 15:00:36 | 000,087,800 | ---- | M] () -- C:\Program Files (x86)\sjisbin.ust
[2009/09/16 19:33:36 | 000,365,856 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\skucore.dll
[2009/09/16 18:46:04 | 000,155,648 | ---- | M] (Wintertree Software Inc.) -- C:\Program Files (x86)\SSCE5232.dll
[2000/08/03 17:10:52 | 000,007,691 | ---- | M] () -- C:\Program Files (x86)\ssceam.tlx
[2000/08/03 17:10:52 | 000,320,892 | ---- | M] () -- C:\Program Files (x86)\ssceam2.clx
[2009/09/16 19:33:36 | 000,066,848 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\StatusRequestHandler.dll
[2007/11/12 21:41:28 | 000,677,152 | ---- | M] (STLport Consulting, Inc.) -- C:\Program Files (x86)\stlport_r50.dll
[2009/09/16 18:46:04 | 000,552,960 | ---- | M] (STLport Consulting, Inc.) -- C:\Program Files (x86)\stlport_vc746.dll
[2009/09/16 19:33:36 | 000,496,928 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\StopQBServer.dll
[1999/11/16 12:57:54 | 000,224,768 | ---- | M] (Puma Technology, Inc.) -- C:\Program Files (x86)\support.exe
[2002/07/25 14:50:58 | 000,083,874 | ---- | M] () -- C:\Program Files (x86)\Tables.itb
[2009/09/16 19:33:36 | 000,079,136 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\TaxAlertsECL.dll
[2009/09/16 19:32:48 | 000,611,616 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\TechHelp.exe
[2009/09/16 19:33:36 | 002,041,120 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\TEJ32.DLL
[2009/09/16 19:33:38 | 000,128,288 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\TerminalDownloadTool.dll
[1999/11/16 12:57:54 | 000,161,280 | ---- | M] (Puma Technology) -- C:\Program Files (x86)\TIFSdk.dll
[2009/09/16 19:32:50 | 000,095,520 | ---- | M] (Intuit) -- C:\Program Files (x86)\TimeTrackingDenali.ocx
[2004/09/10 15:00:36 | 000,002,904 | ---- | M] () -- C:\Program Files (x86)\tis620.uct
[2009/09/16 19:33:38 | 000,271,648 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\TIUpload.dll
[2009/09/16 19:33:38 | 000,591,136 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\TRACKING.DLL
[2009/09/16 19:33:38 | 000,025,888 | ---- | M] () -- C:\Program Files (x86)\TSAF.dll
[2010/08/02 12:17:34 | 000,079,254 | ---- | M] () -- C:\Program Files (x86)\ttchange.htm
[2004/09/10 15:00:36 | 000,003,216 | ---- | M] () -- C:\Program Files (x86)\turdict.ust
[2004/09/10 15:00:36 | 000,003,236 | ---- | M] () -- C:\Program Files (x86)\turkish8.uct
[2007/11/12 21:22:20 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\tx2for32.USA
[2009/09/16 19:33:38 | 002,250,016 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\txncore.DLL
[2009/09/16 19:33:38 | 002,311,456 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\TXNFORM.DLL
[2006/09/11 15:28:12 | 000,022,380 | ---- | M] () -- C:\Program Files (x86)\UCOA.IIF
[2010/07/23 16:05:43 | 000,000,352 | ---- | M] () -- C:\Program Files (x86)\ud.dat
[2009/09/16 19:33:38 | 001,799,456 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\ui.DLL
[2009/09/16 19:33:40 | 000,022,816 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\UM.DLL
[2009/09/16 19:33:40 | 000,488,736 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\UpdateHelper.dll
[2009/09/16 19:33:40 | 000,963,872 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\UpgradeEngine.DLL
[2010/07/23 16:19:01 | 000,015,476 | ---- | M] () -- C:\Program Files (x86)\UPSDynHelp.chm
[2010/07/23 16:05:43 | 000,000,059 | ---- | M] () -- C:\Program Files (x86)\util_db.ini
[2007/09/04 14:57:58 | 000,099,592 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\XENGINE.DLL
[2009/09/16 19:26:54 | 001,974,272 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\xerces-c_2_4_0MT.dll
[2009/09/16 18:46:08 | 001,916,928 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\xerces-c_2_5_0_qb.dll
[2010/07/23 17:14:22 | 002,312,648 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\xerces-c_2_8.dll
[2006/11/02 11:58:20 | 000,038,416 | ---- | M] () -- C:\Program Files (x86)\xmlparse.dll
[1999/11/16 12:57:54 | 000,079,360 | ---- | M] () -- C:\Program Files (x86)\zlib32.dll

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >


OTL Extras logfile created on: 8/5/2010 9:51:36 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 73.00% Memory free
16.00 Gb Paging File | 13.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.86 Gb Total Space | 726.35 Gb Free Space | 79.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.js [@ = jsfile] -- Reg Error: Key error. File not found
.vbs [@ = vbsfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 26 B7 E6 C7 5C 5D CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C47883-DFEE-42BB-97A8-A7170E39F890}" = lport=138 | protocol=17 | dir=in | app=system |
"{0652DAA6-A8DE-4B03-A3B7-C592378C78EC}" = rport=137 | protocol=17 | dir=out | app=system |
"{24A8EA77-B510-4716-811F-3D215DC34AF0}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{277E32E5-96CA-4D98-A991-4A1BBE19311A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{380EEA67-0F33-48B2-9683-9773A6920177}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3A8629BF-79AC-4CF2-B5B1-3A66D73F6F1B}" = rport=139 | protocol=6 | dir=out | app=system |
"{3B3DB626-979D-470F-8721-169BD30397E8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7350DE52-D954-4FBE-A0BD-C8254B7C3814}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7372230E-C5FC-49E7-A730-786E090BA599}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7F4E6F41-3D22-4659-BB8C-812AB4004885}" = lport=137 | protocol=17 | dir=in | app=system |
"{819E50D4-7349-4EE5-BFEB-2AF221BE8B9F}" = rport=445 | protocol=6 | dir=out | app=system |
"{96C18B81-C37C-405A-8923-ED17D28054CD}" = lport=445 | protocol=6 | dir=in | app=system |
"{96CF2B17-BFB6-4546-A572-B2AC3642AEAD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{98FB7975-9DE8-4AB1-AF62-87341AF39E0C}" = rport=138 | protocol=17 | dir=out | app=system |
"{999F44BC-E75B-49AE-8B72-2F7D6AC84F68}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A257F3A5-7ADA-40F3-8E4C-F6894A543CAA}" = lport=139 | protocol=6 | dir=in | app=system |
"{AEAC61AC-C1FB-4DA2-81F3-6CB119AF3EBF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B03AF472-5056-4B6E-B78E-D218BB5E422B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B24C6595-5DF9-422B-BD93-E968AD1CC7FD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B4799B3D-CECE-43F9-9BF0-24F4AE1B7C8B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CB94DEC9-ACC2-4FD8-85B5-7C348F15D503}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8525FD3-1BC6-4E3B-8C60-C37063115450}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{D8A49741-52CB-48F5-B1A7-7E7DC4692756}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E37B7A66-88B5-42FA-A0D3-FA930A8B62FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E56559E0-029E-4A68-A48C-50B6E1486A4F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F3567979-BDB0-45B8-AF22-0A70754FB57E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FAB28BA7-68BA-4FD9-B512-84CF1D448C18}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E8D354F-259B-43E6-B673-E0B4F6EF800F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{14142D20-C60F-4FD8-8573-93DC2CBA1693}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1AABCED8-08A4-4E26-A436-C6148F4599E6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\intuit\quickbooks\qbserverutilitymgr.exe |
"{31869B61-9A32-4BFB-BAD7-1D7B85D5CAA7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{36D11DBF-3AAF-470B-8273-4C2F914E3272}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{398EA0BF-32FB-4828-8FB4-4BA85D520D72}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3D9C4593-8CF1-48E0-B908-F480AFCA271A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3F36EE14-14E2-4F8B-A702-045A00242A07}" = protocol=6 | dir=in | app=c:\program files (x86)\intuit\quickbooks 2008\qbw32premiercontractor.exe |
"{5917F5D1-6DBB-4959-99B0-604838ACE316}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{59BB9AB5-7380-4B38-9E93-AD0C4A69BDD4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft money 2007\mnycorefiles\msmoney.exe |
"{5D2CEDB3-4EF8-45B3-92B9-C6C38961FA81}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\intuit\quickbooks\qbserverutilitymgr.exe |
"{5F9DD504-B6EE-43AF-97FE-E8186774945F}" = protocol=1 | dir=in | [email protected],-28543 |
"{6AE4A1D9-4178-4A90-9F21-0F5C391A9416}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7A18AD9D-278E-416E-A02D-E4E91F8FB8E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8BE8DC1B-6BB4-48C9-99EC-8AB90F520F67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8D397752-319E-46C1-80C2-BCFC9D98EDAB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E59C9E1-3320-4D83-BC72-538A48A98568}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AF74A463-B451-4AA6-BAA2-A2E738584D84}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B6C2B155-48F5-4734-BB81-9A8A34F44355}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BA4B1DAB-8324-45B7-B165-472D81E47EF1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CAED11C6-8E40-4297-AB02-0C41B4E45870}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CE36543F-6924-473A-93E3-33B80D15028D}" = protocol=1 | dir=out | [email protected],-28544 |
"{CF992AF6-48FC-4F1E-99B0-DB527B87628F}" = protocol=58 | dir=in | [email protected],-28545 |
"{D374D6EE-271E-4C8C-BCC5-65E3252B8C4C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E30E362B-3A41-49F9-817B-9A14CC480C6E}" = protocol=6 | dir=out | app=system |
"{E6001F06-88F1-4E0F-8BF9-4F20AF3D06E8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E8C8A464-EE04-4D98-9EE7-DC8732F440FF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EAAD5EDC-EF63-496C-B3AF-341E67084B18}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F077A0C2-AA5D-47AA-9102-A1262B35F46A}" = protocol=58 | dir=out | [email protected],-28546 |
"{F3FB2A4A-9F28-4C12-AB11-03180FED62F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FC7CF4B3-7FFF-443C-AAF9-A262810DC4F0}" = protocol=17 | dir=in | app=c:\program files (x86)\intuit\quickbooks 2008\qbw32premiercontractor.exe |
"{FDE99F0D-9E9A-4C6B-B73A-BC67680CB0EF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft money 2007\mnycorefiles\msmoney.exe |
"TCP Query User{77B2B738-A582-4CBF-A809-204D234F802A}C:\users\owner\appdata\local\microsoft\windows\temporary internet files\content.ie5\t497uylv\ntrsupport_40619[1].exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\microsoft\windows\temporary internet files\content.ie5\t497uylv\ntrsupport_40619[1].exe |
"TCP Query User{C8AE2FA1-0382-4338-9990-BA28D76DD29A}C:\users\owner\appdata\local\microsoft\windows\temporary internet files\content.ie5\i2lhz0dy\ntrsupport_73833[1].exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\microsoft\windows\temporary internet files\content.ie5\i2lhz0dy\ntrsupport_73833[1].exe |
"UDP Query User{9D10581C-2B9A-43A0-8C9D-D2F404F35FE9}C:\users\owner\appdata\local\microsoft\windows\temporary internet files\content.ie5\i2lhz0dy\ntrsupport_73833[1].exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\microsoft\windows\temporary internet files\content.ie5\i2lhz0dy\ntrsupport_73833[1].exe |
"UDP Query User{B57A154A-7007-4F4C-A9AD-A0C30B80D2E7}C:\users\owner\appdata\local\microsoft\windows\temporary internet files\content.ie5\t497uylv\ntrsupport_40619[1].exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\microsoft\windows\temporary internet files\content.ie5\t497uylv\ntrsupport_40619[1].exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{5348C5B4-0F91-1402-8AFF-DFB04C569F5A}" = ATI Catalyst Install Manager
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AE425C00-EA1B-3C16-F028-879E6B0A846A}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"DAA594B1DF7489B1A713B5F1D23C4042AA7C83F9" = Windows Driver Package - YUAN TV DRIVER (cxpl_mhd) Media (03/21/2009 6.0.64.0057)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0B81DD2B-189B-AC27-E725-BC0271C4235B}" = Catalyst Control Center Localization Dutch
"{0D99759D-F333-8AB0-9B7D-15FF4A01B3BF}" = CCC Help French
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14D5A42E-B9E4-5B0C-048F-3C16EE536456}" = CCC Help Spanish
"{1570A2D5-774D-F07D-69EC-83D57FC2BDA2}" = Catalyst Control Center Graphics Full New
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{181441CE-8956-5AD7-D65F-ACBBD1DDA893}" = Skins
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Webroot AntiVirus with Spy Sweeper
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230C0214-8C99-5C22-5C7D-727A5D06627C}" = CCC Help Norwegian
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 20
"{2AEF404A-E403-36EE-7843-93E33D1A59D4}" = Catalyst Control Center Localization Spanish
"{2D3B6E72-D3DC-E2D5-26C0-C453D40BEAC2}" = Catalyst Control Center Core Implementation
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3594EE90-B157-4519-9E82-8B6F4711A0A1}" = Catalyst Control Center - Branding
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3985EDB0-24D3-99CF-3242-D0755293BFED}" = CCC Help Italian
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4475560E-9418-4908-A158-472D873AE139}" = LogMeIn
"{4830878F-2F95-0FAA-694A-C526B7E447AC}" = Catalyst Control Center Localization French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E084818-0BD8-1806-3E16-66ED614F8D1E}" = Catalyst Control Center Graphics Previews Vista
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{69E92D34-1808-1B60-3000-91613D73D9B8}" = Catalyst Control Center Localization Danish
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7E47F435-35B6-2548-9554-7A6908876E7F}" = Catalyst Control Center Localization Italian
"{7EB8B1C1-2642-EE0A-C9FF-0AD8837D6003}" = Catalyst Control Center Localization Japanese
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81351B28-DF79-4BD5-9C9F-12534ACFC4AF}" = Catalyst Control Center Localization Finnish
"{814DC532-769B-4084-BAAD-E300E8DA1E75}" = Secure Backup and Fileshare
"{83A6DBE0-8DFE-CA43-442E-7EAF2878A59A}" = CCC Help Danish
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask.com Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ECB8220-F426-4BEB-9596-97033C533702}" = QuickBooks Premier: Contractor Edition 2008
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9240B6A8-5FC5-90A6-1D3D-82B337BA3877}" = CCC Help Japanese
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E78C42C-4FF9-4F41-BBC4-BF872606E79D}_is1" = Driver Robot
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B4028EF2-AE9F-BA6B-2C84-432CC83AA415}" = CCC Help English
"{BC6CC10D-60AA-768C-A00C-4F8977AE6602}" = Catalyst Control Center Localization German
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE58167F-8AD0-8BAC-F887-E3E8F95ACF15}" = Catalyst Control Center Localization Swedish
"{BE6B4380-A7FC-9867-1C2E-E7EC26DF985C}" = Catalyst Control Center Localization Norwegian
"{BFA098B1-2430-FB93-986C-162471CDC3C1}" = Catalyst Control Center Graphics Full Existing
"{C818EEE7-5BAD-B603-7E5B-F010477DFD2C}" = ccc-core-static
"{CEB41F82-12C4-9426-9876-437D89886E09}" = CCC Help Finnish
"{D575FBAA-D6D6-4221-A2C4-67541DB7AB5E}_is1" = Device Doctor 1.0.0.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E859C3E4-8F33-991F-B365-C19027729C2B}" = Catalyst Control Center InstallProxy
"{E9A6C89A-325A-80C7-E4CC-5DFCDED4454F}" = CCC Help Swedish
"{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}" = KB0817 Keyboard Driver
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F534394E-DBE5-4BA7-B346-BF99438B6F5E}" = AMD LIVE! Explorer
"{F6564E11-CE2B-654B-845C-6A8771DF3DAB}" = CCC Help German
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8DEDA78-EB90-3F4B-D48A-2E28A98595A4}" = Catalyst Control Center Graphics Light
"{FB471027-9AAD-F454-1424-0EF083AA46D8}" = CCC Help Dutch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Gateway Photo Frame" = Gateway Photo Frame 4.2.3.6
"Gateway Screensaver" = Gateway ScreenSaver
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Money2007b" = Microsoft Money Essentials
"Mozilla Thunderbird (3.0.6)" = Mozilla Thunderbird (3.0.6)
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/28/2010 3:03:31 PM | Computer Name = owner-PC | Source = QuickBooks | ID = 4
Description =

Error - 7/28/2010 3:03:31 PM | Computer Name = owner-PC | Source = QuickBooks | ID = 4
Description =

Error - 7/28/2010 3:03:31 PM | Computer Name = owner-PC | Source = QuickBooks | ID = 4
Description =

Error - 7/28/2010 3:03:31 PM | Computer Name = owner-PC | Source = QuickBooks | ID = 4
Description =

Error - 7/28/2010 3:03:31 PM | Computer Name = owner-PC | Source = QuickBooks | ID = 4
Description =

Error - 7/28/2010 3:03:31 PM | Computer Name = owner-PC | Source = QuickBooks | ID = 4
Description =

Error - 7/28/2010 4:10:31 PM | Computer Name = owner-PC | Source = QuickBooks | ID = 4
Description =

Error - 7/28/2010 4:10:31 PM | Computer Name = owner-PC | Source = QuickBooks | ID = 4
Description =

Error - 7/28/2010 4:10:31 PM | Computer Name = owner-PC | Source = QuickBooks | ID = 4
Description =

Error - 7/28/2010 5:22:32 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application qbw32.exe, version 18.0.4010.606, time stamp
0x4ab16727, faulting module PAYUTIL.dll, version 18.0.4010.606, time stamp 0x4ab178cc,
exception code 0xc0000005, fault offset 0x00021f49, process id 0x17f8, application
start time 0x01cb2e90eddd7a30.

[ System Events ]
Error - 8/4/2010 9:05:28 AM | Computer Name = owner-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 8/4/2010 9:08:01 AM | Computer Name = owner-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 8/5/2010 9:00:56 AM | Computer Name = owner-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 002268667B60 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 8/5/2010 9:07:33 AM | Computer Name = owner-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 8/5/2010 9:08:07 AM | Computer Name = owner-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 8/5/2010 9:20:06 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 8/5/2010 9:36:08 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/5/2010 9:46:51 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 8/5/2010 10:05:29 AM | Computer Name = owner-PC | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 8/5/2010 10:21:24 AM | Computer Name = owner-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer EPSON LQ-590 ESC/P 2 with
shared resource name EPSON LQ-590 ESCP 2. Error 2114. The printer cannot be used
by others on the network.


< End of report >
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello vistaacc,

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    Posted Image
  • If an infected file is detected, the default action will be Cure, click on Continue.

    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP