[ViruSpy]

Hi, i grew up using PCs, went to college to pursue IT admin/ Networking, repaired Toshiba laptops for UPS, then worked @ the infamous Geek Squad City Service Center, now presently Pizza Hut Help Desk Analyst.......



I had a nasty slutty virus and i final got the laptop up, online, but Firefox will not work....I know their are still viruses, rootkits, spyware, etc...

I used the cmd, "inetcpl.cpl" to gain access to internet via IE, however did not work for Fire Fox.....

Please help, tks!


OTL logfile created on: 03/09/2011 10:49:23 p.m. - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\ALPIMAS\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 0000080A | Country: Mexico | Language: ESM | Date Format: dd/MM/yyyy

3.96 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 45.38% Memory free
8.09 Gb Paging File | 6.00 Gb Available in Paging File | 74.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 242.69 Gb Free Space | 84.26% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.97 Gb Free Space | 29.72% Space Free | Partition Type: NTFS
Drive E: | 7.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ALPIMAS-PC | User Name: ALPIMAS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/03 22:48:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\ALPIMAS\Desktop\OTL.exe
PRC - [2010/11/09 15:33:50 | 002,064,384 | ---- | M] () -- C:\Program Files (x86)\WhiteSmoke Translator\WSTrayDictMode.exe
PRC - [2010/01/19 17:48:26 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files (x86)\AGI\core\4.2.0.10752\AGCoreService.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/09/05 19:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2008/04/17 16:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe


========== Modules (No Company Name) ==========

MOD - [2010/11/09 15:33:50 | 002,064,384 | ---- | M] () -- C:\Program Files (x86)\WhiteSmoke Translator\WSTrayDictMode.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/02/25 21:43:20 | 000,818,752 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2008/11/20 06:21:12 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/10/03 13:27:54 | 000,854,280 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV:64bit: - [2008/10/03 13:23:26 | 000,563,464 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/09/22 19:15:48 | 000,585,136 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV:64bit: - [2008/08/25 06:31:36 | 000,251,904 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_a2af78c4\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/08/25 06:31:22 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_a2af78c4\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 22:50:24 | 000,027,648 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (Ias)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/19 17:48:26 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files (x86)\AGI\core\4.2.0.10752\AGCoreService.exe -- (AGCoreService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/09/05 19:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/07 16:45:50 | 000,111,896 | ---- | M] (PCTEL) [On_Demand | Stopped] -- C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2008/07/07 16:45:36 | 000,124,184 | ---- | M] (PCTEL) [On_Demand | Stopped] -- C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe -- (CASprint)
SRV - [2008/04/17 16:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/01/20 22:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/16 08:33:36 | 000,050,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/20 06:20:52 | 000,022,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/10/27 07:21:50 | 001,374,712 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/10/27 02:25:30 | 000,315,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2008/10/27 02:25:30 | 000,168,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/10/03 13:23:46 | 000,080,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2008/10/03 13:23:40 | 000,277,008 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2008/10/03 13:23:36 | 000,192,528 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2008/09/03 07:59:18 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/09/03 07:58:16 | 008,029,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/08/25 07:26:08 | 000,199,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/08/25 06:35:36 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2008/08/25 06:31:46 | 000,458,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/08/16 03:01:34 | 000,235,536 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2008/08/16 03:01:32 | 000,042,000 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2008/08/16 02:58:10 | 001,839,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vsapint.sys -- (vsapint)
DRV:64bit: - [2008/08/02 18:36:16 | 000,243,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
DRV:64bit: - [2008/07/17 06:59:12 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/07/17 06:59:10 | 000,062,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/07/17 06:59:08 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/07/16 07:50:42 | 000,239,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/07/07 16:42:52 | 000,195,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV:64bit: - [2008/07/07 16:42:50 | 000,197,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV:64bit: - [2008/07/07 16:41:32 | 000,043,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\PCTINDIS5X64.SYS -- (PCTINDIS5X64)
DRV:64bit: - [2008/01/20 22:49:47 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 22:46:52 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2007/11/14 05:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/10/12 18:04:40 | 000,041,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCASp50a64.sys -- (PCASp50a64)
DRV:64bit: - [2007/09/06 17:30:24 | 000,198,144 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2007/06/20 16:57:36 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2007/05/31 15:39:32 | 000,027,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/01/18 17:10:22 | 000,030,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2008/07/07 16:42:52 | 000,028,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://prodigy.msn.com/
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://prodigy.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://prodigy.msn.com/
IE - HKLM\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://prodigy.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://prodigy.msn.com/
IE - HKCU\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50826.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files (x86)\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.27\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/03 22:34:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/03 20:54:16 | 000,000,000 | ---D | M]

[2011/09/03 20:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALPIMAS\AppData\Roaming\Mozilla\Extensions
[2009/10/07 13:03:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALPIMAS\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/09/03 22:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/08/08 13:10:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/16 00:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/19 08:22:50 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing-zugo.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/09/16 09:33:38 | 000,002,075 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2011/06/26 17:48:12 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - File not found
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKLM\..\Toolbar: (no name) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] File not found
O4 - HKLM..\Run: [Dell Webcam Central] File not found
O4 - HKLM..\Run: [EEventManager] File not found
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] File not found
O4 - HKLM..\Run: [fbwatch] File not found
O4 - HKLM..\Run: [GMorphCl] File not found
O4 - HKLM..\Run: [iTunesHelper] File not found
O4 - HKLM..\Run: [KiweeHook] File not found
O4 - HKLM..\Run: [LvOKfeefn0Z] File not found
O4 - HKLM..\Run: [LvOKfeefn1zAIMAS\AppData\Local\Temp\3974322659.exe] File not found
O4 - HKLM..\Run: [LvOKfeefnb] File not found
O4 - HKLM..\Run: [LvOKfeefneP] File not found
O4 - HKLM..\Run: [LvOKfeefnf] File not found
O4 - HKLM..\Run: [LvOKfeefnfQ] File not found
O4 - HKLM..\Run: [LvOKfeefnfQft.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiwocOHEAumSkgtosWLFisO9EOwIrWP/zyGHJnxoEaB1FKlBInQT6pU
fjiipIjR5ESSA0XW3MlTYUyaM2eKHIqz4MeVOTHG9EPNpUuDFW/2lIqQZc+rEU8S/AnUqMmVR2Ey
DXn0aNGzCoeKFRuTalWaFTlq/Yq1Lk+uDz+q1DuXIEyYJotOZAlSZ0OXL526dbg4rd3HgYUWjHmS
r8rLVi0uxdvxn1y0Iz2WJcuXbM6/bGXidLo5seq3fSHL7riX8senXjHORXzw9cWUnYmaXsqW6uC8
mWfHzooZs8Epqtv6Xg6aelCBMiuHHrmZOGuu2v2+/xx/tPVSuFbNzoZYNqz13gadYv2ruD591BAb
517YvOl9xCtdtt96ovWn0nXvVQZWgAwuxaCBD0YI4WUvMWiZe7sx1NdcBSaU2F9RjScieSRWKNV7
XfGl4lWcbfXXQy8xVpJeSalooXuYWVYhjTlGeOFeC/aYEoUjOhSeRCYGmBRs2E2x5Fa4XTfQgcLh
FFd1gYG0WJWNaTeRaoYhuJB6TxrGoXILktmSbwa9iFOMEbEJY140HXccVijulKeUZQ65o1QxOQkb
fZ6VCVR2kaEFZE+FHehYfNJ1d5t0MO3ZkKUZ+UnNFI4uxFtnDJ34pEInJnjeVk2FhJh39FH6nYaY
vv/1KGg7gelSgCb25iaf8XnG1KSRdiesd985WFWGRwY36n7J1bjeVJPJ2d5o//xnbX0DIrTYr3T2
pR9GAuYU66XLYiVniyiFWy2un8IHqnpeBgVecmYNSdyb2Y6JGJxW0urvs7Sp6duHQDbroYPUygkq
SSd+me2kU0Qc8VzfijfixRiPJ65dJ704rrgTToHCyCOPpSxD8oVUKVhUaaQewajFrBhMEke8FKcZ
zxyzdmei9FRsmYWJEXSCRlQwSK9Rg4LIIqMgVmX7MlWi1Ca+VLMfNo+4714ab0QR1rf+K1V/H2ON
c1dYSazftEoSKTNMJJPclogXLtxS0yNDNzbeeU//gSGbYdkcplZ0fyv0wnHVzKzBdGKHNb3wFkZv
oQPxPTJVSacbJHC9Lc2pSXKDSRZ5oglkM1ndXevqtWs1RLTJaAukboKpqB22X2CFxjblAsktt1ZY
e3UmkBQ2zRGh1cJ9PILUjh5xkjTyzHueww7refXBwg4yijSP3V7tz1snOdYjN0VybwpD1ebSUpcX
46YTdam97Ho7ynanFQ8NdtFTnr1xbkM63KYiNrrQgA86c+saSbKDtwGOjE8pkday4nI52Z0oJk4j
3naWF5UIOs00QyEMkZAywTGFhFMSM9MA9favjuRuIwSUiM0+d5CMTWRpKDgeyYDTLHTxZ2kK7EgO
/5uSHRH9yn5NyZqm9lJDF97Iblaqna9oaBSzPS92KPHTPyTWkatNriVbJBkK8wamaanKSUcyjB9K
JqaQoMAz9sIcScICNs/VbGKSqZb6FOSchNzKiiYJH+OMZDaP1A5sebpYGEU2EBxujV/bqdKSagdE
qCQmg4T7kPqq9bo7Ps4t+YMIcQY4vxPm70yxMZtYckjFFkJJjE6JWxSN+KKxmDFGEUPBEh2Vije6
5SQpc1kAG2S242mqfcmiyH2KpkovlbImK6yZkoxGvhxWLm8wi5J4PCMi0nyEaUCr1ge/wkPJbSkq
p2tTFiGUyZVtBEzp3Ar/mMSr/klsfhTKYj2rKf/GuOmSKADVp1o+5MhpXWaNOCJhdm7jztxwsVey
Sl67KkPFFUbwL63kCfgeNyZ1gS5v/mRaKKfENtFsqpLDRF1GjYI0RO1qgdARmn66OSZO7et1HUuf
hsRFvhSW600vvKY/h3qrkq6oa/7xE8neRj+/tcebmxlVBBEVT6uMTTFGoeWH9Ca5h8puOhk5IM38
likVMS2HbMnl0kiaT79skit545zbnrczc7asX9VyiVc7077mvK1CRlkp2AiyUqNJU5wV3ZyQXtbL
vBkkbgrUSsfyWLk1lu8zHQmezqK2LiDtSySJUeKOVjSzfM1xnonjlEfI+psDxvSgMS3MRSy7NAv/
4W1OsgKnLQsyxHdypIgX05RexOq2ru1ottIi2ldhRbwI3lOyVSVVVSAbvyHhzS2ncqtGBiNbyzpp
od902oOOa9KyuBaHNrMPiTi3nU0m5ZBl8mlhQ5XeDcUzVKfxoGPXx0ZdcUVUscllpTCDSJOSxjz+
Ce09bZo8G2aMNHCpnX4C9c3lLMe1YDVdDH+qSN3xhmJi1CJhU/erQP2qLE3TGwbZpz3Uws6QUR0d
hiymXhAlNTRnbdF2szZPQnaqN3jM6jTTBSUQpWYzCETNSj4DUNluzHxnJetNkOYuibbMqIwzjoON
CDaF1WykygpnRXL5SCJiL7SAEx6WRVwj+sDr/50IlB1UKHbi5v7YwPU6DRTFEzWx4MxNxfzYkYPl
XB/iN4TljdVoa+QfrtzrnS1brEFNyDMS6hGadGuw2sBcT782Nc3mldxt2sssE2b1fUVpjcoUa+ab
cNdwkWwvh2gEwUS5N4muVjJyvmU23VlqpLEi04++1+gpEcoypt3pSMbzFMBCE30fw+tZ7JPMfYaS
Ogoa9oGqJpG8gghssIZwrGdiH22SNIB4wiypmYOtunA6oaWBC+6YXbWLZlfZ1gIwaH75RYApKmzJ
7NnD5CxjdnpzcAENylqEq8fotEVZ5V5UQEsnmDQGdc/rTvZs1mZQNWER4w0mT7fZjCR6V2yQ+v/s
9phQ7u+wwjvLnXaZvLGTaVrJxEnkwaqvXrXyxSErUSsqST15YsaNXNuCTqSTrvmzKvzkF3PReeke
lyTTsppaOVgEzNDPLXMpdUwluPFWuUvdpq4VzSMxdhbF1y1B965zQ+J25bPMzdKoaGgwUzY6zB7D
oJY8LUtzdCvRGRdt3fhkOslBVLqQdy1bBwawh8MrTSd573FP9qfhFLLAC08ulC2qJcNlnZ40x+k1
9fE6PE8552HVcreTeriAy6bWhZdxWQ3J9Zmv0X9FDp/1RtbxW29j6yni8T7fLvjIdyETN54kdsIJ
ecMfvmQzE/GwTxJxpqG99NizyxESqUks/T06udsi8OjzPWAU0qZOxSfV5aNfQhaqSfpOv5uUmf/8
+fU2k6VtKYoFqWo/xh6GknBqF36ypR2s8SwBAQA7==] File not found
O4 - HKLM..\Run: [LvOKfeefngP] File not found
O4 - HKLM..\Run: [LvOKfeefnoc] File not found
O4 - HKLM..\Run: [LvOKfeefnqg] File not found
O4 - HKLM..\Run: [LvOKfeefnrc] File not found
O4 - HKLM..\Run: [LvOKfeefnsb] File not found
O4 - HKLM..\Run: [LvOKfeefnsd] File not found
O4 - HKLM..\Run: [LvOKfeefntpf] File not found
O4 - HKLM..\Run: [LvOKfeefnvc] File not found
O4 - HKLM..\Run: [LvOKfeefnvcPIMAS\AppData\Local\Temp\user.exe] File not found
O4 - HKLM..\Run: [LvOKfeefnvZ] File not found
O4 - HKLM..\Run: [LvOKfeefnwe] File not found
O4 - HKLM..\Run: [LvOKfeefnwpc] File not found
O4 - HKLM..\Run: [LvOKfeefnxb] File not found
O4 - HKLM..\Run: [LvOKfeefnY] File not found
O4 - HKLM..\Run: [MqqsK] File not found
O4 - HKLM..\Run: [Mqvagestsearche.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCAf6SbXQT8KHECNKnEixosWL1KghTEWNo8eOHS9iLKixoR+TAjWm/KdRJcuB
Ll0alCkSIc2aBG9KzOgxVc+fHX2CTPXPIc6aOiEy9LnUKEWdRI9K3Tm06serIHVmhHhyYkyYIr+u
zPlyZdSXJ00upOinZdmmcNPGnStXLtOgQO/qbXqSrt+G/zySfKnSaU2fDf/SLcoUseK7CxsnTuw4
MtyOlteGzWg169Sng88+7IpUatKyCfeOHUyQoVrRbksjZv05Ik2OWsEarl3a68GgeCfiDjyZIU6f
vMMOFGyz9e7Tvz9/dRtb4nCBekMWdKjyK9HigFfn/4wqVnpC6tpRly9KHSx0sMlrbzWIOytRre9d
M9XcNj5olvNNpJlSPUV3VHsPtcTRTFfhdtVyAnGnV2Ci+VZUXcY1Z2FZAbqEHG06TUFfcR9WR5t8
g3HGU1v1bZSUcTRx9pFFxp3lEGKRDbgZWQCC5lhjH4q3k4YQAYfVR+iV1N9MOd10nUb1xYSXUEIG
pqBK5JHkWl3nWVkdTwGSVdl+S4IIH0t9GUgVklNlqJ6VDgJZVVBw4mXnXUYKdSSVRVJI5n1QyQRk
YwfpKNxSCQ6q6KKMEtXolEsBeSZZYPIIWmTBucRdl5ayVFlaLP5YYW6bEkkcjP6lit1uBi0ZY5VM
Ev+020dTCOXUdFXytN+CaOpXUVfvNTQFChVGVOyJ7qHWaYrKXogQdyBhl+yXyTrbUlAnibjcT4St
upSu1NpmoFFa9UUuCiiw2qd5XmE2BU2kKZQSlCa+tyxM5B6ZElYwnWYvV8dKStKwx0ZoGILKbvUe
ri9muxa8Rok4XHeBTaoUk9fKeSOkHg2LLrHzcqZmsM5FGqRM1KAwhbrOIRurcrf5sfK7qbHYrJ+S
Ddovf3YRCt+CMfqhMroe1/rSsf8yBuStRCM9LMuoRSZetCiXZzVJKqYyc1+iTmYZXNhR3KrMU8xc
tswQUgpTli0JTfTHROsqqqVYDmpoSh/TvJrK2lr/J5RMQ/e13kF7KUoNqHpruTbUPy1NzcoOnXR4
2VjeW3GPLA2tMtmB39aZzk0VOSzBB42+rkKOMlVU3qNDHqaZDG4dpZWlFubXdd1CHu/qSSbYrdsq
bwU8yN1yvCiWaAupeeIDDe07gx9y9PHaZX+c9IiQX05xnpXRF7ZLZfedE83+tja+8wQVLfHhfJrq
U+tBpkQw3waZTuSrh3P3sdTYEX3zy/vamuAssxITOestIcuW0c60kKthrihggVtshrcpBYWHMaRx
i9uMNih0LQRdFfKYcpazweWARGa3MpZkUPguTXVJUIORnEbC95v0VO0m0PrH6IhVIKE9rSSIwo7q
/+4mkOqx6nE8HN2MfCiSCrmNXLJK11ksuDSSpGVlsiremUSWEQnV6EZaQ1t3KlcQXlFqQe8j2qw8
lq4yfQst/xPI0GCjQ5DJLF1uqZ7P4rg2RPlwgR5aWWNCkh/XZC9CTVITjz4Xvlo1CEkq8oyiiBO4
Br2NRZ+bk4Nk5EMUyCgjTyvisKKYuAklCEtzzIzRTHSXm30RctoS0Ri3qBunyBBzZAvfWchzH9RZ
xoWegltaFJK3h42lTLmpIxZXcja8pWsgHnvdkJgiQhI6Mn4p8llIdBc5l20HVbJiW2AaSbkWDQU5
BrxcYIa2QGLSb2wVeRzlomjL4Hlqnv+JyceAlv+KNhrleIyBEjpZYrbdqRN/3UIkCa1IzrK1Ej10
CyjwtAUYCe6sIkspmmNoKD97as2TIxwn395GPDe1xnipMySwLAarhZqFQnXTGjkryEdbwmSHA0Ii
CAuHUo0FpZKIeeZyhgUllfWSRv0T6uHQRTHAXJBeX1Mp5EKHsFhlqTW78tQ9w9cWTpoxqqKCGw+Z
IkwcmSyFL+vIO4syyvSN8qNmjKcoQQpNum4Lmys6EzfBYrdGwehRkuJII/GkMNV5CVyZU+JN0Tcq
kSh2neKT48rkWTBx/cN6UWzZQtEoKkddkWtnzSoG4aLN7yHPUxrh23zsFEkhgpOCaNqfQQGUztT/
jA5KbSUlXC0iNvQN9VS/WUtlVXrU8TRqI5LJ30cw9b4FHmxbXIRgR3cIt7KdTkChTFmt7rTDyQrM
WOtE11hcY8DhAOZLwpJZcbF61rVkRk+blN6KUEW2rpYELSYtXnfEKtazNU5OjxzUT0Hotjd99IdI
6adQKbSdtclLiGVErdhUY0IwsSlsdlOvh/InSD7J7Zz/HWre2OlbU9lGtfhsDTuhpkidFkyeVtpX
qaxYRsjoySoC/i98G+NfAmq3VANdpp+4lhgZy1DBxFvWepvzR/EKVLijO6Kx7ujBjUixj52xcI7t
hSf2vHc2E5yZRxxW5H4VZjTeygyAkmdZmyyX/42CZJUxeTu56sbPbTYaZE/UjDUtTSaS3eGVSVzY
RY4o0KFe/FqZZhs2fNEUkSIDa08NqyQq2/V/g+PKZ6tHXU+ySWcKFdSiQpae8V4QwgBCZ2PLaDPD
iUyhcLrxkQg5HwFPmdOVZdeFDh039hm2xl0bVX0aCDTaBpFUOZFaVfELYFttObrla5KgnDRMyKJ1
ZLxlUl9BG6nDnae17Eubg1jMwKgUqE57ms2MFOKUUasNV9LWqqeIKNAh2fto3xyTZDB4xWLTdj6J
0ZQMxZYS5nI2L1eVsLqAiGU07Xo1XzZje64FaCG9SjP4sZwK6cRgqlzLqSXKy5zOORIO8VVPI//q
17Clq0L4PsuUE8dc3TiFEYLDGmMqKmNQagWquhCS5v+KTbGh8lDGONpTuQYgafMbrQLm3OnKpu2B
/FzD2vpJU7/ekrlSNUVFopw47EEZcyzCP5zt65QP9J3VF1nAoefcakU/tbzH1vP+JPNi77ZYzhrN
7gtPi0LXJtyjm7XslrY5xmu/q8aNjlGUNPEwQxZSBnlSsqT/xvLMks7TkUVAb0La87TckDpBfzfm
Npi9CQdgoWDGx29TXoUsTsr1Fo9UtjyEIUNhd4SmGKbrQck0rS9UcdtT9tWIDd7Bl6vx/1OWeJHq
PoTS2hYz5U1g3rtfSC0XNmmuqu5brmHacfay7dtnHe9jvVoYZymHZu+VUCV9cHfPYEKjo6Sglb1e
v16+tEqe/OdM3ft3dSfktyzwwn2j8Wp952E1tGrqxxtHZECZNi/YBoCpxijiwWiw8ioOFhPt9mu3
QX4bpoGgRx+Yx3wUOBU4tm4oYht/42bSxH6Jonr8d4LA1ym+5momJoFAFxxC0mUmR4MmCIRCaD4w
ZS/SVCQDOB6GtyEwCDtDqHwN+Cb8h3xpZUKzBklpJxEBAQA7==] File not found
O4 - HKLM..\Run: [MqvrN] File not found
O4 - HKLM..\Run: [PCMService] File not found
O4 - HKLM..\Run: [QuickTime Task] File not found
O4 - HKLM..\Run: [Sprint SmartView] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [EPSON WorkForce 600 Series] File not found
O4 - HKCU..\Run: [ooVoo.exe] C:\program files (x86)\oovoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [SightSpeed] File not found
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] File not found
O4 - Startup: C:\Users\ALPIMAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\ALPIMAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found
O4 - Startup: C:\Users\ALPIMAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.38.1.90 66.38.0.240 66.38.1.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DAF6A87-4BA2-4BED-B861-F5D019D37AB2}: DhcpNameServer = 66.38.1.90 66.38.0.240 66.38.1.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{304BDE19-F312-43D0-B645-C61B958C98F6}: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O20 - Winlogon\Notify\dstfixx: DllName - dstfixx.dll - File not found
O20 - Winlogon\Notify\FastAccess: DllName - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O24 - Desktop WallPaper: C:\Users\ALPIMAS\Pictures\DSCF0077.JPG
O24 - Desktop BackupWallPaper: C:\Users\ALPIMAS\Pictures\DSCF0077.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/01 22:53:23 | 000,000,041 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{0f764d94-0e7f-11de-9d33-00a0d5ffff85}\Shell\AutoRun\command - "" = F:\MEMORY\S-v-6-2009\PeAcE.exe
O33 - MountPoints2\{0f764d94-0e7f-11de-9d33-00a0d5ffff85}\Shell\open\command - "" = F:\MEMORY\S-v-6-2009\PeAcE.exe
O33 - MountPoints2\{14df9fd1-77d0-11de-9357-002219db6fac}\Shell - "" = AutoRun
O33 - MountPoints2\{14df9fd1-77d0-11de-9357-002219db6fac}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{48fef3d4-e68d-11dd-96ac-002219db6fac}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O33 - MountPoints2\{48fef3d4-e68d-11dd-96ac-002219db6fac}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O33 - MountPoints2\{7d6b2c77-d620-11dd-b982-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7d6b2c77-d620-11dd-b982-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ShelExec.exe index.html
O33 - MountPoints2\{aeac9256-638c-11df-9242-002219db6fac}\Shell\AutoRun\command - "" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe
O33 - MountPoints2\{d7c2d694-591c-11de-a00b-002219db6fac}\Shell\AutoRun\command - "" = F:\NEXT\FILES\NEXT.exe
O33 - MountPoints2\{d7c2d694-591c-11de-a00b-002219db6fac}\Shell\open\command - "" = F:\NEXT\FILES\NEXT.exe
O33 - MountPoints2\{d7c2d699-591c-11de-a00b-002219db6fac}\Shell - "" = AutoRun
O33 - MountPoints2\{d7c2d699-591c-11de-a00b-002219db6fac}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{d98dfbb4-a65e-11e0-9a89-fced343fed87}\Shell\AutoRun\command - "" = F:\wubi.exe --cdmenu
O33 - MountPoints2\{dc4207c7-22e4-11de-a486-002219db6fac}\Shell\AutoRun\command - "" = G:\NEXT\FILES\NEXT.exe
O33 - MountPoints2\{dc4207c7-22e4-11de-a486-002219db6fac}\Shell\open\command - "" = G:\NEXT\FILES\NEXT.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/03 22:48:10 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\ALPIMAS\Desktop\OTL.exe
[2011/09/03 22:47:00 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\ALPIMAS\OTL.exe
[2011/09/03 20:35:55 | 002,524,022 | ---- | C] (Swearware) -- C:\Users\ALPIMAS\ComboFix.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/03 22:49:41 | 000,000,822 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2011/09/03 22:49:37 | 000,000,822 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2011/09/03 22:49:26 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{50259614-8A82-411D-B81F-3D9A1A7D58C1}.job
[2011/09/03 22:48:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\ALPIMAS\Desktop\OTL.exe
[2011/09/03 22:47:01 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\ALPIMAS\OTL.exe
[2011/09/03 22:46:00 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{830A53C7-A521-4EFD-8571-D3AB6FDC631D}.job
[2011/09/03 22:34:38 | 000,000,914 | ---- | M] () -- C:\Users\ALPIMAS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/03 22:34:38 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/03 22:17:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At95.job
[2011/09/03 22:17:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At71.job
[2011/09/03 22:17:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011/09/03 22:10:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/03 22:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At47.job
[2011/09/03 21:17:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At94.job
[2011/09/03 21:17:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At70.job
[2011/09/03 21:17:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/09/03 21:09:18 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/09/03 21:05:32 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/03 21:05:31 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/03 21:05:27 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011/09/03 21:05:25 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/03 21:05:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/03 21:04:19 | 000,001,460 | ---- | M] () -- C:\Users\ALPIMAS\AppData\Local\d3d9caps64.dat
[2011/09/03 20:49:31 | 000,283,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/03 20:36:03 | 002,524,022 | ---- | M] (Swearware) -- C:\Users\ALPIMAS\ComboFix.exe
[2011/09/03 20:17:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At93.job
[2011/09/03 20:17:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At69.job
[2011/09/03 20:17:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011/09/02 20:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At45.job
[2011/09/02 19:17:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At92.job
[2011/09/02 19:17:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At68.job
[2011/09/02 19:17:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/09/02 19:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At44.job
[2011/09/02 18:17:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At91.job
[2011/09/02 18:17:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At67.job
[2011/09/02 18:17:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011/09/02 18:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At43.job
[2011/09/02 17:17:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At90.job
[2011/09/02 17:17:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At66.job
[2011/09/02 17:17:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/09/02 17:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At42.job
[2011/09/02 16:31:45 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/02 16:31:45 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/02 16:31:45 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/26 11:17:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At84.job
[2011/08/26 11:17:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At60.job
[2011/08/26 11:17:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/08/26 11:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At36.job
[2011/08/26 10:31:15 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011/08/26 10:17:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At83.job
[2011/08/26 10:17:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At59.job
[2011/08/25 23:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At48.job
[2011/08/25 22:26:39 | 003,654,276 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC04648.JPG
[2011/08/25 22:26:32 | 003,681,259 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC04604.JPG
[2011/08/25 22:26:27 | 001,466,942 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC04595.JPG
[2011/08/25 22:26:18 | 001,468,710 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC04354.JPG
[2011/08/25 22:24:37 | 003,706,199 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC04054.JPG
[2011/08/25 22:24:31 | 001,471,513 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC04034.JPG
[2011/08/25 22:13:51 | 004,033,566 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC00596.JPG
[2011/08/25 22:13:43 | 002,297,734 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC05470.JPG
[2011/08/25 22:13:29 | 003,782,800 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC05401.JPG
[2011/08/25 22:13:22 | 003,019,984 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC05388.JPG
[2011/08/25 22:13:05 | 003,814,192 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC05371.JPG
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/03 22:34:38 | 000,000,914 | ---- | C] () -- C:\Users\ALPIMAS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/03 22:34:38 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/03 22:34:38 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/03 21:08:23 | 000,000,396 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{50259614-8A82-411D-B81F-3D9A1A7D58C1}.job
[2010/09/26 12:42:20 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager .INI
[2010/09/25 14:46:42 | 000,000,112 | ---- | C] () -- C:\ProgramData\Jy8atcgh5.dat
[2010/09/15 19:50:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/14 18:03:45 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/06/28 00:25:42 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2009/10/16 16:44:33 | 000,001,460 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Local\d3d9caps64.dat
[2009/09/28 15:44:33 | 000,000,109 | ---- | C] () -- C:\Windows\TmProxy.ini
[2009/06/20 12:26:37 | 000,024,226 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Roaming\UserTile.png
[2009/04/07 17:28:47 | 000,000,552 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Local\d3d8caps.dat
[2009/01/21 00:00:03 | 000,005,962 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Roaming\wklnhst.dat
[2009/01/20 23:35:55 | 000,027,136 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/20 13:12:11 | 000,006,756 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Local\d3d9caps.dat
[2009/01/19 23:13:41 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2009/01/19 23:13:41 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2009/01/19 23:13:41 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2009/01/19 23:13:41 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2009/01/19 23:13:41 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2009/01/19 23:13:41 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2009/01/19 23:13:41 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2009/01/19 23:13:41 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2009/01/19 23:13:41 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2009/01/19 23:13:41 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2009/01/19 23:13:41 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2009/01/19 23:13:41 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2009/01/19 23:13:41 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2009/01/19 23:13:41 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2009/01/19 23:13:41 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2009/01/19 23:13:41 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/01/19 23:10:31 | 000,000,079 | ---- | C] () -- C:\Windows\EPWF600.ini
[2008/12/30 07:09:38 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2008/12/30 07:09:38 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/12/30 06:42:45 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2008/12/30 06:42:45 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2008/12/30 06:42:45 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/12/30 05:51:20 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/09/05 19:16:36 | 000,233,216 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2008/09/05 19:16:36 | 000,059,136 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2008/09/05 19:16:20 | 000,087,296 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2008/07/07 16:42:52 | 000,028,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\swmsflt.sys
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Files - Unicode (All) ==========
[2010/09/21 18:42:59 | 000,025,470 | ---- | M] ()(C:\Users\ALPIMAS\Documents\Hmph ?.txt) -- C:\Users\ALPIMAS\Documents\Hmph ♥.txt
[2010/09/21 18:42:58 | 000,025,470 | ---- | C] ()(C:\Users\ALPIMAS\Documents\Hmph ?.txt) -- C:\Users\ALPIMAS\Documents\Hmph ♥.txt

========== Alternate Data Streams ==========

@Alternate Data Stream - 560962 bytes -> C:\Windows\Temp:temp
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

[Advertisements]

Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

Nice infections indeed. Let's check first MBR. Please follow the instructions below:

• Please download aswMBR.exe to your desktop.
• Double click the aswMBR.exe to run it.
  
  
  
• When asked if you want to download Avast's virus definitions please select No.
• Click the Scan button to start scan.
  
  
  
• On completion of the scan click Save log, save it to your desktop and post in your next reply.

[Render]

Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

Nice infections indeed. Let's check first MBR. Please follow the instructions below:

• Please download aswMBR.exe to your desktop.
• Double click the aswMBR.exe to run it.
  
  
  
• When asked if you want to download Avast's virus definitions please select No.
• Click the Scan button to start scan.
  
  
  
• On completion of the scan click Save log, save it to your desktop and post in your next reply.

[ViruSpy]

Hey, aswMBR.exe is unable to run in Windows Normally or Safe Mode, due to BSOD, driver irq not less than equal, STOP: 0x000000D1, ataport.sys

[Render]

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

• If you are using Firefox, make sure that your download settings are as follows:
• Tools->Options->Main tab
• Set to "Always ask me where to Save the files".

During the download, rename Combofix to Combo-Fix as follows:

• It is important you rename Combofix during the download, but not after.
• Please do not rename Combofix to other names, but only to the one indicated.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection

• Double click on combo-Fix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.

[ViruSpy]

ComboFix 11-09-01.03 - ALPIMAS 05/09/2011 22:44:11.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4054.2135 [GMT -4:00]
Running from: c:\users\ALPIMAS\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-08-06 to 2011-09-06 )))))))))))))))))))))))))))))))
.
.
2011-09-06 03:09 . 2011-09-06 03:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-06 03:09 . 2011-09-06 03:09 -------- d-----w- c:\users\ALPIMAS\AppData\Local\temp
2011-09-04 02:34 . 2011-06-16 04:17 712976 ----a-w- c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
2011-09-02 20:34 . 2011-09-02 20:34 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

<pre>
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon .exe
c:\program files (x86)\Common Files\Java\Java Update\jusched .exe
c:\program files (x86)\Dell\MediaDirect\PCMService .exe
c:\program files (x86)\Dell Video Chat\DellVideoChat .exe
c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell .exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager .exe
c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files (x86)\iTunes\iTunesHelper .exe
c:\program files (x86)\Kiwee Toolbar\3.2\kwtbaim .exe
c:\program files (x86)\QuickTime\QTTask                                                               .exe
c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon .exe
c:\program files (x86)\Skype\Phone\Skype .exe
c:\program files (x86)\Sprint\Sprint SmartView\SprintSV .exe
c:\program files (x86)\Windows Live\Messenger\msnmsgr  .exe
</pre>

.
((((((((((((((((((((((((((((( SnapShot@2011-09-05_14.25.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2011-09-05 01:14 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-09-06 02:15 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 15:45 . 2011-09-06 01:54 95638 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-20 00:24 . 2011-09-06 01:54 12866 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1951622309-515094514-3259427095-1000_UserData.bin
+ 2009-12-22 20:56 . 2011-09-06 01:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-22 20:56 . 2011-09-05 14:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-22 20:56 . 2011-09-06 01:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-22 20:56 . 2011-09-05 14:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-05 14:22 . 2011-09-06 01:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-05 14:22 . 2011-09-05 14:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-05 14:22 . 2011-09-06 01:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-05 14:22 . 2011-09-05 14:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-01-21 03:20 . 2011-09-05 01:14 983040 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2011-09-06 02:15 983040 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2011-09-06 02:15 1835008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-09-05 01:14 1835008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}"= "mscoree.dll" [2009-11-08 297808]
.
[HKEY_CLASSES_ROOT\clsid\{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}]
[HKEY_CLASSES_ROOT\UnifiedToolbar.UnifiedToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"SightSpeed"="c:\program files (x86)\Dell Video Chat\DellVideoChat.exe" [N/A]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 41984]
"ooVoo.exe"="c:\program files (x86)\oovoo\oovoo.exe" [2010-08-12 19084472]
"WMPNSCFG"="c:\program files (x86)\Windows Media Player\WMPNSCFG.exe" [N/A]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask .exe -atboottime" [X]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [N/A]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [N/A]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [N/A]
"PCMService"="c:\program files (x86)\Dell\MediaDirect\PCMService.exe" [N/A]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [N/A]
"FAStartup"="" [N/A]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [N/A]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [N/A]
"Sprint SmartView"="c:\program files (x86)\Sprint\Sprint SmartView\SprintSV.exe" [N/A]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [N/A]
"KiweeHook"="c:\program files (x86)\Kiwee Toolbar\3.2\kwtbaim.exe" [N/A]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [N/A]
"MqqsK"="c:\windows\drweb .exe" [N/A]
"MqvrN"="c:\windows\wininst .exe" [N/A]
"GMorphCl"="c:\windows\SysWOW64\task .exe" [N/A]
"+fU2k6VtKYoFqWo/xh6GknBqF36ypR2s8SwBAQA7=="="c:\users\ALPIMAS\AppData\Local\Temp\win16.exe" [N/A]
"ZS/SVCQDOB6GtyEwCDtDqHwN+Cb8h3xpZUKzBklpJxEBAQA7=="="c:\windows\win.exe" [N/A]
"LvOKfeefn1zAIMAS\AppData\Local\Temp\3974322659.exe"="c:\users\ALPIMAS\AppData\Local\Temp\3974322659.exe" [N/A]
"LvOKfeefnvcPIMAS\AppData\Local\Temp\user.exe"="c:\users\ALPIMAS\AppData\Local\Temp\user.exe" [N/A]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"uPc+kt0NftaGuo"="c:\windows\system32\y2udgsw.dll" [N/A]
"Avamusige"="c:\windows\system32\config\systemprofile\AppData\Local\iomdol.dll" [N/A]
"uPc+kt0No_Jsiv"="c:\windows\system32\wkc46.dll" [N/A]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWow64\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
.
c:\users\ALPIMAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
Epson all-in-one Registration.lnk - e:\common\EpsonReg\Epkick.exe [N/A]
LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launch Whitesmoke Translator.lnk - c:\program files (x86)\WhiteSmoke Translator\WSTrayDictMode.exe [2010-11-24 2064384]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-31 1995344]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dstfixx]
dstfixx.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2008-09-05 23:16 140544 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AGCoreService;AG Core Services;c:\program files (x86)\AGI\core\4.2.0.10752\AGCoreService.exe [2010-01-19 20480]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1c9b01157632de0;Google Update Service (gupdate1c9b01157632de0);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-29 133104]
R3 bpwwpspm;bpwwpspm;c:\windows\System32\Drivers\bpwwpspm.sys [x]
R3 CASprint;Sprint Con App Svc;c:\program files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2008-07-07 124184]
R3 esrdodgm;esrdodgm;c:\windows\System32\Drivers\esrdodgm.sys [x]
R3 esubhhhn;esubhhhn;c:\windows\System32\Drivers\esubhhhn.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 gtrliyng;gtrliyng;c:\windows\System32\Drivers\gtrliyng.sys [x]
R3 hnusocwb;hnusocwb;c:\windows\System32\Drivers\hnusocwb.sys [x]
R3 jmudbzww;jmudbzww;c:\windows\System32\Drivers\jmudbzww.sys [x]
R3 ljxsebzq;ljxsebzq;c:\windows\System32\Drivers\ljxsebzq.sys [x]
R3 lmeiguoy;lmeiguoy;c:\windows\System32\Drivers\lmeiguoy.sys [x]
R3 lsaugzuq;lsaugzuq;c:\windows\System32\Drivers\lsaugzuq.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mkinavtr;mkinavtr;c:\windows\System32\Drivers\mkinavtr.sys [x]
R3 mzlhxlmd;mzlhxlmd;c:\windows\System32\Drivers\mzlhxlmd.sys [x]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 qotfeljy;qotfeljy;c:\windows\System32\Drivers\qotfeljy.sys [x]
R3 rfbwejns;rfbwejns;c:\windows\System32\Drivers\rfbwejns.sys [x]
R3 sbbcsksk;sbbcsksk;c:\windows\System32\Drivers\sbbcsksk.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 xsvstfhi;xsvstfhi;c:\windows\System32\Drivers\xsvstfhi.sys [x]
R3 yiyktxyt;yiyktxyt;c:\windows\System32\Drivers\yiyktxyt.sys [x]
R3 zlzybacx;zlzybacx;c:\windows\System32\Drivers\zlzybacx.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_a2af78c4\AESTSr64.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2008-09-05 2340096]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [x]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x]
S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2008-09-22 585136]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2008-10-03 854280]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-30 01:53]
.
2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-29 01:54]
.
2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-29 01:54]
.
2011-09-06 c:\windows\Tasks\User_Feed_Synchronization-{50259614-8A82-411D-B81F-3D9A1A7D58C1}.job
- c:\windows\system32\msfeedssync.exe [2010-09-01 04:24]
.
2011-09-06 c:\windows\Tasks\User_Feed_Synchronization-{830A53C7-A521-4EFD-8571-D3AB6FDC631D}.job
- c:\windows\system32\msfeedssync.exe [2010-09-01 04:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-25 272896]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [N/A]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-03 153624]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-03 225816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-03 199704]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-20 3863040]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-09-22 1289992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-07 170496]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\lspF63.dll
TCP: DhcpNameServer = 66.38.1.90 66.38.0.240 66.38.1.240
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\ALPIMAS\AppData\Roaming\Mozilla\Firefox\Profiles\9qvrhcuw.default\
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)
Toolbar-{e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LvOKfeefnfQft.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiwocOHEAumSkgtosWLFisO9EOwIrWP/zyGHJnxoEaB1FKlBInQT6pU
fjiipIjR5ESSA0XW3MlTYUyaM2eKHIqz4MeVOTHG9EPNpUuDFW/2lIqQZc+rEU8S/AnUqMmVR2Ey
DXn0aNGzCoeKFRuTalWaFTlq/Yq1Lk+uDz+q1DuXIEyYJotOZAlSZ0OXL526dbg4rd3HgYUWjHmS
r8rLVi0uxdvxn1y0Iz2WJcuXbM6/bGXidLo5seq3fSHL7riX8senXjHORXzw9cWUnYmaXsqW6uC8
mWfHzooZs8Epqtv6Xg6aelCBMiuHHrmZOGuu2v2+/xx/tPVSuFbNzoZYNqz13gadYv2ruD591BAb
517YvOl9xCtdtt96ovWn0nXvVQZWgAwuxaCBD0YI4WUvMWiZe7sx1NdcBSaU2F9RjScieSRWKNV7
XfGl4lWcbfXXQy8xVpJeSalooXuYWVYhjTlGeOFeC/aYEoUjOhSeRCYGmBRs2E2x5Fa4XTfQgcLh
FFd1gYG0WJWNaTeRaoYhuJB6TxrGoXILktmSbwa9iFOMEbEJY140HXccVijulKeUZQ65o1QxOQkb
fZ6VCVR2kaEFZE+FHehYfNJ1d5t0MO3ZkKUZ+UnNFI4uxFtnDJ34pEInJnjeVk2FhJh39FH6nYaY
vv/1KGg7gelSgCb25iaf8XnG1KSRdiesd985WFWGRwY36n7J1bjeVJPJ2d5o//xnbX0DIrTYr3T2
pR9GAuYU66XLYiVniyiFWy2un8IHqnpeBgVecmYNSdyb2Y6JGJxW0urvs7Sp6duHQDbroYPUygkq
SSd+me2kU0Qc8VzfijfixRiPJ65dJ704rrgTToHCyCOPpSxD8oVUKVhUaaQewajFrBhMEke8FKcZ
zxyzdmei9FRsmYWJEXSCRlQwSK9Rg4LIIqMgVmX7MlWi1Ca+VLMfNo+4714ab0QR1rf+K1V/H2ON
c1dYSazftEoSKTNMJJPclogXLtxS0yNDNzbeeU//gSGbYdkcplZ0fyv0wnHVzKzBdGKHNb3wFkZv
oQPxPTJVSacbJHC9Lc2pSXKDSRZ5oglkM1ndXevqtWs1RLTJaAukboKpqB22X2CFxjblAsktt1ZY
e3UmkBQ2zRGh1cJ9PILUjh5xkjTyzHueww7refXBwg4yijSP3V7tz1snOdYjN0VybwpD1ebSUpcX
46YTdam97Ho7ynanFQ8NdtFTnr1xbkM63KYiNrrQgA86c+saSbKDtwGOjE8pkday4nI52Z0oJk4j
3naWF5UIOs00QyEMkZAywTGFhFMSM9MA9favjuRuIwSUiM0+d5CMTWRpKDgeyYDTLHTxZ2kK7EgO
/5uSHRH9yn5NyZqm9lJDF97Iblaqna9oaBSzPS92KPHTPyTWkatNriVbJBkK8wamaanKSUcyjB9K
JqaQoMAz9sIcScICNs/VbGKSqZb6FOSchNzKiiYJH+OMZDaP1A5sebpYGEU2EBxujV/bqdKSagdE
qCQmg4T7kPqq9bo7Ps4t+YMIcQY4vxPm70yxMZtYckjFFkJJjE6JWxSN+KKxmDFGEUPBEh2Vije6
5SQpc1kAG2S242mqfcmiyH2KpkovlbImK6yZkoxGvhxWLm8wi5J4PCMi0nyEaUCr1ge/wkPJbSkq
p2tTFiGUyZVtBEzp3Ar/mMSr/klsfhTKYj2rKf/GuOmSKADVp1o+5MhpXWaNOCJhdm7jztxwsVey
Sl67KkPFFUbwL63kCfgeNyZ1gS5v/mRaKKfENtFsqpLDRF1GjYI0RO1qgdARmn66OSZO7et1HUuf
hsRFvhSW600vvKY/h3qrkq6oa/7xE8neRj+/tcebmxlVBBEVT6uMTTFGoeWH9Ca5h8puOhk5IM38
likVMS2HbMnl0kiaT79skit545zbnrczc7asX9VyiVc7077mvK1CRlkp2AiyUqNJU5wV3ZyQXtbL
vBkkbgrUSsfyWLk1lu8zHQmezqK2LiDtSySJUeKOVjSzfM1xnonjlEfI+psDxvSgMS3MRSy7NAv/
4W1OsgKnLQsyxHdypIgX05RexOq2ru1ottIi2ldhRbwI3lOyVSVVVSAbvyHhzS2ncqtGBiNbyzpp
od902oOOa9KyuBaHNrMPiTi3nU0m5ZBl8mlhQ5XeDcUzVKfxoGPXx0ZdcUVUscllpTCDSJOSxjz+
Ce09bZo8G2aMNHCpnX4C9c3lLMe1YDVdDH+qSN3xhmJi1CJhU/erQP2qLE3TGwbZpz3Uws6QUR0d
hiymXhAlNTRnbdF2szZPQnaqN3jM6jTTBSUQpWYzCETNSj4DUNluzHxnJetNkOYuibbMqIwzjoON
CDaF1WykygpnRXL5SCJiL7SAEx6WRVwj+sDr/50IlB1UKHbi5v7YwPU6DRTFEzWx4MxNxfzYkYPl
XB/iN4TljdVoa+QfrtzrnS1brEFNyDMS6hGadGuw2sBcT782Nc3mldxt2sssE2b1fUVpjcoUa+ab
cNdwkWwvh2gEwUS5N4muVjJyvmU23VlqpLEi04++1+gpEcoypt3pSMbzFMBCE30fw+tZ7JPMfYaS
Ogoa9oGqJpG8gghssIZwrGdiH22SNIB4wiypmYOtunA6oaWBC+6YXbWLZlfZ1gIwaH75RYApKmzJ
7NnD5CxjdnpzcAENylqEq8fotEVZ5V5UQEsnmDQGdc/rTvZs1mZQNWER4w0mT7fZjCR6V2yQ+v/s
9phQ7u+wwjvLnXaZvLGTaVrJxEnkwaqvXrXyxSErUSsqST15YsaNXNuCTqSTrvmzKvzkF3PReeke
lyTTsppaOVgEzNDPLXMpdUwluPFWuUvdpq4VzSMxdhbF1y1B965zQ+J25bPMzdKoaGgwUzY6zB7D
oJY8LUtzdCvRGRdt3fhkOslBVLqQdy1bBwawh8MrTSd573FP9qfhFLLAC08ulC2qJcNlnZ40x+k1
9fE6PE8552HVcreTeriAy6bWhZdxWQ3J9Zmv0X9FDp/1RtbxW29j6yni8T7fLvjIdyETN54kdsIJ
ecMfvmQzE/GwTxJxpqG99NizyxESqUks/T06udsi8OjzPWAU0qZOxSfV5aNfQhaqSfpOv5uUmf/8
+fU2k6VtKYoFqWo/xh6GknBqF36ypR2s8SwBAQA7=="="c:\\Users\\ALPIMAS\\AppData\\Local\\Temp\\win16.exe"
"Mqvagestsearche.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCAf6SbXQT8KHECNKnEixosWL1KghTEWNo8eOHS9iLKixoR+TAjWm/KdRJcuB
Ll0alCkSIc2aBG9KzOgxVc+fHX2CTPXPIc6aOiEy9LnUKEWdRI9K3Tm06serIHVmhHhyYkyYIr+u
zPlyZdSXJ00upOinZdmmcNPGnStXLtOgQO/qbXqSrt+G/zySfKnSaU2fDf/SLcoUseK7CxsnTuw4
MtyOlteGzWg169Sng88+7IpUatKyCfeOHUyQoVrRbksjZv05Ik2OWsEarl3a68GgeCfiDjyZIU6f
vMMOFGyz9e7Tvz9/dRtb4nCBekMWdKjyK9HigFfn/4wqVnpC6tpRly9KHSx0sMlrbzWIOytRre9d
M9XcNj5olvNNpJlSPUV3VHsPtcTRTFfhdtVyAnGnV2Ci+VZUXcY1Z2FZAbqEHG06TUFfcR9WR5t8
g3HGU1v1bZSUcTRx9pFFxp3lEGKRDbgZWQCC5lhjH4q3k4YQAYfVR+iV1N9MOd10nUb1xYSXUEIG
pqBK5JHkWl3nWVkdTwGSVdl+S4IIH0t9GUgVklNlqJ6VDgJZVVBw4mXnXUYKdSSVRVJI5n1QyQRk
YwfpKNxSCQ6q6KKMEtXolEsBeSZZYPIIWmTBucRdl5ayVFlaLP5YYW6bEkkcjP6lit1uBi0ZY5VM
Ev+020dTCOXUdFXytN+CaOpXUVfvNTQFChVGVOyJ7qHWaYrKXogQdyBhl+yXyTrbUlAnibjcT4St
upSu1NpmoFFa9UUuCiiw2qd5XmE2BU2kKZQSlCa+tyxM5B6ZElYwnWYvV8dKStKwx0ZoGILKbvUe
ri9muxa8Rok4XHeBTaoUk9fKeSOkHg2LLrHzcqZmsM5FGqRM1KAwhbrOIRurcrf5sfK7qbHYrJ+S
Ddovf3YRCt+CMfqhMroe1/rSsf8yBuStRCM9LMuoRSZetCiXZzVJKqYyc1+iTmYZXNhR3KrMU8xc
tswQUgpTli0JTfTHROsqqqVYDmpoSh/TvJrK2lr/J5RMQ/e13kF7KUoNqHpruTbUPy1NzcoOnXR4
2VjeW3GPLA2tMtmB39aZzk0VOSzBB42+rkKOMlVU3qNDHqaZDG4dpZWlFubXdd1CHu/qSSbYrdsq
bwU8yN1yvCiWaAupeeIDDe07gx9y9PHaZX+c9IiQX05xnpXRF7ZLZfedE83+tja+8wQVLfHhfJrq
U+tBpkQw3waZTuSrh3P3sdTYEX3zy/vamuAssxITOestIcuW0c60kKthrihggVtshrcpBYWHMaRx
i9uMNih0LQRdFfKYcpazweWARGa3MpZkUPguTXVJUIORnEbC95v0VO0m0PrH6IhVIKE9rSSIwo7q
/+4mkOqx6nE8HN2MfCiSCrmNXLJK11ksuDSSpGVlsiremUSWEQnV6EZaQ1t3KlcQXlFqQe8j2qw8
lq4yfQst/xPI0GCjQ5DJLF1uqZ7P4rg2RPlwgR5aWWNCkh/XZC9CTVITjz4Xvlo1CEkq8oyiiBO4
Br2NRZ+bk4Nk5EMUyCgjTyvisKKYuAklCEtzzIzRTHSXm30RctoS0Ri3qBunyBBzZAvfWchzH9RZ
xoWegltaFJK3h42lTLmpIxZXcja8pWsgHnvdkJgiQhI6Mn4p8llIdBc5l20HVbJiW2AaSbkWDQU5
BrxcYIa2QGLSb2wVeRzlomjL4Hlqnv+JyceAlv+KNhrleIyBEjpZYrbdqRN/3UIkCa1IzrK1Ej10
CyjwtAUYCe6sIkspmmNoKD97as2TIxwn395GPDe1xnipMySwLAarhZqFQnXTGjkryEdbwmSHA0Ii
CAuHUo0FpZKIeeZyhgUllfWSRv0T6uHQRTHAXJBeX1Mp5EKHsFhlqTW78tQ9w9cWTpoxqqKCGw+Z
IkwcmSyFL+vIO4syyvSN8qNmjKcoQQpNum4Lmys6EzfBYrdGwehRkuJII/GkMNV5CVyZU+JN0Tcq
kSh2neKT48rkWTBx/cN6UWzZQtEoKkddkWtnzSoG4aLN7yHPUxrh23zsFEkhgpOCaNqfQQGUztT/
jA5KbSUlXC0iNvQN9VS/WUtlVXrU8TRqI5LJ30cw9b4FHmxbXIRgR3cIt7KdTkChTFmt7rTDyQrM
WOtE11hcY8DhAOZLwpJZcbF61rVkRk+blN6KUEW2rpYELSYtXnfEKtazNU5OjxzUT0Hotjd99IdI
6adQKbSdtclLiGVErdhUY0IwsSlsdlOvh/InSD7J7Zz/HWre2OlbU9lGtfhsDTuhpkidFkyeVtpX
qaxYRsjoySoC/i98G+NfAmq3VANdpp+4lhgZy1DBxFvWepvzR/EKVLijO6Kx7ujBjUixj52xcI7t
hSf2vHc2E5yZRxxW5H4VZjTeygyAkmdZmyyX/42CZJUxeTu56sbPbTYaZE/UjDUtTSaS3eGVSVzY
RY4o0KFe/FqZZhs2fNEUkSIDa08NqyQq2/V/g+PKZ6tHXU+ySWcKFdSiQpae8V4QwgBCZ2PLaDPD
iUyhcLrxkQg5HwFPmdOVZdeFDh039hm2xl0bVX0aCDTaBpFUOZFaVfELYFttObrla5KgnDRMyKJ1
ZLxlUl9BG6nDnae17Eubg1jMwKgUqE57ms2MFOKUUasNV9LWqqeIKNAh2fto3xyTZDB4xWLTdj6J
0ZQMxZYS5nI2L1eVsLqAiGU07Xo1XzZje64FaCG9SjP4sZwK6cRgqlzLqSXKy5zOORIO8VVPI//q
17Clq0L4PsuUE8dc3TiFEYLDGmMqKmNQagWquhCS5v+KTbGh8lDGONpTuQYgafMbrQLm3OnKpu2B
/FzD2vpJU7/ekrlSNUVFopw47EEZcyzCP5zt65QP9J3VF1nAoefcakU/tbzH1vP+JPNi77ZYzhrN
7gtPi0LXJtyjm7XslrY5xmu/q8aNjlGUNPEwQxZSBnlSsqT/xvLMks7TkUVAb0La87TckDpBfzfm
Npi9CQdgoWDGx29TXoUsTsr1Fo9UtjyEIUNhd4SmGKbrQck0rS9UcdtT9tWIDd7Bl6vx/1OWeJHq
PoTS2hYz5U1g3rtfSC0XNmmuqu5brmHacfay7dtnHe9jvVoYZymHZu+VUCV9cHfPYEKjo6Sglb1e
v16+tEqe/OdM3ft3dSfktyzwwn2j8Wp952E1tGrqxxtHZECZNi/YBoCpxijiwWiw8ioOFhPt9mu3
QX4bpoGgRx+Yx3wUOBU4tm4oYht/42bSxH6Jonr8d4LA1ym+5momJoFAFxxC0mUmR4MmCIRCaD4w
ZS/SVCQDOB6GtyEwCDtDqHwN+Cb8h3xpZUKzBklpJxEBAQA7=="="c:\\Windows\\win.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,60,53,e2,29,65,02,4e,9f,cd,b9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,60,53,e2,29,65,02,4e,9f,cd,b9,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-09-05 23:11:55
ComboFix-quarantined-files.txt 2011-09-06 03:11
ComboFix2.txt 2011-09-05 14:46
.
Pre-Run: 262,649,700,352 bytes free
Post-Run: 262,560,215,040 bytes free
.
- - End Of File - - 606AB60064430EF04982C30FA0E2F77B

[Render]

Hi,

Please follow the steps below:

Step 1

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. If you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

• Download ERUNT
  (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
• Install ERUNT by following the prompts
  (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
• Start ERUNT
  (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
• Choose a location for the backup
  (the default location is C:\WINDOWS\ERDNT which is acceptable).
• Make sure that at least the first two check boxes are ticked
• Press OK
• Press YES to create the folder.

Step 2

• Open Command Prompt. You can do this by clicking Start, in Search programs and files text box type cmd and press Enter.
• Copy the contents of the codebox below using CTRL+C (or selecting all the text in the box, and right clicking on it and selecting Copy)
  
  

  reg export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"  "%HOMEPATH%\Desktop\reghklm.txt"
  exit
  cls

• Move your mouse pointer to the Command Prompt (cmd.exe) window, right-click, select and click Paste to paste script.
• File reghklm.txt will be created on your Desktop.

NEXT...

• Open Command Prompt. You can do this by clicking Start, in Search programs and files text box type cmd and press Enter.
• Copy the contents of the codebox below using CTRL+C (or selecting all the text in the box, and right clicking on it and selecting Copy)
  
  

  reg export "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"  "%HOMEPATH%\Desktop\reghkcu.txt"
  exit
  cls

• Move your mouse pointer to the Command Prompt (cmd.exe) window, right-click, select and click Paste to paste script.
• File reghkcu.txt will be created on your Desktop.

Please attach these two files (reghklm.txt and reghkcu.txt) in your next reply.

How to add an attachment to a new topic or reply

[ViruSpy]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\\Program Files\\DellTPad\\Apoint.exe"
"SysTrayApp"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\
00,6c,00,65,00,73,00,25,00,5c,00,49,00,44,00,54,00,5c,00,57,00,44,00,4d,00,\
5c,00,73,00,74,00,74,00,72,00,61,00,79,00,36,00,34,00,2e,00,65,00,78,00,65,\
00,00,00
"IgfxTray"="C:\\Windows\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\Windows\\system32\\hkcmd.exe"
"Persistence"="C:\\Windows\\system32\\igfxpers.exe"
"Broadcom Wireless Manager UI"="C:\\Windows\\system32\\WLTRAY.exe"
"UfSeAgnt.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security\\UfSeAgnt.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"Windows Mobile-based device management"=hex(2):25,00,77,00,69,00,6e,00,64,00,\
69,00,72,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,4d,00,6f,\
00,62,00,69,00,6c,00,65,00,5c,00,77,00,6d,00,64,00,53,00,79,00,6e,00,63,00,\
2e,00,65,00,78,00,65,00,00,00

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"
"SightSpeed"="\"C:\\Program Files (x86)\\Dell Video Chat\\DellVideoChat.exe\" -bootmode"
"ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe"
"Speech Recognition"="\"C:\\Windows\\Speech\\Common\\sapisvr.exe\" -SpeechUX -Startup"
"ooVoo.exe"="C:\\program files (x86)\\oovoo\\oovoo.exe /minimized"
"WMPNSCFG"="C:\\Program Files (x86)\\Windows Media Player\\WMPNSCFG.exe"

[ViruSpy]

Please see attachment

Attached Files

•  reghkcu.txt   1.07KB   123 downloads
•  reghklm.txt   2.09KB   110 downloads

[Render]

Hi,

Looks like we have also long time not seen Vundu infection. We will proceed with the following fix:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

RenV::
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon .exe
c:\program files (x86)\Common Files\Java\Java Update\jusched .exe
c:\program files (x86)\Dell\MediaDirect\PCMService .exe
c:\program files (x86)\Dell Video Chat\DellVideoChat .exe
c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell .exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager .exe
c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files (x86)\iTunes\iTunesHelper .exe
c:\program files (x86)\Kiwee Toolbar\3.2\kwtbaim .exe
c:\program files (x86)\QuickTime\QTTask                                                   			.exe
c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon .exe
c:\program files (x86)\Skype\Phone\Skype .exe
c:\program files (x86)\Sprint\Sprint SmartView\SprintSV .exe
c:\program files (x86)\Windows Live\Messenger\msnmsgr  .exe

File::
c:\windows\drweb .exe
c:\windows\wininst .exe
c:\windows\SysWOW64\task .exe
c:\users\ALPIMAS\AppData\Local\Temp\win16.exe
c:\windows\win.exe
c:\users\ALPIMAS\AppData\Local\Temp\3974322659.exe
c:\users\ALPIMAS\AppData\Local\Temp\user.exe
c:\windows\system32\y2udgsw.dll
c:\windows\system32\config\systemprofile\AppData\Local\iomdol.dll
c:\windows\system32\wkc46.dll
c:\windows\System32\Drivers\bpwwpspm.sys
c:\windows\System32\Drivers\esrdodgm.sys
c:\windows\System32\Drivers\esubhhhn.sys
c:\windows\System32\Drivers\gtrliyng.sys
c:\windows\System32\Drivers\hnusocwb.sys
c:\windows\System32\Drivers\jmudbzww.sys
c:\windows\System32\Drivers\ljxsebzq.sys
c:\windows\System32\Drivers\lmeiguoy.sys
c:\windows\System32\Drivers\lsaugzuq.sys
c:\windows\System32\Drivers\mkinavtr.sys
c:\windows\System32\Drivers\mzlhxlmd.sys
c:\windows\System32\Drivers\qotfeljy.sys
c:\windows\System32\Drivers\rfbwejns.sys
c:\windows\System32\Drivers\sbbcsksk.sys
c:\windows\System32\Drivers\xsvstfhi.sys
c:\windows\System32\Drivers\yiyktxyt.sys
c:\windows\System32\Drivers\zlzybacx.sys

Folder::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MqqsK"=-
"MqvrN"=-
"GMorphCl"=-
"+fU2k6VtKYoFqWo/xh6GknBqF36ypR2s8SwBAQA7=="-
"ZS/SVCQDOB6GtyEwCDtDqHwN+Cb8h3xpZUKzBklpJxEBAQA7=="=-
"LvOKfeefn1zAIMAS\AppData\Local\Temp\3974322659.exe"=-
"LvOKfeefnvcPIMAS\AppData\Local\Temp\user.exe"=-

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"uPc+kt0NftaGuo"=-
"Avamusige"=-
"uPc+kt0No_Jsiv"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dstfixx]

Driver::
bpwwpspm
esrdodgm
esubhhhn
gtrliyng
hnusocwb
jmudbzww
ljxsebzq
lmeiguoy
lsaugzuq
mkinavtr
mzlhxlmd
qotfeljy
rfbwejns
sbbcsksk
xsvstfhi
yiyktxyt
zlzybacx

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[ViruSpy]

ComboFix 11-09-01.03 - ALPIMAS 07/09/2011 22:29:06.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4054.2160 [GMT -4:00]
Running from: c:\users\ALPIMAS\Desktop\ComboFix.exe
Command switches used :: c:\users\ALPIMAS\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
FILE ::
"c:\users\ALPIMAS\AppData\Local\Temp\3974322659.exe"
"c:\users\ALPIMAS\AppData\Local\Temp\user.exe"
"c:\users\ALPIMAS\AppData\Local\Temp\win16.exe"
"c:\windows\drweb .exe"
"c:\windows\system32\config\systemprofile\AppData\Local\iomdol.dll"
"c:\windows\System32\Drivers\bpwwpspm.sys"
"c:\windows\System32\Drivers\esrdodgm.sys"
"c:\windows\System32\Drivers\esubhhhn.sys"
"c:\windows\System32\Drivers\gtrliyng.sys"
"c:\windows\System32\Drivers\hnusocwb.sys"
"c:\windows\System32\Drivers\jmudbzww.sys"
"c:\windows\System32\Drivers\ljxsebzq.sys"
"c:\windows\System32\Drivers\lmeiguoy.sys"
"c:\windows\System32\Drivers\lsaugzuq.sys"
"c:\windows\System32\Drivers\mkinavtr.sys"
"c:\windows\System32\Drivers\mzlhxlmd.sys"
"c:\windows\System32\Drivers\qotfeljy.sys"
"c:\windows\System32\Drivers\rfbwejns.sys"
"c:\windows\System32\Drivers\sbbcsksk.sys"
"c:\windows\System32\Drivers\xsvstfhi.sys"
"c:\windows\System32\Drivers\yiyktxyt.sys"
"c:\windows\System32\Drivers\zlzybacx.sys"
"c:\windows\system32\wkc46.dll"
"c:\windows\system32\y2udgsw.dll"
"c:\windows\SysWOW64\task .exe"
"c:\windows\win.exe"
"c:\windows\wininst .exe"
.
.
((((((((((((((((((((((((( Files Created from 2011-08-08 to 2011-09-08 )))))))))))))))))))))))))))))))
.
.
2011-09-08 02:30 . 2011-09-08 02:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-08 02:30 . 2011-09-08 02:30 -------- d-----w- c:\users\ALPIMAS\AppData\Local\temp
2011-09-07 02:17 . 2011-09-07 02:17 -------- d-----w- c:\program files (x86)\ERUNT
2011-09-06 22:36 . 2011-08-16 12:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B6221BB-0AFE-4587-BDC9-DB6E9360F62F}\mpengine.dll
2011-09-06 12:45 . 2011-03-03 15:06 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-09-06 12:45 . 2011-03-03 14:56 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
2011-09-06 12:45 . 2011-03-03 13:25 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-09-06 12:45 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-09-06 07:42 . 2010-09-20 12:14 316416 ----a-w- c:\windows\system32\msshsq.dll
2011-09-06 07:42 . 2010-09-20 09:25 231936 ----a-w- c:\windows\SysWow64\msshsq.dll
2011-09-06 05:04 . 2011-02-18 13:51 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-09-06 05:04 . 2011-05-02 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-09-06 05:04 . 2011-05-02 12:00 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-09-06 04:50 . 2010-06-28 16:55 1923584 ----a-w- c:\windows\system32\ole32.dll
2011-09-06 04:50 . 2010-06-28 16:15 1315840 ----a-w- c:\windows\SysWow64\ole32.dll
2011-09-06 04:50 . 2010-06-28 15:07 408064 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-09-06 04:50 . 2010-06-28 14:31 339968 ----a-w- c:\program files (x86)\Windows NT\Accessories\wordpad.exe
2011-09-06 04:49 . 2010-08-31 15:41 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2011-09-06 04:49 . 2010-08-31 15:41 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2011-09-06 04:49 . 2010-12-20 16:06 847872 ----a-w- c:\windows\system32\oleaut32.dll
2011-09-06 04:49 . 2010-12-20 15:39 563200 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-09-06 04:48 . 2010-08-26 16:27 189952 ----a-w- c:\windows\system32\t2embed.dll
2011-09-06 04:48 . 2010-08-26 16:07 157184 ----a-w- c:\windows\SysWow64\t2embed.dll
2011-09-06 04:48 . 2010-08-31 15:40 531968 ----a-w- c:\windows\SysWow64\comctl32.dll
2011-09-06 04:48 . 2010-08-31 15:21 633856 ----a-w- c:\windows\system32\comctl32.dll
2011-09-06 04:42 . 2011-06-02 13:22 2762240 ----a-w- c:\windows\system32\win32k.sys
2011-09-06 04:42 . 2011-04-29 13:12 176128 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-09-06 04:42 . 2011-04-29 13:12 144896 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-09-06 04:42 . 2011-07-06 15:18 274432 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-09-06 04:42 . 2011-04-29 13:11 135168 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-09-06 04:42 . 2011-04-29 13:11 105984 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-09-06 04:42 . 2011-04-21 13:42 407552 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-06 04:42 . 2011-02-17 07:21 613376 ----a-w- c:\windows\system32\vbscript.dll
2011-09-06 04:42 . 2011-02-17 06:23 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-06 04:40 . 2011-02-27 15:53 990096 ----a-w- c:\windows\system32\winresume.efi
2011-09-06 04:28 . 2011-02-18 13:50 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-09-06 04:18 . 2011-04-14 14:45 97792 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-09-06 04:18 . 2011-04-29 15:25 344576 ----a-w- c:\windows\system32\schannel.dll
2011-09-06 04:18 . 2011-04-29 14:54 276992 ----a-w- c:\windows\SysWow64\schannel.dll
2011-09-06 04:18 . 2011-05-02 16:35 975360 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-06 04:18 . 2011-05-02 15:58 738816 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-09-06 04:16 . 2010-10-15 14:02 4692368 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-09-06 04:16 . 2010-10-15 13:43 1167488 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-09-06 04:16 . 2010-10-15 13:43 1560960 ----a-w- c:\windows\system32\ntdll.dll
2011-09-06 04:14 . 2010-08-20 15:56 1090048 ----a-w- c:\windows\system32\wmpmde.dll
2011-09-02 20:34 . 2011-09-02 20:34 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-05_14.25.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-06 07:22 . 2009-10-09 21:55 54272 c:\windows\SysWOW64\WsmRes.dll
+ 2011-09-06 07:22 . 2009-10-09 21:56 12800 c:\windows\SysWOW64\wsmprovhost.exe
+ 2011-09-06 07:22 . 2009-10-09 21:56 10240 c:\windows\SysWOW64\wsmplpxy.dll
+ 2011-09-06 07:22 . 2009-10-09 21:56 10240 c:\windows\SysWOW64\winrssrv.dll
+ 2011-09-06 07:22 . 2009-10-09 21:56 20480 c:\windows\SysWOW64\winrshost.exe
+ 2011-09-06 07:22 . 2009-10-09 21:56 40448 c:\windows\SysWOW64\winrs.exe
+ 2011-09-06 07:22 . 2009-10-09 21:56 24064 c:\windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll
+ 2011-09-06 07:22 . 2009-10-09 21:56 20480 c:\windows\SysWOW64\WindowsPowerShell\v1.0\PSEvents.dll
+ 2011-09-06 07:22 . 2009-10-09 21:55 81408 c:\windows\SysWOW64\wevtfwd.dll
+ 2011-09-06 07:22 . 2009-10-09 21:55 79872 c:\windows\SysWOW64\wecutil.exe
- 2008-01-21 02:49 . 2008-01-21 02:49 56320 c:\windows\SysWOW64\wecapi.dll
+ 2011-09-06 07:22 . 2009-10-09 21:55 56320 c:\windows\SysWOW64\wecapi.dll
+ 2011-09-06 07:22 . 2009-10-09 21:56 41472 c:\windows\SysWOW64\pwrshplugin.dll
- 2009-09-29 02:54 . 2009-08-14 16:29 17920 c:\windows\SysWOW64\netevent.dll
+ 2011-09-06 04:28 . 2010-09-06 16:23 17920 c:\windows\SysWOW64\netevent.dll
- 2010-09-01 23:17 . 2009-03-08 11:31 66560 c:\windows\SysWOW64\mshtmled.dll
+ 2011-09-06 05:15 . 2011-05-28 06:04 66560 c:\windows\SysWOW64\mshtmled.dll
- 2010-09-01 23:21 . 2010-06-26 04:24 13312 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-09-06 05:15 . 2011-05-28 04:32 13312 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-09-06 05:15 . 2011-05-28 06:04 55296 c:\windows\SysWOW64\msfeedsbs.dll
- 2010-09-01 23:21 . 2010-06-26 06:03 55296 c:\windows\SysWOW64\msfeedsbs.dll
- 2010-09-01 23:21 . 2010-06-26 06:05 64512 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-09-06 05:15 . 2011-05-28 06:08 64512 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-09-06 05:15 . 2011-05-28 06:04 43520 c:\windows\SysWOW64\licmgr10.dll
- 2010-09-01 23:21 . 2010-06-26 06:02 25600 c:\windows\SysWOW64\jsproxy.dll
+ 2011-09-06 05:15 . 2011-05-28 06:04 25600 c:\windows\SysWOW64\jsproxy.dll
+ 2011-09-06 05:15 . 2011-05-28 06:04 71680 c:\windows\SysWOW64\iesetup.dll
- 2010-09-01 23:21 . 2010-06-26 06:02 71680 c:\windows\SysWOW64\iesetup.dll
- 2010-09-01 23:21 . 2010-06-26 06:02 55808 c:\windows\SysWOW64\iernonce.dll
+ 2011-09-06 05:15 . 2011-05-28 06:04 55808 c:\windows\SysWOW64\iernonce.dll
+ 2011-09-06 04:15 . 2010-06-16 15:12 72704 c:\windows\SysWOW64\fontsub.dll
- 2010-01-13 21:04 . 2009-10-19 14:24 72704 c:\windows\SysWOW64\fontsub.dll
+ 2011-09-06 04:14 . 2009-05-04 10:11 25088 c:\windows\SysWOW64\dnscacheugc.exe
- 2008-01-21 02:49 . 2008-01-21 02:49 25088 c:\windows\SysWOW64\dnscacheugc.exe
+ 2008-01-21 03:20 . 2011-09-07 03:16 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-09-05 01:14 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-24 01:07 . 2010-05-26 16:16 34304 c:\windows\SysWOW64\atmlib.dll
+ 2011-09-06 04:15 . 2011-02-16 15:29 34304 c:\windows\SysWOW64\atmlib.dll
+ 2011-09-06 07:22 . 2009-10-09 21:34 54272 c:\windows\system32\WsmRes.dll
+ 2011-09-06 07:22 . 2009-10-09 21:35 13824 c:\windows\system32\wsmprovhost.exe
+ 2011-09-06 07:22 . 2009-10-09 21:35 13312 c:\windows\system32\wsmplpxy.dll
+ 2011-09-06 07:22 . 2009-10-09 21:34 13312 c:\windows\system32\winrssrv.dll
+ 2011-09-06 07:22 . 2009-10-09 21:35 24064 c:\windows\system32\winrshost.exe
+ 2011-09-06 07:22 . 2009-10-09 21:35 51200 c:\windows\system32\winrs.exe
+ 2011-09-06 07:22 . 2009-10-09 21:36 28672 c:\windows\system32\WindowsPowerShell\v1.0\pwrshsip.dll
+ 2011-09-06 07:22 . 2009-10-09 21:36 20480 c:\windows\system32\WindowsPowerShell\v1.0\PSEvents.dll
+ 2011-09-06 07:22 . 2009-10-09 21:34 84992 c:\windows\system32\wecapi.dll
- 2008-01-21 02:48 . 2008-01-21 02:48 84992 c:\windows\system32\wecapi.dll
+ 2008-01-21 02:23 . 2011-09-06 08:07 64572 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-09-07 13:28 95718 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-20 00:24 . 2011-09-07 13:28 12978 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1951622309-515094514-3259427095-1000_UserData.bin
+ 2011-09-06 04:28 . 2010-09-06 15:59 12288 c:\windows\system32\sscore.dll
- 2006-11-02 09:27 . 2006-11-02 11:19 12288 c:\windows\system32\sscore.dll
+ 2011-09-06 07:22 . 2009-10-09 21:36 53760 c:\windows\system32\pwrshplugin.dll
+ 2011-09-06 04:28 . 2010-09-06 15:57 17920 c:\windows\system32\netevent.dll
- 2009-09-29 02:54 . 2009-08-14 17:29 17920 c:\windows\system32\netevent.dll
- 2010-09-01 23:17 . 2009-03-08 11:37 96768 c:\windows\system32\mshtmled.dll
+ 2011-09-06 05:15 . 2011-05-28 06:24 96768 c:\windows\system32\mshtmled.dll
+ 2011-09-06 05:15 . 2011-05-28 04:52 12288 c:\windows\system32\msfeedssync.exe
- 2010-09-01 23:21 . 2010-06-26 04:46 12288 c:\windows\system32\msfeedssync.exe
+ 2011-09-06 05:15 . 2011-05-28 06:24 71680 c:\windows\system32\msfeedsbs.dll
- 2010-09-01 23:21 . 2010-06-26 06:26 71680 c:\windows\system32\msfeedsbs.dll
- 2010-09-01 23:21 . 2010-06-26 06:30 93184 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-09-06 05:15 . 2011-05-28 06:28 93184 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-09-06 05:15 . 2011-05-28 06:24 56832 c:\windows\system32\licmgr10.dll
+ 2011-09-06 04:40 . 2011-02-27 15:53 20880 c:\windows\system32\kdusb.dll
+ 2011-09-06 04:40 . 2011-02-27 15:53 18320 c:\windows\system32\kdcom.dll
+ 2011-09-06 04:40 . 2011-02-27 15:53 18832 c:\windows\system32\kd1394.dll
- 2010-09-01 23:21 . 2010-06-26 06:26 31744 c:\windows\system32\jsproxy.dll
+ 2011-09-06 05:15 . 2011-05-28 06:23 31744 c:\windows\system32\jsproxy.dll
- 2010-09-01 23:21 . 2010-06-26 06:25 77312 c:\windows\system32\iesetup.dll
+ 2011-09-06 05:15 . 2011-05-28 06:23 77312 c:\windows\system32\iesetup.dll
- 2010-09-01 23:21 . 2010-06-26 06:25 72192 c:\windows\system32\iernonce.dll
+ 2011-09-06 05:15 . 2011-05-28 06:23 72192 c:\windows\system32\iernonce.dll
- 2010-09-01 23:21 . 2010-06-26 04:47 70656 c:\windows\system32\ie4uinit.exe
+ 2011-09-06 05:15 . 2011-05-28 04:53 70656 c:\windows\system32\ie4uinit.exe
+ 2011-09-06 04:15 . 2010-06-16 15:52 96256 c:\windows\system32\fontsub.dll
- 2010-01-13 21:04 . 2009-10-19 15:19 96256 c:\windows\system32\fontsub.dll
+ 2011-09-06 04:14 . 2009-05-04 10:38 28672 c:\windows\system32\dnscacheugc.exe
- 2008-01-21 02:48 . 2008-01-21 02:48 28672 c:\windows\system32\dnscacheugc.exe
- 2008-01-21 02:49 . 2008-01-21 02:49 85504 c:\windows\system32\csrsrv.dll
+ 2011-09-06 04:15 . 2011-04-20 15:11 85504 c:\windows\system32\csrsrv.dll
+ 2011-09-06 04:40 . 2010-10-18 14:25 87552 c:\windows\system32\consent.exe
- 2008-01-21 02:48 . 2008-01-21 02:48 87552 c:\windows\system32\consent.exe
- 2009-01-20 00:20 . 2011-09-05 13:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-20 00:20 . 2011-09-07 18:43 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-20 00:20 . 2011-09-07 18:43 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-20 00:20 . 2011-09-05 13:09 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-20 00:20 . 2011-09-05 13:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-20 00:20 . 2011-09-07 18:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-06 04:15 . 2011-02-16 15:36 48128 c:\windows\system32\atmlib.dll
- 2010-06-24 01:07 . 2010-05-26 16:53 48128 c:\windows\system32\atmlib.dll
+ 2009-12-22 20:56 . 2011-09-07 13:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-22 20:56 . 2011-09-05 14:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-22 20:56 . 2011-09-07 13:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-22 20:56 . 2011-09-05 14:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-13 02:16 . 2011-04-13 02:16 67920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
- 2010-03-18 18:27 . 2010-03-18 18:27 67920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
+ 2011-09-06 07:04 . 2010-09-23 13:33 42320 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
- 2010-06-28 04:15 . 2010-03-29 12:04 42320 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
+ 2011-04-12 19:11 . 2011-04-12 19:11 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
- 2010-03-18 17:16 . 2010-03-18 17:16 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2011-09-06 07:04 . 2010-09-23 13:32 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2010-06-28 04:15 . 2010-03-29 11:57 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2010-06-28 04:11 . 2010-06-28 04:11 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2010-06-28 04:11 . 2010-06-28 04:11 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2010-06-28 04:11 . 2010-06-28 04:11 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2010-06-28 04:11 . 2010-06-28 04:11 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2010-06-28 04:11 . 2010-06-28 04:11 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-06-28 04:09 . 2010-06-28 04:09 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2010-06-28 04:09 . 2010-06-28 04:09 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-06-28 04:09 . 2010-06-28 04:09 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-06-28 04:09 . 2010-06-28 04:09 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-06-28 04:09 . 2010-06-28 04:09 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-09-06 07:15 . 2011-09-06 07:15 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-06-28 04:07 . 2010-06-28 04:07 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-09-06 07:15 . 2011-09-06 07:15 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-28 04:08 . 2010-06-28 04:08 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-28 04:03 . 2010-06-28 04:03 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2011-09-06 07:40 . 2011-09-06 07:40 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2010-08-19 21:38 . 2010-08-19 21:38 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-09-06 07:40 . 2011-09-06 07:40 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-06-05 07:01 . 2010-09-14 00:13 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-05 07:01 . 2011-09-06 07:35 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2008-12-30 09:49 . 2011-09-06 07:27 25214 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
- 2008-12-30 09:49 . 2010-08-19 21:49 25214 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
+ 2007-11-28 10:31 . 2007-11-28 10:31 14176 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F839_WkImgL90.dll
+ 2011-09-06 07:27 . 2011-09-06 07:27 42496 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\e7db9562ecd26271bb6ceac7026ea333\System.Windows.Presentation.ni.dll
+ 2011-09-06 07:27 . 2011-09-06 07:27 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\e0fc9c42b2d28edebc1dd2c67c5c94a7\System.Web.ApplicationServices.ni.dll
+ 2011-09-06 07:24 . 2011-09-06 07:24 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\32d3441efb46d802cdc65de502f28e3b\System.AddIn.Contract.ni.dll
+ 2011-09-06 07:20 . 2011-09-06 07:20 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\512c12c2af578c00e8655b0ec2a92102\Microsoft.VisualC.ni.dll
+ 2011-09-06 07:19 . 2011-09-06 07:19 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\4a82ab8680409c1dc5a55e26742e8900\dfsvc.ni.exe
+ 2011-09-06 07:19 . 2011-09-06 07:19 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\b1136d0eb9ce963a7675b0d6cd7c4c4e\Accessibility.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\4cd8ba75f60cf8dc66767b833520241e\UIAutomationProvider.ni.dll
+ 2011-09-06 07:32 . 2011-09-06 07:32 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\3261cf5aa8c44f49ea44e995bb1c798c\System.Windows.Presentation.ni.dll
+ 2011-09-06 07:32 . 2011-09-06 07:32 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\8f37e1ebcb6a993092f8701f4f0bff4e\System.Web.ApplicationServices.ni.dll
+ 2011-09-06 07:32 . 2011-09-06 07:32 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f43eab6f117c2733cc296f11e8ebe9ed\System.ServiceModel.Channels.ni.dll
+ 2011-09-06 07:30 . 2011-09-06 07:30 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\a1cbada42bb39fc34ee40e9e4afba87e\System.AddIn.Contract.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\2bdbd057211d05a088b7a9004203e58b\Microsoft.VisualC.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\0c39314a7513b436d3aaaeae3b4bd3e7\Accessibility.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\2b9be262e16a861cafa762d26efc9fa5\System.Windows.Presentation.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\c37158c88441b343e4694d9c39e18010\System.Web.DynamicData.Design.ni.dll
+ 2011-09-06 08:22 . 2011-09-06 08:22 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\d6b11376da4c1c21b3bc92583a9865c9\PresentationFontCache.ni.exe
+ 2011-09-06 08:15 . 2011-09-06 08:15 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\23533f3f41088f4ce6cef94413dac4cf\PresentationCFFRasterizer.ni.dll
+ 2011-09-06 08:15 . 2011-09-06 08:15 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\3850aad4de8715d6e942ed4a41d05438\Microsoft.WSMan.Runtime.ni.dll
+ 2011-09-06 08:13 . 2011-09-06 08:13 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\1a478052db299fb3f5835538afdcf11b\Microsoft.VisualC.ni.dll
+ 2011-09-06 08:21 . 2011-09-06 08:21 62464 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtCOM\5d79b56ed44e41836f4260b1f00bd3d3\ehiExtCOM.ni.dll
+ 2011-09-06 08:21 . 2011-09-06 08:21 62976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtCOM\e737b9b9c002ea9537c14726620d3a87\ehExtCOM.ni.dll
+ 2011-09-06 08:20 . 2011-09-06 08:20 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\23dc239e684cc8332b7568900443e670\dfsvc.ni.exe
+ 2011-09-06 08:12 . 2011-09-06 08:12 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\95cb6753db8e527ed7baa92c10d700a8\Accessibility.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\d09db0b63eebecde215e959274a13fa8\WindowsLiveWriter.ni.exe
+ 2011-09-06 08:16 . 2011-09-06 08:16 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c701e9a2d3a138ff8c787176c789bd1f\WindowsLive.Writer.Api.ni.dll
+ 2011-09-06 08:09 . 2011-09-06 08:09 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\39aaf5e542a400fd37fe649caae4c765\UIAutomationProvider.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\7f8b57a4fa9c382ec7a57bcc105bc19d\System.Windows.Presentation.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\42c8d2b38f57e2278a6c76ec05137d9d\System.Web.DynamicData.Design.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\0a634470f7cd83df4250122bdd609fa2\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\1b4b43fd69c0b2a97444f9e2a28eaf79\System.AddIn.Contract.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\a60a218fcc38ca1990e11641045b9954\PresentationFontCache.ni.exe
+ 2011-09-06 08:09 . 2011-09-06 08:09 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\9c1f311fb7ef2289684f4845f680e42b\PresentationCFFRasterizer.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\4619ed05f4b27e188f0574c17f07b508\napcrypt.ni.dll
+ 2011-09-06 08:10 . 2011-09-06 08:10 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\0c1eba3ddcfb4b772d3571a9307c9d9d\Microsoft.WSMan.Runtime.ni.dll
+ 2011-09-06 08:08 . 2011-09-06 08:08 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\3cf5ee08f27bdaf5e835385477f9a7ad\Microsoft.Vsa.ni.dll
+ 2011-09-06 08:08 . 2011-09-06 08:08 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\0f76d7f447c8d8a970591081504bbc0e\Microsoft.VisualC.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\dc409b69ee3f26aa39cca294949cd4e2\Microsoft.Build.Framework.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c982094431e83a0d72094d2656993155\Microsoft.Build.Framework.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 57856 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\88901807bb81e702a4239f0d4247dd85\ehiUserXp.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\82d1552d74572b946c594e98d79fa7a2\dfsvc.ni.exe
+ 2011-09-06 08:08 . 2011-09-06 08:08 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bc78764e2649bd53edc5c9884efba391\Accessibility.ni.dll
+ 2011-09-06 07:23 . 2009-10-12 21:55 13824 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
+ 2011-09-06 07:22 . 2009-10-09 21:39 69632 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
+ 2011-09-06 07:22 . 2009-10-12 21:55 16896 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.Resources.dll
+ 2011-09-06 07:22 . 2009-10-12 21:55 40960 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Gpowershell.resources.dll
+ 2011-09-06 07:22 . 2009-10-12 21:55 69632 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Editor.Resources.dll
+ 2011-09-06 07:22 . 2009-10-12 21:55 40960 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
+ 2011-09-06 07:22 . 2009-10-12 21:55 49152 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dll
+ 2011-09-06 07:22 . 2009-10-12 21:55 36864 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dll
+ 2011-09-06 07:22 . 2009-10-12 21:55 10752 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.resources.dll
+ 2011-09-06 07:22 . 2009-10-09 21:39 57344 c:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll
+ 2011-09-06 07:22 . 2009-10-09 21:56 2048 c:\windows\SysWOW64\winrsmgr.dll
+ 2011-09-06 07:22 . 2009-10-09 21:56 2048 c:\windows\SysWOW64\WindowsPowerShell\v1.0\pwrshmsg.dll
+ 2011-09-06 07:22 . 2009-10-12 21:59 4096 c:\windows\SysWOW64\WindowsPowerShell\v1.0\en-US\powershell_ise.resources.dll
- 2010-05-25 18:50 . 2010-04-23 13:55 2048 c:\windows\SysWOW64\tzres.dll
+ 2011-09-06 04:15 . 2010-10-28 12:56 2048 c:\windows\SysWOW64\tzres.dll
+ 2011-09-06 04:28 . 2010-09-06 16:24 9728 c:\windows\SysWOW64\sscore.dll
- 2006-11-02 12:13 . 2006-11-02 09:46 9728 c:\windows\SysWOW64\sscore.dll
+ 2011-09-06 07:22 . 2009-10-09 21:35 2048 c:\windows\system32\winrsmgr.dll
+ 2011-09-06 07:22 . 2009-10-09 21:36 2048 c:\windows\system32\WindowsPowerShell\v1.0\pwrshmsg.dll
+ 2011-09-06 07:22 . 2009-10-12 21:55 4096 c:\windows\system32\WindowsPowerShell\v1.0\en-US\powershell_ise.resources.dll
+ 2011-09-06 04:15 . 2010-10-28 13:17 2048 c:\windows\system32\tzres.dll
- 2010-05-25 18:50 . 2010-04-23 14:24 2048 c:\windows\system32\tzres.dll
- 2011-09-05 14:22 . 2011-09-05 14:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-07 13:22 . 2011-09-07 13:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-07 13:22 . 2011-09-07 13:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-05 14:22 . 2011-09-05 14:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-06 07:29 . 2011-09-06 07:29 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\cec5dc6db7419a80bba3f9d73833fb65\dfsvc.ni.exe
+ 2011-09-06 07:23 . 2009-10-09 21:39 7168 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
+ 2011-09-06 07:22 . 2009-10-12 21:55 9216 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
+ 2011-09-06 07:22 . 2009-10-12 21:55 7168 c:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.resources.dll
+ 2011-09-06 07:22 . 2009-10-09 21:56 214016 c:\windows\SysWOW64\WsmWmiPl.dll
+ 2011-09-06 07:22 . 2009-10-09 21:56 145408 c:\windows\SysWOW64\WsmAuto.dll
+ 2011-09-06 07:22 . 2009-10-09 21:55 252416 c:\windows\SysWOW64\WSManMigrationPlugin.dll
+ 2011-09-06 07:22 . 2009-10-09 21:56 246272 c:\windows\SysWOW64\WSManHTTPConfig.exe
- 2008-01-21 02:52 . 2008-01-21 02:52 866816 c:\windows\SysWOW64\wmpmde.dll
+ 2011-09-06 04:14 . 2010-08-20 15:21 866816 c:\windows\SysWOW64\wmpmde.dll
+ 2011-09-06 07:22 . 2009-10-09 21:56 241152 c:\windows\SysWOW64\winrscmd.dll
+ 2011-09-06 07:22 . 2009-08-01 06:27 201184 c:\windows\SysWOW64\winrm.vbs
+ 2011-09-06 05:15 . 2011-05-28 06:08 916480 c:\windows\SysWOW64\wininet.dll
- 2010-09-01 23:21 . 2010-06-26 06:05 916480 c:\windows\SysWOW64\wininet.dll
+ 2011-09-06 07:22 . 2009-10-09 21:57 154112 c:\windows\SysWOW64\WindowsPowerShell\v1.0\pspluginwkr.dll
+ 2011-09-06 07:22 . 2009-10-09 21:57 204800 c:\windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe
+ 2011-09-06 07:22 . 2009-10-09 21:56 448000 c:\windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
+ 2011-09-06 07:22 . 2009-10-09 21:57 112640 c:\windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll
+ 2011-09-06 07:22 . 2009-07-16 17:22 126976 c:\windows\SysWOW64\WindowsPowerShell\v1.0\CompiledComposition.Microsoft.PowerShell.GPowerShell.dll
- 2008-01-21 02:49 . 2008-01-21 02:49 357376 c:\windows\SysWOW64\taskschd.dll
+ 2011-09-06 04:14 . 2010-11-06 11:10 357376 c:\windows\SysWOW64\taskschd.dll
+ 2011-09-06 04:14 . 2010-11-05 00:53 171520 c:\windows\SysWOW64\taskeng.exe
+ 2011-09-06 04:14 . 2010-11-06 11:10 270336 c:\windows\SysWOW64\taskcomp.dll
- 2008-01-21 02:50 . 2008-01-21 02:50 270336 c:\windows\SysWOW64\taskcomp.dll
+ 2011-09-06 04:40 . 2009-07-10 12:21 247808 c:\windows\SysWOW64\shsvcs.dll
- 2008-01-21 02:50 . 2008-01-21 02:50 351744 c:\windows\SysWOW64\shlwapi.dll
+ 2011-09-06 04:41 . 2011-01-21 15:46 351744 c:\windows\SysWOW64\shlwapi.dll
+ 2011-09-06 04:28 . 2010-12-29 17:41 153088 c:\windows\SysWOW64\sbeio.dll
- 2008-01-21 02:47 . 2008-01-21 02:47 153088 c:\windows\SysWOW64\sbeio.dll
+ 2011-09-06 04:28 . 2010-12-29 17:41 323072 c:\windows\SysWOW64\sbe.dll
+ 2011-09-06 04:41 . 2010-12-28 14:57 409600 c:\windows\SysWOW64\odbc32.dll
- 2008-01-21 02:50 . 2008-01-21 02:50 409600 c:\windows\SysWOW64\odbc32.dll
- 2010-09-01 23:21 . 2010-06-26 06:04 206848 c:\windows\SysWOW64\occache.dll
+ 2011-09-06 05:15 . 2011-05-28 06:07 206848 c:\windows\SysWOW64\occache.dll
- 2008-01-21 02:48 . 2008-01-21 02:48 677888 c:\windows\SysWOW64\mstsc.exe
+ 2011-09-06 04:40 . 2010-12-17 15:06 677888 c:\windows\SysWOW64\mstsc.exe
- 2010-09-01 23:21 . 2010-06-26 06:03 611840 c:\windows\SysWOW64\mstime.dll
+ 2011-09-06 05:15 . 2011-05-28 06:05 611840 c:\windows\SysWOW64\mstime.dll
+ 2011-09-06 05:15 . 2011-05-28 06:04 602112 c:\windows\SysWOW64\msfeeds.dll
+ 2011-09-06 04:48 . 2011-04-12 14:56 857600 c:\windows\SysWOW64\kernel32.dll
+ 2011-09-06 04:42 . 2011-02-17 06:19 726528 c:\windows\SysWOW64\jscript.dll
- 2010-09-02 21:08 . 2009-12-04 07:19 726528 c:\windows\SysWOW64\jscript.dll
- 2010-09-01 23:21 . 2010-06-26 04:25 133632 c:\windows\SysWOW64\ieUnatt.exe
+ 2011-09-06 05:15 . 2011-05-28 04:33 133632 c:\windows\SysWOW64\ieUnatt.exe
+ 2011-09-06 05:15 . 2011-05-28 06:04 164352 c:\windows\SysWOW64\ieui.dll
- 2010-09-01 23:21 . 2010-06-26 06:02 164352 c:\windows\SysWOW64\ieui.dll
- 2010-09-01 23:21 . 2010-06-26 06:02 109056 c:\windows\SysWOW64\iesysprep.dll
+ 2011-09-06 05:15 . 2011-05-28 06:04 109056 c:\windows\SysWOW64\iesysprep.dll
+ 2011-09-06 05:15 . 2011-05-28 06:04 184320 c:\windows\SysWOW64\iepeers.dll
- 2010-09-01 23:21 . 2010-06-26 06:02 184320 c:\windows\SysWOW64\iepeers.dll
- 2010-09-01 23:21 . 2010-06-26 06:02 387584 c:\windows\SysWOW64\iedkcs32.dll
+ 2011-09-06 05:15 . 2011-05-28 06:03 387584 c:\windows\SysWOW64\iedkcs32.dll
+ 2011-09-06 05:15 . 2011-05-28 04:32 173568 c:\windows\SysWOW64\ie4uinit.exe
+ 2011-09-06 04:28 . 2010-12-29 17:41 429056 c:\windows\SysWOW64\EncDec.dll
+ 2011-09-06 04:14 . 2011-03-02 14:49 167936 c:\windows\SysWOW64\dnsapi.dll
- 2008-01-21 03:20 . 2011-09-05 01:14 983040 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2011-09-07 03:16 983040 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-06 04:15 . 2011-02-16 13:24 292864 c:\windows\SysWOW64\atmfd.dll
+ 2011-09-06 07:22 . 2009-10-09 21:35 310272 c:\windows\system32\WsmWmiPl.dll
+ 2011-09-06 07:22 . 2009-10-09 21:34 180736 c:\windows\system32\WsmAuto.dll
+ 2011-09-06 07:22 . 2009-10-09 21:34 352768 c:\windows\system32\WSManMigrationPlugin.dll
+ 2011-09-06 07:22 . 2009-10-09 21:34 348672 c:\windows\system32\WSManHTTPConfig.exe
+ 2011-09-06 04:14 . 2010-11-06 04:35 499712 c:\windows\system32\wmicmiplugin.dll
- 2008-01-21 02:49 . 2008-01-21 02:49 450048 c:\windows\system32\winsrv.dll
+ 2011-09-06 04:15 . 2011-04-20 15:16 450048 c:\windows\system32\winsrv.dll
+ 2011-09-06 07:22 . 2009-10-09 21:34 370688 c:\windows\system32\winrscmd.dll
+ 2011-09-06 07:22 . 2009-08-01 06:27 201184 c:\windows\system32\winrm.vbs
+ 2011-09-06 04:40 . 2011-02-27 15:53 979344 c:\windows\system32\winresume.exe
+ 2011-09-06 07:22 . 2009-10-09 21:39 173056 c:\windows\system32\WindowsPowerShell\v1.0\pspluginwkr.dll
+ 2011-09-06 07:22 . 2009-10-09 21:39 200704 c:\windows\system32\WindowsPowerShell\v1.0\powershell_ise.exe
+ 2011-09-06 07:22 . 2009-10-09 21:36 463872 c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe
+ 2011-09-06 07:22 . 2009-10-09 21:39 115200 c:\windows\system32\WindowsPowerShell\v1.0\Modules\BitsTransfer\Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll
+ 2011-09-06 07:22 . 2009-07-16 17:22 126976 c:\windows\system32\WindowsPowerShell\v1.0\CompiledComposition.Microsoft.PowerShell.GPowerShell.dll
+ 2011-09-06 07:22 . 2009-10-09 21:34 113152 c:\windows\system32\wevtfwd.dll
+ 2011-09-06 07:22 . 2009-10-09 21:34 113152 c:\windows\system32\wecutil.exe
+ 2011-09-06 07:22 . 2009-10-09 21:34 232960 c:\windows\system32\wecsvc.dll
+ 2011-09-06 04:14 . 2010-11-06 04:35 655872 c:\windows\system32\taskschd.dll
- 2008-01-21 02:49 . 2008-01-21 02:49 655872 c:\windows\system32\taskschd.dll
+ 2011-09-06 04:14 . 2010-11-04 21:16 267776 c:\windows\system32\taskeng.exe
+ 2011-09-06 04:14 . 2010-11-06 04:35 410112 c:\windows\system32\taskcomp.dll
+ 2011-09-06 04:28 . 2010-09-06 15:59 179712 c:\windows\system32\srvsvc.dll
- 2008-01-21 02:50 . 2008-01-21 02:50 301568 c:\windows\system32\shsvcs.dll
+ 2011-09-06 04:40 . 2009-07-10 12:37 301568 c:\windows\system32\shsvcs.dll
- 2008-01-21 02:49 . 2008-01-21 02:49 454144 c:\windows\system32\shlwapi.dll
+ 2011-09-06 04:41 . 2011-01-21 15:57 454144 c:\windows\system32\shlwapi.dll
+ 2011-09-06 04:14 . 2010-11-06 04:35 854528 c:\windows\system32\schedsvc.dll
+ 2011-09-06 04:28 . 2010-12-29 17:53 210944 c:\windows\system32\sbeio.dll
- 2008-01-21 02:47 . 2008-01-21 02:47 210944 c:\windows\system32\sbeio.dll
+ 2011-09-06 04:28 . 2010-12-29 17:53 416768 c:\windows\system32\sbe.dll
- 2008-01-21 02:47 . 2008-01-21 02:47 416768 c:\windows\system32\sbe.dll
- 2006-11-02 12:46 . 2011-09-05 03:51 604502 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-09-06 07:15 604502 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-09-05 03:51 104170 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2011-09-06 07:15 104170 c:\windows\system32\perfc009.dat
+ 2011-09-06 04:41 . 2010-12-28 15:26 462848 c:\windows\system32\odbc32.dll
- 2010-09-01 23:21 . 2010-06-26 06:28 243712 c:\windows\system32\occache.dll
+ 2011-09-06 05:15 . 2011-05-28 06:26 243712 c:\windows\system32\occache.dll
- 2008-01-21 02:50 . 2008-01-21 02:50 730624 c:\windows\system32\mstsc.exe
+ 2011-09-06 04:40 . 2010-12-17 15:35 730624 c:\windows\system32\mstsc.exe
+ 2011-09-06 05:15 . 2011-05-28 06:24 710656 c:\windows\system32\msfeeds.dll
+ 2009-10-17 20:11 . 2011-05-24 23:14 270720 c:\windows\system32\MpSigStub.exe
- 2010-09-02 21:08 . 2009-12-04 07:30 817664 c:\windows\system32\jscript.dll
+ 2011-09-06 04:42 . 2011-02-17 07:15 817664 c:\windows\system32\jscript.dll
+ 2011-09-06 05:15 . 2011-05-28 04:53 162816 c:\windows\system32\ieUnatt.exe
- 2010-09-01 23:21 . 2010-06-26 04:47 162816 c:\windows\system32\ieUnatt.exe
- 2010-09-01 23:21 . 2010-06-26 06:25 219136 c:\windows\system32\ieui.dll
+ 2011-09-06 05:15 . 2011-05-28 06:23 219136 c:\windows\system32\ieui.dll
+ 2011-09-06 05:15 . 2011-05-28 06:23 132096 c:\windows\system32\iesysprep.dll
- 2010-09-01 23:21 . 2010-06-26 06:25 132096 c:\windows\system32\iesysprep.dll
- 2010-09-01 23:21 . 2010-06-26 06:25 252416 c:\windows\system32\iepeers.dll
+ 2011-09-06 05:15 . 2011-05-28 06:23 252416 c:\windows\system32\iepeers.dll
- 2010-09-01 23:21 . 2010-06-26 06:25 459776 c:\windows\system32\iedkcs32.dll
+ 2011-09-06 05:15 . 2011-05-28 06:23 459776 c:\windows\system32\iedkcs32.dll
+ 2006-11-02 15:21 . 2011-09-06 08:01 283000 c:\windows\system32\FNTCACHE.DAT
- 2006-11-02 15:21 . 2011-09-04 00:49 283000 c:\windows\system32\FNTCACHE.DAT
+ 2011-09-06 04:28 . 2010-12-29 17:53 560128 c:\windows\system32\EncDec.dll
+ 2011-09-06 04:14 . 2011-03-02 15:10 117760 c:\windows\system32\dnsrslvr.dll
- 2008-01-21 02:48 . 2008-01-21 02:48 117760 c:\windows\system32\dnsrslvr.dll
+ 2011-09-06 04:14 . 2011-03-02 15:10 221184 c:\windows\system32\dnsapi.dll
+ 2010-09-01 23:41 . 2011-09-06 12:38 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-09-01 23:41 . 2010-10-03 18:13 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-09-06 04:40 . 2011-02-27 15:53 979344 c:\windows\system32\Boot\winresume.exe
+ 2011-09-06 04:15 . 2011-02-16 13:44 367616 c:\windows\system32\atmfd.dll
- 2010-03-18 18:27 . 2010-03-18 18:27 597832 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll
+ 2011-04-13 02:16 . 2011-04-13 02:16 597832 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll
- 2010-06-28 04:15 . 2010-03-29 12:04 743760 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll
+ 2011-09-06 07:04 . 2010-09-23 13:34 743760 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll
- 2010-08-19 21:35 . 2010-05-19 11:36 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
+ 2011-09-06 07:35 . 2011-03-29 10:55 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
- 2010-03-18 17:16 . 2010-03-18 17:16 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
- 2010-03-18 17:16 . 2010-03-18 17:16 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
- 2010-03-18 17:16 . 2010-03-18 17:16 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
- 2010-06-28 04:15 . 2010-03-29 11:57 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2011-09-06 07:04 . 2010-09-23 13:32 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2010-08-19 21:35 . 2010-05-19 11:31 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-09-06 07:35 . 2011-03-29 10:55 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-09-06 07:35 . 2011-03-29 10:54 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-09-06 07:35 . 2011-03-29 10:54 989528 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2010-06-28 04:11 . 2010-06-28 04:11 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2010-06-28 04:11 . 2010-06-28 04:11 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2010-06-28 04:09 . 2010-06-28 04:09 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-06-28 04:09 . 2010-06-28 04:09 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2010-06-28 04:09 . 2010-06-28 04:09 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-06-28 04:09 . 2010-06-28 04:09 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-06-28 04:09 . 2010-06-28 04:09 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2010-06-28 04:09 . 2010-06-28 04:09 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2010-06-28 04:09 . 2010-06-28 04:09 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2010-06-28 04:11 . 2010-06-28 04:11 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2010-06-28 04:11 . 2010-06-28 04:11 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2010-06-28 04:11 . 2010-06-28 04:11 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2010-06-28 04:11 . 2010-06-28 04:11 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2010-06-28 04:11 . 2010-06-28 04:11 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2010-06-28 04:11 . 2010-06-28 04:11 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-06-28 04:09 . 2010-06-28 04:09 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2010-06-28 04:09 . 2010-06-28 04:09 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-06-28 04:09 . 2010-06-28 04:09 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-06-28 04:09 . 2010-06-28 04:09 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-06-28 04:09 . 2010-06-28 04:09 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2010-06-28 04:09 . 2010-06-28 04:09 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-09-06 07:15 . 2011-09-06 07:15 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-06-28 04:09 . 2010-06-28 04:09 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-09-06 07:15 . 2011-09-06 07:15 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2010-06-28 04:08 . 2010-06-28 04:08 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-09-06 07:15 . 2011-09-06 07:15 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-06-28 04:08 . 2010-06-28 04:08 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-09-06 07:15 . 2011-09-06 07:15 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-09-06 07:15 . 2011-09-06 07:15 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2010-06-28 04:08 . 2010-06-28 04:08 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-09-06 07:03 . 2011-09-06 07:03 467456 c:\windows\Installer\11df443.msi
+ 2011-09-06 07:02 . 2011-09-06 07:02 488448 c:\windows\Installer\11df438.msi
+ 2008-12-30 09:49 . 2011-09-06 07:27 693600 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe
- 2008-12-30 09:49 . 2010-08-19 21:49 693600 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe
+ 2008-12-30 09:49 . 2011-09-06 07:27 947552 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe
- 2008-12-30 09:49 . 2010-08-19 21:49 947552 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe
- 2008-12-30 09:49 . 2010-08-19 21:49 709984 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe
+ 2008-12-30 09:49 . 2011-09-06 07:27 709984 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe
+ 2007-11-28 10:33 . 2007-11-28 10:33 132448 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F22623_WkImg90.dll
+ 2011-09-07 13:27 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\07-09-2011\ERDNT.EXE
+ 2011-09-07 02:18 . 2005-10-20 16:02 163328 c:\windows\ERDNT\06-09-2011\ERDNT.EXE
+ 2011-09-06 07:28 . 2011-09-06 07:28 322048 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\67701a0afb40872303a50c673387ba22\WindowsFormsIntegration.ni.dll
+ 2011-09-06 07:23 . 2011-09-06 07:23 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\21b0a1645439e2c615a317dc4cca191d\UIAutomationTypes.ni.dll
+ 2011-09-06 07:23 . 2011-09-06 07:23 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\792559a31b651ec7c2d5da9847961736\UIAutomationProvider.ni.dll
+ 2011-09-06 07:28 . 2011-09-06 07:28 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\550c47e15879f39fed79e4eb1c2195db\UIAutomationClient.ni.dll
+ 2011-09-06 07:22 . 2011-09-06 07:22 525824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\0a0a776f67e84c2da967ac111c5df164\System.Xml.Linq.ni.dll
+ 2011-09-06 07:23 . 2011-09-06 07:23 254976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\cf8c22d4266e070a299c02d2850ef818\System.Windows.Input.Manipulations.ni.dll
+ 2011-09-06 07:23 . 2011-09-06 07:23 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\4b6a7186f6c401b66d1be535e7d6104a\System.Transactions.ni.dll
+ 2011-09-06 07:27 . 2011-09-06 07:27 280576 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\a829cc80ca5acc2da26bd8ea918e1a4e\System.ServiceProcess.ni.dll
+ 2011-09-06 07:27 . 2011-09-06 07:27 107520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\5381d639b68e4fcd1233df4aaa8fc9be\System.ServiceModel.Channels.ni.dll
+ 2011-09-06 07:27 . 2011-09-06 07:27 507904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\23cddffe6a749acdc1cf2bbf7ea2470c\System.ServiceModel.Routing.ni.dll
+ 2011-09-06 07:20 . 2011-09-06 07:20 939520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\82566fadb4cce4b082e9d8be861cb407\System.Security.ni.dll
+ 2011-09-06 07:23 . 2011-09-06 07:23 376320 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\93ee99e5061f73f7e0d64e28e72acdd8\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-09-06 07:23 . 2011-09-06 07:23 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\7706bf7b15e5f41daf680bf00fb3040b\System.Runtime.Remoting.ni.dll
+ 2011-09-06 07:20 . 2011-09-06 07:20 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\97a9eaf09596eebab9ed3e17546ae804\System.Numerics.ni.dll
+ 2011-09-06 07:26 . 2011-09-06 07:26 930304 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\92ffc2dd1a4c2ea95b472a26e774a835\System.Net.ni.dll
+ 2011-09-06 07:26 . 2011-09-06 07:26 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\b8de5567948f35962ddf7122752ff04d\System.Messaging.ni.dll
+ 2011-09-06 07:26 . 2011-09-06 07:26 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\b131749bfb98ce8ec9b87ce2841afe60\System.Management.Instrumentation.ni.dll
+ 2011-09-06 07:26 . 2011-09-06 07:26 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\0fe92ebf0087c98840e99d37480711c0\System.IO.Log.ni.dll
+ 2011-09-06 07:26 . 2011-09-06 07:26 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\4b0079c9d88b51955f53d52f6b7f3e5a\System.IdentityModel.Selectors.ni.dll
+ 2011-09-06 07:23 . 2011-09-06 07:23 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\c22b41c9c0a31a087d16689ac0889607\System.EnterpriseServices.Wrapper.dll
+ 2011-09-06 07:20 . 2011-09-06 07:20 511488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\77f9d335a1781905c342869dbf6220c6\System.Dynamic.ni.dll
+ 2011-09-06 07:26 . 2011-09-06 07:26 628736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\82362eb90e580c5b2afc3150c69d784f\System.DirectoryServices.Protocols.ni.dll
+ 2011-09-06 07:26 . 2011-09-06 07:26 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\342afec9aa4ee8a572a0cd8da6833a5c\System.Device.ni.dll
+ 2011-09-06 07:25 . 2011-09-06 07:25 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\bf4f62e5c39821ee6225ed92dae486ed\System.Data.DataSetExtensions.ni.dll
+ 2011-09-06 07:25 . 2011-09-06 07:25 181248 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\ad9d61d394a46e9f9590b0a9f0fa0ad5\System.Configuration.Install.ni.dll
+ 2011-09-06 07:25 . 2011-09-06 07:25 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\693ee2ff660f89258326be91758da220\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-09-06 07:24 . 2011-09-06 07:24 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\5f08af7480608daceecfec057280efac\System.AddIn.ni.dll
+ 2011-09-06 07:24 . 2011-09-06 07:24 553472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\4afbca9170450994db0228341d24c42d\System.Activities.DurableInstancing.ni.dll
+ 2011-09-06 07:19 . 2011-09-06 07:19 430080 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\a6cc942cdc5c454b6d707f346946ff02\SMSvcHost.ni.exe
+ 2011-09-06 07:22 . 2011-09-06 07:22 184832 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\991bb9aedef58467529703e0c83af2de\SMDiagnostics.ni.dll
+ 2011-09-06 07:22 . 2011-09-06 07:22 745984 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\fdac975a3fac325ee1cb3961bbc11acf\PresentationFramework.Luna.ni.dll
+ 2011-09-06 07:22 . 2011-09-06 07:22 331264 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\e5e71b03b631939f951c85fb1cddab68\PresentationFramework.Classic.ni.dll
+ 2011-09-06 07:22 . 2011-09-06 07:22 555520 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\7028852deef01a6e4e4636db5e12e09b\PresentationFramework.Aero.ni.dll
+ 2011-09-06 07:22 . 2011-09-06 07:22 387584 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\1354d301871cb639ab1b885c626f1ffe\PresentationFramework.Royale.ni.dll
+ 2011-09-06 07:20 . 2011-09-06 07:20 289280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\4b317a05ca805ec83dc598f4a28a3cf8\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-09-06 07:20 . 2011-09-06 07:20 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\54d05db00d011c7d8e34613a76156a27\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-09-06 07:19 . 2011-09-06 07:19 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\4f99fd1b2d217c9950b0e7c053b9e906\CustomMarshalers.ni.dll
+ 2011-09-06 07:32 . 2011-09-06 07:32 252416 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\97a1f8a5a83114e0cea11549602e8e72\WindowsFormsIntegration.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\7297158168dfc68b1b96bf6b0f56b093\UIAutomationTypes.ni.dll
+ 2011-09-06 07:32 . 2011-09-06 07:32 482816 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\acc81364b5b1d54918a55f0ae0fbc043\UIAutomationClient.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\ff20e15edfa14ce628b0502173347062\System.Xml.Linq.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 188928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\40e165d670da20b9911cf7f15db916d2\System.Windows.Input.Manipulations.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\0df91adfb9c0e51b7b967d61e8151b78\System.Transactions.ni.dll
+ 2011-09-06 07:32 . 2011-09-06 07:32 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\840f9b4d51622f9f29888aae168a196c\System.ServiceProcess.ni.dll
+ 2011-09-06 07:32 . 2011-09-06 07:32 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8e99e3e3b47a1b63e678271947a72e22\System.ServiceModel.Routing.ni.dll
+ 2011-09-06 07:18 . 2011-09-06 07:18 729088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\cbb93497a3dddc9ab32316cc54dfb16a\System.Security.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\a31a4045963913a3228777af311f4428\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 762368 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8985ef7c12df01b25c53bd80f7103819\System.Runtime.Remoting.ni.dll
+ 2011-09-06 07:17 . 2011-09-06 07:17 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\6bff4a4db9703b01e7495f5f9e0f2baf\System.Numerics.ni.dll
+ 2011-09-06 07:31 . 2011-09-06 07:31 653312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\ce945fe046c7c152d4785fe24c22eee9\System.Net.ni.dll
+ 2011-09-06 07:31 . 2011-09-06 07:31 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\f07d8a06ff89e9c2db9f2ad73e88d421\System.Messaging.ni.dll
+ 2011-09-06 07:31 . 2011-09-06 07:31 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\ec65b7f29e6d9c27cad0bb4f6199701f\System.Management.Instrumentation.ni.dll
+ 2011-09-06 07:31 . 2011-09-06 07:31 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\5e1621afee65228e6dc7fbc9fb35f091\System.IO.Log.ni.dll
+ 2011-09-06 07:31 . 2011-09-06 07:31 229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\1f10456671d393187b6e2511155b8cd6\System.IdentityModel.Selectors.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\401ca9defa4213be5372532a2754d50d\System.EnterpriseServices.Wrapper.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\401ca9defa4213be5372532a2754d50d\System.EnterpriseServices.ni.dll
+ 2011-09-06 07:18 . 2011-09-06 07:18 377344 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\c87031ba66d6a1809ac68142397eeddf\System.Dynamic.ni.dll
+ 2011-09-06 07:31 . 2011-09-06 07:31 468992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\f75ffd1a51b56e5171335277ca7d2ead\System.DirectoryServices.Protocols.ni.dll
+ 2011-09-06 07:31 . 2011-09-06 07:31 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\448b1912c09fe3be836533e1c04332ce\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-09-06 07:31 . 2011-09-06 07:31 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\a8f34f6b7fc87869ea63c0a5a45e4106\System.Device.ni.dll
+ 2011-09-06 07:30 . 2011-09-06 07:30 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\8e8d0552f18365e5f57fe20cf3aebcbb\System.Data.DataSetExtensions.ni.dll
+ 2011-09-06 07:18 . 2011-09-06 07:18 980480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\618e6d3cd8824d6d72ae1767acaa1078\System.Configuration.ni.dll
+ 2011-09-06 07:30 . 2011-09-06 07:30 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\1f12624743789147c54a5c70b34e47b7\System.Configuration.Install.ni.dll
+ 2011-09-06 07:30 . 2011-09-06 07:30 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\4ce4ff836715d7e822200dd340ce8c32\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-09-06 07:18 . 2011-09-06 07:18 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\15f169fe8bb8f4cf564093b812c46959\System.ComponentModel.Composition.ni.dll
+ 2011-09-06 07:30 . 2011-09-06 07:30 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\285ebbd21d182235113a348c951afd12\System.AddIn.ni.dll
+ 2011-09-06 07:30 . 2011-09-06 07:30 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\4a37977779bc648b11b8c333bfc1c2b8\System.Activities.DurableInstancing.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\7190f7e40c8095e13f45e40b1709671f\SMSvcHost.ni.exe
+ 2011-09-06 07:29 . 2011-09-06 07:29 142848 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\b028b6680f5a3b315320a5bf7b659518\SMDiagnostics.ni.dll
+ 2011-09-06 07:18 . 2011-09-06 07:18 450560 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b61b31d1f518e9663fc204e7de21215a\PresentationFramework.Aero.ni.dll
+ 2011-09-06 07:18 . 2011-09-06 07:18 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a348b36756a7be813df69750717dd563\PresentationFramework.Luna.ni.dll
+ 2011-09-06 07:18 . 2011-09-06 07:18 327680 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9c37ac442a730e335146d5a82c52ed39\PresentationFramework.Royale.ni.dll
+ 2011-09-06 07:18 . 2011-09-06 07:18 284160 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7da6438d5b963b85283a2b793e60aadf\PresentationFramework.Classic.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\a26d5665e589bdc7f46544a94cf49338\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\23c48b3a578d71fd90e8d8db8e7d6b37\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\dcc2883f0bbf0909874059fe9768016b\CustomMarshalers.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\040e5a61efd4ae0c27356e477c646e01\WsatConfig.ni.exe
+ 2011-09-06 08:23 . 2011-09-06 08:23 328704 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\fb537223df584b45e3594c9c84bf79cb\WindowsFormsIntegration.ni.dll
+ 2011-09-06 08:19 . 2011-09-06 08:19 472576 c:\windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\be6bdac46858ce3210cb162f544cdde7\VistaBridgeLibrary.ni.dll
+ 2011-09-06 08:19 . 2011-09-06 08:19 736256 c:\windows\assembly\NativeImages_v2.0.50727_64\VDialog\d7c8fdd599347f33edb67a5b278be20b\VDialog.ni.dll
+ 2011-09-06 08:15 . 2011-09-06 08:15 257024 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\463829368316c67e9a75721e44567dc7\UIAutomationTypes.ni.dll
+ 2011-09-06 08:15 . 2011-09-06 08:15 120320 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\b47a88fc45c4d366a429bf9f40a9381e\UIAutomationProvider.ni.dll
+ 2011-09-06 08:15 . 2011-09-06 08:15 648704 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\9bc4dc33f6b765f412e135f1f1e0d008\UIAutomationClient.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 290304 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\2af36f111077814b6258b1903f2fcc0a\TaskScheduler.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\0270ea0f1c45aaf4902d6a2d18559352\System.Xml.Linq.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\3b25b656829458a3ca42a2f64ec5fbcf\System.Web.Routing.ni.dll
+ 2011-09-06 08:13 . 2011-09-06 08:13 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\98c9140dbea90b5206661473c381a2f5\System.Web.RegularExpressions.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\b03174fb825aee6939d0f30ecacd53b1\System.Web.Entity.ni.dll
+ 2011-09-06 07:34 . 2011-09-06 07:34 449536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\1ec453ae05113ed1d5f50993cb673705\System.Web.Entity.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\10b32e4b3838a51e3c30b5b59fdca34c\System.Web.Entity.Design.ni.dll
+ 2011-09-06 07:34 . 2011-09-06 07:34 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\05ba4f0ad94a0032460a9f1c85c647fe\System.Web.Entity.Design.ni.dll
+ 2011-09-06 07:34 . 2011-09-06 07:34 754176 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\3027d5033687998bdc7f38e4e14689a3\System.Web.DynamicData.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\11d50e94be3fb03d31d2c70aaa6edc7d\System.Web.DynamicData.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\126510504b0c4d084ed13efb82fc5a39\System.Web.Abstractions.ni.dll
+ 2011-09-06 08:12 . 2011-09-06 08:12 921600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\3aacc625d1b2018da97ff55928dd5e2d\System.Transactions.ni.dll
+ 2011-09-06 08:13 . 2011-09-06 08:13 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\86492365fc3624a56c9e3b726aaf8417\System.ServiceProcess.ni.dll
+ 2011-09-06 08:11 . 2011-09-06 08:11 928768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\04e18cc20c17715a86ed6075a7e2df54\System.Security.ni.dll
+ 2011-09-06 08:11 . 2011-09-06 08:11 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\3fa6dce362ae8c95594f1350b298a4a8\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 911872 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\b88180bfb540ab40d274eb00030c20f9\System.Net.ni.dll
+ 2011-09-06 08:20 . 2011-09-06 08:20 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\1e6c4213cfc9848908277236218e4e78\System.Messaging.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\5866b88c8c46166e626c9d6d6c92d588\System.Management.Instrumentation.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 569856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\4e4059e410124c8af8d532de7ef71ced\System.IO.Log.ni.dll
+ 2011-09-06 08:20 . 2011-09-06 08:20 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\b66aa3c6b103fa41daf495ccab69b6e9\System.IdentityModel.Selectors.ni.dll
+ 2011-09-06 08:12 . 2011-09-06 08:12 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\3efbf2010da7efb492fe76187451e54c\System.EnterpriseServices.Wrapper.dll
+ 2011-09-06 08:13 . 2011-09-06 08:13 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\8c1c7690421cc23510050eead17add42\System.Drawing.Design.ni.dll
+ 2011-09-06 08:13 . 2011-09-06 08:13 649728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\12235ca66cec08cbfb498972878f095e\System.DirectoryServices.Protocols.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 493056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\ad2829386d82aa15decad245dab440c1\System.Data.Services.Design.ni.dll
+ 2011-09-06 08:22 . 2011-09-06 08:22 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\6db4f9cfd5a00ca7581fad5b8da6c8c5\System.Data.DataSetExtensions.ni.dll
+ 2011-09-06 08:11 . 2011-09-06 08:11 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\78c1c46c7d5a76af1443658c0ed6f146\System.Configuration.Install.ni.dll
+ 2011-09-06 08:22 . 2011-09-06 08:22 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\d3b8dc3927db6b94b44de4c7d6937569\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-09-06 08:22 . 2011-09-06 08:22 889344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\50f5c911847973bb003477e46e9daffe\System.AddIn.ni.dll
+ 2011-09-06 08:22 . 2011-09-06 08:22 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\898614b58d7c6a6c49745085b25b5875\System.AddIn.Contract.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\d43cb93da538ee0f7511df2a32dc61c8\sysglobl.ni.dll
+ 2011-09-06 08:22 . 2011-09-06 08:22 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\69d58e48c15ea6eea6626f923cd5becb\SMSvcHost.ni.exe
+ 2011-09-06 08:20 . 2011-09-06 08:20 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\3ee18a87503ce4ae56bda1e3d8c03382\SMDiagnostics.ni.dll
+ 2011-09-06 08:22 . 2011-09-06 08:22 438784 c:\windows\assembly\NativeImages_v2.0.50727_64\ServiceModelReg\f96a357bfc3ac0854eaf2539b301dc62\ServiceModelReg.ni.exe
+ 2011-09-06 08:15 . 2011-09-06 08:15 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\9f11e87a94fdb43b77973d2af7445b6d\PresentationFramework.Aero.ni.dll
+ 2011-09-06 08:15 . 2011-09-06 08:15 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\731842187f33cdaddb7af22854d7fe09\PresentationFramework.Luna.ni.dll
+ 2011-09-06 08:15 . 2011-09-06 08:15 279040 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\5c80a1aaa5863df3599e63d0d67c9a43\PresentationFramework.Classic.ni.dll
+ 2011-09-06 08:15 . 2011-09-06 08:15 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\29ef938b45ad8b6b9ca6d81df987b08d\PresentationFramework.Royale.ni.dll
+ 2011-09-06 08:22 . 2011-09-06 08:22 852992 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\b22242c10295d5d1b824e7116cebdefb\napsnap.ni.dll
+ 2011-09-06 08:22 . 2011-09-06 08:22 154624 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\20c8d4ec1d0e3e6d2deb901eeaaa11aa\napinit.ni.dll
+ 2011-09-06 08:22 . 2011-09-06 08:22 177152 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\3df3918b302488b6c9c4da64e2b87b3a\naphlpr.ni.dll
+ 2011-09-06 08:22 . 2011-09-06 08:22 126464 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\4e2cd843c4633d2070041e684f72ca84\napcrypt.ni.dll
+ 2011-09-06 08:19 . 2011-09-06 08:19 388096 c:\windows\assembly\NativeImages_v2.0.50727_64\MyDock.Util\a28d8feebff51bf48bf3eba2b9a9eed4\MyDock.Util.ni.dll
+ 2011-09-06 08:19 . 2011-09-06 08:19 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\5a9e16c0aca98c6c85c043982fbac4ea\MSBuild.ni.exe
+ 2011-09-06 08:21 . 2011-09-06 08:21 412160 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\297d654a0355680fb714e24126ef8785\MMCFxCommon.ni.dll
+ 2011-09-06 08:15 . 2011-09-06 08:15 657920 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\d29de08c4148776b1c3f128cda78a9e0\Microsoft.WSMan.Management.ni.dll
+ 2011-09-06 08:13 . 2011-09-06 08:13 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\d1ed8d7fbb6c20e9ca43833cabff9d91\Microsoft.Vsa.ni.dll
+ 2011-09-06 08:22 . 2011-09-06 08:22 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\18edee3db6091aeffdfa2eb54842b3f2\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-09-06 08:15 . 2011-09-06 08:15 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\f810b11d71591cc87b46449e74717fb6\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-09-06 08:15 . 2011-09-06 08:15 224768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a029dcbcb446a97d0e8b5d7427d8b40b\Microsoft.PowerShell.Security.ni.dll
+ 2011-09-06 08:13 . 2011-09-06 08:13 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\9a8b945a0b68cb753b594e97dc949750\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-09-06 08:13 . 2011-09-06 08:13 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6fd65be34e84ab5e4e917a0b6935f95c\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-09-06 08:21 . 2011-09-06 08:21 933376 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\d3ce4a139b9fa6b54acaf3e992f60a09\Microsoft.MediaCenter.ni.dll
+ 2011-09-06 08:21 . 2011-09-06 08:21 946688 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\96a5b7e3f00983c1465512c4766b89ac\Microsoft.MediaCenter.Sports.ni.dll
+ 2011-09-06 08:21 . 2011-09-06 08:21 325120 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\336d7be008503febe081bc102afd365f\Microsoft.MediaCenter.Shell.ni.dll
+ 2011-09-06 08:21 . 2011-09-06 08:21 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\af4ab12fd69bd806d04867970dcbdf60\Microsoft.ManagementConsole.ni.dll
+ 2011-09-06 08:22 . 2011-09-06 08:22 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\62b246d6ab0eac48dba525eaaa33e97a\Microsoft.Build.Utilities.ni.dll
+ 2011-09-06 08:22 . 2011-09-06 08:22 228864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\3c4b401306c25c958b461e0778cecff0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-09-06 08:19 . 2011-09-06 08:19 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\c64966784b03f2866d3940e5d75c8b1c\Microsoft.Build.Framework.ni.dll
+ 2011-09-06 08:22 . 2011-09-06 08:22 121344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\3b0290bcb98afac0c400befe5f491156\Microsoft.Build.Framework.ni.dll
+ 2011-09-06 08:22 . 2011-09-06 08:22 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\6489fbe03268b4505db0fb11e32f1b4c\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-09-06 08:21 . 2011-09-06 08:21 372224 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\b530c90e934e0de478f10b4c31207056\Mcx2Dvcs.ni.dll
+ 2011-09-06 08:21 . 2011-09-06 08:21 370688 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\f9152935f3d6585109797095c6c1e8a6\mcupdate.ni.exe
+ 2011-09-06 08:21 . 2011-09-06 08:21 328704 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\542474d020d48bac37c0206e2053f53b\mcstoredb.ni.dll
+ 2011-09-06 08:21 . 2011-09-06 08:21 891392 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\703d022616812fd8a405a316f937a1da\mcstore.ni.dll
+ 2011-09-06 08:21 . 2011-09-06 08:21 108032 c:\windows\assembly\NativeImages_v2.0.50727_64\loadmxf\4a998417651324d179ef42f47c62ca93\loadmxf.ni.exe
+ 2011-09-06 08:21 . 2011-09-06 08:21 645120 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\ef7e8d94b6e3faf2189a6809b84b2fd8\EventViewer.ni.dll
+ 2011-09-06 08:21 . 2011-09-06 08:21 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\1cef50250c301db2fd99d290fdf29b59\ehiWUapi.ni.dll
+ 2011-09-06 08:21 . 2011-09-06 08:21 927232 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\81069fb0ff96a8b62c43018d3cd4bca2\ehiwmp.ni.dll
+ 2011-09-06 08:21 . 2011-09-06 08:21 139264 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\1179287992ee1ff9c7513a0f44c499ef\ehiUserXp.ni.dll
+ 2011-09-06 08:21 . 2011-09-06 08:21 151040 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiReplay\996bfb86ea5dc0e99c3bc4c5c5e20604\ehiReplay.ni.dll
+ 2011-09-06 08:21 . 2011-09-06 08:21 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\fcda9e39f97eaee1bdf63e06da90b642\ehiExtens.ni.dll
+ 2011-09-06 08:21 . 2011-09-06 08:21 369152 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\ba6cd877c9fbfa2f03a306ff45d6f6d0\ehExtHost.ni.exe
+ 2011-09-06 08:21 . 2011-09-06 08:21 409600 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepgdat\6737779d525367d493d7ccef8f6f4717\ehepgdat.ni.dll
+ 2011-09-06 08:20 . 2011-09-06 08:20 311808 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\291d54931d51ae1cb43f776992bb9471\ehCIR.ni.dll
+ 2011-09-06 08:20 . 2011-09-06 08:20 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\ef63b638457b3b36eb2d3292cc2d099b\CustomMarshalers.ni.dll
+ 2011-09-06 08:19 . 2011-09-06 08:19 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\dc25abb0d9e4c8311307680733358913\ComSvcConfig.ni.exe
+ 2011-09-06 08:19 . 2011-09-06 08:19 568320 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\72b2a25ac7957d35997b2f038459b83f\BDATunePIA.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\6d033c0fb394084aa70a1b25a811ad39\WsatConfig.ni.exe
+ 2011-09-06 08:16 . 2011-09-06 08:16 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\849fbe4b89c51ad0c942fe282018db36\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ebc4c875e396b266fc17a70fcb84d8e6\WindowsLive.Writer.Instrumentation.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c08736e5cc6976f6b773d2d3a007f5ea\WindowsLive.Writer.Interop.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b7b1bfc678a17c36a2e5a06f9c68ba61\WindowsLive.Writer.BrowserControl.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a97e3c7888044fa243826ef97a12ac35\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9dda37efc73fba28cafa43208b3b19f9\WindowsLive.Writer.SpellChecker.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8e1e1291ec4459171bfd2ff7cc821171\WindowsLive.Writer.Localization.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\876297826ff06b8c4b3c2a06c29b541e\WindowsLive.Writer.Passport.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6e1c489ee82750471b0d421c1883064b\WindowsLive.Writer.HtmlParser.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6c5e4e154fa90468732554368acabb0e\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6881422033fd5cd9f115fa087265b51d\WindowsLive.Writer.Extensibility.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 258560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\421fa5919e19eb3446223b0e09373757\WindowsLive.Writer.Mshtml.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\325d5012722f588b1111f154a2506323\WindowsLive.Writer.FileDestinations.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\24489f27906a1d3f1ed9e03e80bc0cdd\WindowsLive.Writer.BlogClient.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2042b226070884439a2b779ede83d8c9\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0a6f0abca145559ab4f72ffb0a4d449a\WindowsLive.Writer.Controls.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\ae8ea7bcced90181b764323171d1abf0\WindowsLive.Client.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6486e28542f70db47aa2092b245530f0\WindowsFormsIntegration.ni.dll
+ 2011-09-06 08:09 . 2011-09-06 08:09 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\81eadc19aa44103dd2dc3ff1f636bbb4\UIAutomationTypes.ni.dll
+ 2011-09-06 08:09 . 2011-09-06 08:09 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\81ebddbbf0a62587afc02ddb9c2bc7e2\UIAutomationClient.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\c32eba8cd92b52dcbffeb897a6b6813c\TaskScheduler.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\59ef15ccbe841d6b91b7e2696c1ac118\System.Xml.Linq.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\824ef94ecd977ebfe24c1628efeff4bb\System.Web.Routing.ni.dll
+ 2011-09-06 08:08 . 2011-09-06 08:08 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\1b7796dae54a78c02cc7153884809dbd\System.Web.RegularExpressions.ni.dll
+ 2011-09-06 07:35 . 2011-09-06 07:35 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e9b5f5ff61d07a32d61f4f383dd1186\System.Web.Extensions.Design.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\3f5382395cad6081690a389e41d7837e\System.Web.Extensions.Design.ni.dll
+ 2011-09-06 07:35 . 2011-09-06 07:35 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bd2a5c8feb4335b79e2eb1a03ae3e19c\System.Web.Entity.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\92170e427e4fba5e97fbf70b80b83336\System.Web.Entity.ni.dll
+ 2011-09-06 07:35 . 2011-09-06 07:35 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\1e5b40d4dcadb84e31a51a7ef463e5e4\System.Web.Entity.Design.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\0382d8081f07b0df74d8e348f0b63ff1\System.Web.Entity.Design.ni.dll
+ 2011-09-06 07:35 . 2011-09-06 07:35 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ee04c4f6e3433e6527ee55a5b706eaf5\System.Web.DynamicData.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ae802a29c4bb90f50d68054c30f756db\System.Web.DynamicData.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1c845df66eb0af23a347fb9885de9a59\System.Web.Abstractions.ni.dll
+ 2011-09-06 08:08 . 2011-09-06 08:08 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\97e516b3bab632bec4b612e410e1eb8c\System.Transactions.ni.dll
+ 2011-09-06 08:08 . 2011-09-06 08:08 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\834074ae55ca3450c11eebe9c274abd3\System.ServiceProcess.ni.dll
+ 2011-09-06 08:07 . 2011-09-06 08:07 680448 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\cc4784e9840ec08af7a0ed8e0d93196c\System.Security.ni.dll
+ 2011-09-06 08:07 . 2011-09-06 08:07 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d8407c9e46ba1174c92a6627514031d0\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-09-06 08:08 . 2011-09-06 08:08 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\dee800943eedfcd6120a7b56f0887fb0\System.Runtime.Remoting.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\1d1eabb36f8e42757d04a6eefd7c5f73\System.Net.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\126067d01dea726ae85cc5597a9fdc5e\System.Messaging.ni.dll
+ 2011-09-06 08:08 . 2011-09-06 08:08 997888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\18f2261a32e4aa98d770c405554bd8d5\System.Management.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\f82adbeef76c54cc126de8dde17f62b0\System.Management.Instrumentation.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e7f40af32139a445971be7e02f789911\System.IO.Log.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\6da6bdd0a0ee3a559c4ecaa5e0ede513\System.IdentityModel.Selectors.ni.dll
+ 2011-09-06 08:08 . 2011-09-06 08:08 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\eced7229dee20612817f39d874fa9213\System.EnterpriseServices.Wrapper.dll
+ 2011-09-06 08:08 . 2011-09-06 08:08 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\eced7229dee20612817f39d874fa9213\System.EnterpriseServices.ni.dll
+ 2011-09-06 08:08 . 2011-09-06 08:08 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\871d7a4639a4a747ad5e163abbce21e8\System.Drawing.Design.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\faa1045d2c6654cc559b1969bc8a8a04\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-09-06 08:08 . 2011-09-06 08:08 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1767df349a7c247bb8464a0ff661aa2d\System.DirectoryServices.Protocols.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 356864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d0b2a825f6572c6720bd51bd6c4d8b87\System.Data.Services.Design.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 938496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\000ef869594ccf49a906d5a1cedb1df8\System.Data.Services.Client.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 756224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\629a12f5384869938086c7ef08600ea0\System.Data.Entity.Design.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\92beca051eddd5faa456b821afb56d10\System.Data.DataSetExtensions.ni.dll
+ 2011-09-06 08:07 . 2011-09-06 08:07 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f183e57f94e56ac92ee99eed8e63943d\System.Configuration.ni.dll
+ 2011-09-06 08:07 . 2011-09-06 08:07 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b4502792407e66fbbaf3967d852142df\System.Configuration.Install.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\57a9ec93159fad0f2b53851ee9813df0\System.AddIn.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\f31cc712a8d6a66715012369a7255763\sysglobl.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\81f3700dce6c300f6d5532e946cacad3\SMSvcHost.ni.exe
+ 2011-09-06 08:17 . 2011-09-06 08:17 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\26f553b1b10f3b0a42613a71f0266e52\SMDiagnostics.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\9dd6f73b206752c18ffffd51a551492b\ServiceModelReg.ni.exe
+ 2011-09-06 08:10 . 2011-09-06 08:10 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fd52c24b4bece42ae558c196b7a6d9e0\PresentationFramework.Luna.ni.dll
+ 2011-09-06 08:10 . 2011-09-06 08:10 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\73eb7512f4d1ab1f81a5296bfe094a3b\PresentationFramework.Royale.ni.dll
+ 2011-09-06 08:10 . 2011-09-06 08:10 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6b32ef69204f9725707eb8a8d358fee6\PresentationFramework.Classic.ni.dll
+ 2011-09-06 08:10 . 2011-09-06 08:10 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\19567fed292e63e5f621a3d51a928a50\PresentationFramework.Aero.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 725504 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\8970c6eb8ee045fd38c3a4bba40fd6a1\napsnap.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\b0cc90e1e20211255e00abb6f4615696\napinit.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 115712 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\003641353a25527c869f416f74372da2\naphlpr.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\b2f89b48d7497364c5784c7cdffeb1fd\MSBuild.ni.exe
+ 2011-09-06 08:17 . 2011-09-06 08:17 283648 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\07b42ecc4105f89a548d92cdd93ac359\MMCFxCommon.ni.dll
+ 2011-09-06 08:09 . 2011-09-06 08:09 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\9ad9a5cc6c50cb078e9a992986595ba6\Microsoft.WSMan.Management.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\b52b0437a1d9de716c21551d9b0f751d\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-09-06 08:08 . 2011-09-06 08:08 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\e5501fff149c20e24f8f377f3a40852a\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-09-06 08:09 . 2011-09-06 08:09 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ce946577a874219c9122e162a30f6530\Microsoft.PowerShell.Security.ni.dll
+ 2011-09-06 08:09 . 2011-09-06 08:09 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2d20dee37663f304bc060d5646d4a95c\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-09-06 08:09 . 2011-09-06 08:09 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\0f61016457ed109177a2402b037aad5f\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-09-06 08:08 . 2011-09-06 08:08 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\08e5d292580ca81f41fbc05d54e57572\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 592896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\68b5b58e8831beed7aeaf6ae6299573f\Microsoft.MediaCenter.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 550912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\ba72e8da72caf531bfec2d263abc0c7e\Microsoft.ManagementConsole.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\c2de7be660c8cc4379196e6100e6bb5e\Microsoft.Build.Utilities.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\414a305916085c7ba28cba516206e438\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\825eaf3bbc89d8650c82f512f070cb0f\Microsoft.Build.Engine.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\7a470454fe27f9c11fa5270101d25400\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 543744 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\b711cfd6efbce7cac49df10177f66e9a\EventViewer.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\716bdad41b9ed3cbb03c1316eb6e2984\ehiExtens.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 242688 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\0ed79d03ab071958c4c4d47f3016f705\ehExtHost32.ni.exe
+ 2011-09-06 08:17 . 2011-09-06 08:17 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\a8997855c244e5098b2c099411add3e1\CustomMarshalers.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\cb9ef2a655a8cb4fa1558fd74adc6a87\ComSvcConfig.ni.exe
+ 2011-09-06 07:22 . 2009-10-12 21:55 253952 c:\windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.Resources.dll
+ 2011-09-06 07:22 . 2009-10-09 21:39 274432 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
+ 2011-09-06 07:22 . 2009-10-09 21:39 278528 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.dll
+ 2011-09-06 07:22 . 2009-10-09 21:39 651264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.dll
+ 2011-09-06 07:22 . 2009-10-09 21:39 991232 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Editor.dll
+ 2011-09-06 07:22 . 2009-10-09 21:39 200704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
+ 2011-09-06 07:22 . 2009-10-09 21:39 618496 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
+ 2011-09-06 07:22 . 2009-10-09 21:39 262144 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
+ 2011-09-06 07:22 . 2009-10-09 21:39 102400 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
+ 2011-09-06 12:45 . 2011-03-03 15:06 100352 c:\windows\AppPatch\AppPatch64\acspecfc.dll
- 2010-06-28 04:20 . 2010-04-16 16:35 100352 c:\windows\AppPatch\AppPatch64\acspecfc.dll
- 2010-06-28 04:20 . 2010-04-16 16:35 331776 c:\windows\AppPatch\AppPatch64\AcLayers.dll
+ 2011-09-06 12:45 . 2011-03-03 15:06 331776 c:\windows\AppPatch\AppPatch64\AcLayers.dll
- 2010-06-28 04:20 . 2010-04-16 16:35 281600 c:\windows\AppPatch\AppPatch64\AcGenral.dll
+ 2011-09-06 12:45 . 2011-03-03 15:06 281600 c:\windows\AppPatch\AppPatch64\AcGenral.dll
- 2010-06-28 04:20 . 2010-04-16 16:05 173056 c:\windows\AppPatch\AcXtrnal.dll
+ 2011-09-06 12:45 . 2011-03-03 14:56 173056 c:\windows\AppPatch\AcXtrnal.dll
- 2010-06-28 04:20 . 2010-04-16 16:05 459776 c:\windows\AppPatch\AcSpecfc.dll
+ 2011-09-06 12:45 . 2011-03-03 14:56 459776 c:\windows\AppPatch\AcSpecfc.dll
- 2010-06-28 04:20 . 2010-04-16 16:05 541696 c:\windows\AppPatch\AcLayers.dll
+ 2011-09-06 12:45 . 2011-03-03 14:56 541696 c:\windows\AppPatch\AcLayers.dll
+ 2011-09-06 07:22 . 2009-10-09 21:56 1181696 c:\windows\SysWOW64\WsmSvc.dll
+ 2011-09-06 04:41 . 2010-09-10 16:37 8147456 c:\windows\SysWOW64\wmploc.DLL
- 2009-11-22 05:13 . 2009-09-10 15:21 8147456 c:\windows\SysWOW64\wmploc.DLL
+ 2011-09-06 05:15 . 2011-05-28 06:08 1211904 c:\windows\SysWOW64\urlmon.dll
+ 2011-09-06 04:40 . 2010-12-17 16:43 2067456 c:\windows\SysWOW64\mstscax.dll
+ 2011-09-06 05:15 . 2011-05-28 06:04 5964800 c:\windows\SysWOW64\mshtml.dll
+ 2011-09-06 04:15 . 2011-03-10 16:12 1161728 c:\windows\SysWOW64\mfc42u.dll
+ 2011-09-06 04:15 . 2011-03-10 16:12 1136640 c:\windows\SysWOW64\mfc42.dll
+ 2011-09-06 05:15 . 2011-05-28 06:04 1991680 c:\windows\SysWOW64\iertutil.dll
+ 2008-01-21 03:20 . 2011-09-07 03:16 1835008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-09-05 01:14 1835008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-06 07:22 . 2009-10-09 21:36 2050048 c:\windows\system32\WsmSvc.dll
+ 2011-09-06 04:41 . 2010-09-10 15:52 8147968 c:\windows\system32\wmploc.DLL
- 2009-11-22 05:12 . 2009-09-10 15:48 8147968 c:\windows\system32\wmploc.DLL
+ 2011-09-06 04:40 . 2011-02-27 15:53 1062800 c:\windows\system32\winload.exe
- 2010-09-01 23:21 . 2010-06-26 06:30 1147904 c:\windows\system32\wininet.dll
+ 2011-09-06 05:15 . 2011-05-28 06:28 1147904 c:\windows\system32\wininet.dll
+ 2011-09-06 05:15 . 2011-05-28 06:27 1488384 c:\windows\system32\urlmon.dll
+ 2011-09-06 04:15 . 2010-12-14 16:20 1251840 c:\windows\system32\sdclt.exe
+ 2011-09-06 04:40 . 2010-12-17 17:12 2424320 c:\windows\system32\mstscax.dll
- 2010-09-01 23:21 . 2010-06-26 06:27 1062912 c:\windows\system32\mstime.dll
+ 2011-09-06 05:15 . 2011-05-28 06:25 1062912 c:\windows\system32\mstime.dll
+ 2011-09-06 05:15 . 2011-05-28 06:24 9272320 c:\windows\system32\mshtml.dll
+ 2011-09-06 04:15 . 2011-03-10 16:30 1360384 c:\windows\system32\mfc42u.dll
+ 2011-09-06 04:15 . 2011-03-10 16:30 1398784 c:\windows\system32\mfc42.dll
- 2009-04-21 23:54 . 2009-02-13 08:57 1208832 c:\windows\system32\kernel32.dll
+ 2011-09-06 04:48 . 2011-04-12 15:14 1208832 c:\windows\system32\kernel32.dll
+ 2011-09-06 05:15 . 2011-05-28 06:23 2339840 c:\windows\system32\iertutil.dll
+ 2011-09-06 04:40 . 2011-02-27 15:53 1062800 c:\windows\system32\Boot\winload.exe
- 2006-11-02 15:22 . 2010-08-20 01:30 2866045 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2006-11-02 15:22 . 2011-09-06 08:06 2866045 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2011-04-12 19:11 . 2011-04-12 19:11 5028200 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll
+ 2011-03-23 02:01 . 2011-03-23 02:01 3510600 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
+ 2011-04-13 02:16 . 2011-04-13 02:16 4967248 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
- 2010-03-18 18:27 . 2010-03-18 18:27 1453392 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll
+ 2011-04-13 02:16 . 2011-04-13 02:16 1453392 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll
+ 2011-04-13 02:16 . 2011-04-13 02:16 1513816 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll
+ 2011-04-13 02:16 . 2011-04-13 02:16 1525064 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
+ 2011-04-13 02:16 . 2011-04-13 02:16 9800008 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
- 2009-08-08 15:56 . 2008-07-27 18:01 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
+ 2011-09-06 07:35 . 2011-03-29 10:55 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
- 2010-06-28 04:15 . 2010-03-29 12:04 5251072 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll
+ 2011-09-06 07:04 . 2010-09-23 13:33 5251072 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll
+ 2011-09-06 07:02 . 2011-01-19 10:50 3182592 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
- 2010-06-28 04:15 . 2010-03-29 12:04 3182592 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2011-09-06 07:35 . 2011-03-29 10:54 9992528 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
- 2010-08-19 21:35 . 2010-05-19 11:36 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
+ 2011-09-06 07:35 . 2011-03-29 10:54 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
+ 2011-09-06 07:35 . 2011-03-29 10:54 1576784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
+ 2011-09-06 07:35 . 2011-03-29 10:54 1755480 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 5028200 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2011-03-23 02:01 . 2011-03-23 02:01 3510600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 1142104 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2011-09-06 07:35 . 2011-03-29 10:55 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2009-08-08 15:56 . 2008-07-27 18:03 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-09-06 07:04 . 2010-09-23 13:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2010-06-28 04:15 . 2010-03-29 11:57 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-09-06 07:02 . 2011-01-19 10:48 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2010-06-28 04:15 . 2010-03-29 11:57 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-09-06 07:35 . 2011-03-29 10:54 5924176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-09-06 07:35 . 2011-03-29 10:54 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2010-08-19 21:35 . 2010-05-19 11:38 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2010-06-28 04:11 . 2010-06-28 04:11 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2010-06-28 04:11 . 2010-06-28 04:11 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 3111768 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-06-28 04:09 . 2010-06-28 04:09 3111768 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 3453792 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 3453792 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-06-28 04:10 . 2010-06-28 04:10 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-09-06 07:16 . 2011-09-06 07:16 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2010-06-28 04:08 . 2010-06-28 04:08 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-09-06 07:15 . 2011-09-06 07:15 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-06-28 04:09 . 2010-06-28 04:09 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-09-06 07:15 . 2011-09-06 07:15 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-09-06 07:15 . 2011-09-06 07:15 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-09-06 07:15 . 2011-09-06 07:15 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2010-06-28 04:08 . 2010-06-28 04:08 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-04-29 16:28 . 2011-04-29 16:28 1995264 c:\windows\Installer\11df4b8.msp
+ 2010-08-13 22:02 . 2010-08-13 22:02 2545664 c:\windows\Installer\11df4a4.msp
+ 2010-09-24 01:13 . 2010-09-24 01:13 1484800 c:\windows\Installer\11df49b.msp
+ 2010-11-24 14:51 . 2010-11-24 14:51 2190336 c:\windows\Installer\11df493.msp
+ 2011-04-29 16:33 . 2011-04-29 16:33 8173568 c:\windows\Installer\11df482.msp
+ 2011-03-18 00:01 . 2011-03-18 00:01 9563648 c:\windows\Installer\11df472.msp
+ 2011-03-25 13:16 . 2011-03-25 13:16 5135872 c:\windows\Installer\11df454.msp
+ 2010-11-21 03:33 . 2010-11-21 03:33 1980928 c:\windows\Installer\11df44b.msp
+ 2011-04-29 16:30 . 2011-04-29 16:30 1197056 c:\windows\Installer\11df42a.msp
+ 2008-12-30 09:49 . 2011-09-06 07:27 1099104 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe
- 2008-12-30 09:49 . 2010-08-19 21:49 1099104 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe
- 2008-12-30 09:49 . 2010-08-19 21:49 1242464 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe
+ 2008-12-30 09:49 . 2011-09-06 07:27 1242464 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe
+ 2011-09-07 13:27 . 2011-09-07 13:27 6746112 c:\windows\ERDNT\AutoBackup\07-09-2011\Users\00000002\UsrClass.dat
+ 2011-09-07 13:27 . 2011-09-07 13:27 2936832 c:\windows\ERDNT\AutoBackup\07-09-2011\Users\00000001\ntuser.dat
+ 2011-09-07 02:18 . 2011-09-07 02:18 6746112 c:\windows\ERDNT\06-09-2011\Users\00000002\UsrClass.dat
+ 2011-09-07 02:18 . 2011-09-07 02:18 2936832 c:\windows\ERDNT\06-09-2011\Users\00000001\ntuser.dat
+ 2011-09-06 07:20 . 2011-09-06 07:20 5176320 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\b85182fc8cb6b68aa8d5895b2dcf50fb\WindowsBase.ni.dll
+ 2011-09-06 07:28 . 2011-09-06 07:28 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\fc0f6caeac4b62e4453a981e8dd9e992\UIAutomationClientsideProviders.ni.dll
+ 2011-09-06 07:20 . 2011-09-06 07:20 7038976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\40018241d849ad878f76dcbb22d5fc12\System.Xml.ni.dll
+ 2011-09-06 07:22 . 2011-09-06 07:22 2447360 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\3cb1b81e1d90af2a7cc6bd2d4e41fd9e\System.Xaml.ni.dll
+ 2011-09-06 07:27 . 2011-09-06 07:27 5627392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\9d393c8287d436c1ea11ef2ca2a755ac\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-09-06 07:27 . 2011-09-06 07:27 2222592 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\ed8b807859c169bbb7543c43baa3c46f\System.Web.Services.ni.dll
+ 2011-09-06 07:27 . 2011-09-06 07:27 2733568 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\a129d574137f4829ef3a6eacee64094d\System.Speech.ni.dll
+ 2011-09-06 07:27 . 2011-09-06 07:27 1904640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\8db9c29aee38fc9934549ad6bf59f0d3\System.ServiceModel.Activities.ni.dll
+ 2011-09-06 07:27 . 2011-09-06 07:27 1561600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\0e6ba2c11ddf0405b6c7066a345f7f15\System.ServiceModel.Discovery.ni.dll
+ 2011-09-06 07:22 . 2011-09-06 07:22 3404288 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\11a7b044d8ed163b690a74486484e08f\System.Runtime.Serialization.ni.dll
+ 2011-09-06 07:23 . 2011-09-06 07:23 1346560 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\abf0cf0b488e39c97d961cd40978e514\System.Runtime.DurableInstancing.ni.dll
+ 2011-09-06 07:24 . 2011-09-06 07:24 1422336 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\cbff165d2eee7f23b284f6830fd267c2\System.Printing.ni.dll
+ 2011-09-06 07:26 . 2011-09-06 07:26 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\2b81b61ad1b36207e49962f22658d6ef\System.Management.ni.dll
+ 2011-09-06 07:26 . 2011-09-06 07:26 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\f192d95372b472643187607ef7a55117\System.IdentityModel.ni.dll
+ 2011-09-06 07:23 . 2011-09-06 07:23 1096704 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\c22b41c9c0a31a087d16689ac0889607\System.EnterpriseServices.ni.dll
+ 2011-09-06 07:22 . 2011-09-06 07:22 2290688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\0d248e7219f87d2a3853f8a1d425965a\System.Drawing.ni.dll
+ 2011-09-06 07:23 . 2011-09-06 07:23 1622016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\49467224883b56bb7f006c307dbfeb65\System.DirectoryServices.ni.dll
+ 2011-09-06 07:26 . 2011-09-06 07:26 1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\2637c192d310b158dd6d00dbfe8a49f0\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-09-06 07:23 . 2011-09-06 07:23 2400256 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\991208daf29872f43e6684f5c6f100e3\System.Deployment.ni.dll
+ 2011-09-06 07:23 . 2011-09-06 07:23 8580608 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\e4bc4fb58d9830daa0b8e7e031d3e2ae\System.Data.ni.dll
+ 2011-09-06 07:20 . 2011-09-06 07:20 3386880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\80c2fb68f224322ea14229a75dd4975c\System.Data.SqlXml.ni.dll
+ 2011-09-06 07:26 . 2011-09-06 07:26 1791488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\8539eeead63ef32bd938a66589c0816b\System.Data.Services.Client.ni.dll
+ 2011-09-06 07:26 . 2011-09-06 07:26 3380736 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\36b03e7d976b707f3c8eef3fbe0e469a\System.Data.Linq.ni.dll
+ 2011-09-06 07:19 . 2011-09-06 07:19 1255424 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\e06823dc3b60e2b55981f6d74ee9d9e1\System.Configuration.ni.dll
+ 2011-09-06 07:25 . 2011-09-06 07:25 1002496 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\a2ed1733acb5793b7f6e00d706e7ae1f\System.ComponentModel.Composition.ni.dll
+ 2011-09-06 07:24 . 2011-09-06 07:24 5680640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\803b90bb06cdd2834f5be8aa194c8bb5\System.Activities.ni.dll
+ 2011-09-06 07:24 . 2011-09-06 07:24 4887040 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\e2d47e53e4ca392fa98d5e23e69827a8\System.Activities.Presentation.ni.dll
+ 2011-09-06 07:24 . 2011-09-06 07:24 2005504 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\2273e9b1f9f04cf906d31ab17f24c279\System.Activities.Core.Presentation.ni.dll
+ 2011-09-06 07:24 . 2011-09-06 07:24 4127232 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\65847157601a8f77b6e9415eb38d2192\ReachFramework.ni.dll
+ 2011-09-06 07:22 . 2011-09-06 07:22 2032128 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\3275a80a6a180597640f877b30a44395\PresentationUI.ni.dll
+ 2011-09-06 07:20 . 2011-09-06 07:20 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\d719ea7ff4729771fd367b5da217e474\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-09-06 07:20 . 2011-09-06 07:20 1838080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\7ef1766458667383b1bff25baac617c4\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-09-06 07:20 . 2011-09-06 07:20 2314752 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\744d38da96091b44ff26a966425f247d\Microsoft.VisualBasic.ni.dll
+ 2011-09-06 07:20 . 2011-09-06 07:20 1510400 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\bcace9b4169e7ec28c0c73ed55df0639\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-06 07:26 . 2011-09-06 07:26 3312128 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\4351bfa190b7948085e361e0447a9eb8\Microsoft.JScript.ni.dll
+ 2011-09-06 07:19 . 2011-09-06 07:19 2009088 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\882e595affe5d439ca4bb68d671f8fb9\Microsoft.CSharp.ni.dll
+ 2011-09-06 07:18 . 2011-09-06 07:18 3798016 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\3154b66d01dcd674b256e03d5f359fac\WindowsBase.ni.dll
+ 2011-09-06 07:32 . 2011-09-06 07:32 1057792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\2b22ef03091f893f5b381514149a472b\UIAutomationClientsideProviders.ni.dll
+ 2011-09-06 07:18 . 2011-09-06 07:18 9085440 c:\windows\assembly\NativeImages_v4.0.30319_32\System\5a8bf6ab1a6ba60e7355fa4cc61fd0c5\System.ni.dll
+ 2011-09-06 07:18 . 2011-09-06 07:18 5618176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7cc17b90932adaad5651ceb526cade44\System.Xml.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 1781760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\19f85a4f6faaeb87a9055ccf23a9f8b7\System.Xaml.ni.dll
+ 2011-09-06 07:32 . 2011-09-06 07:32 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\de9ec945d6cdd90010c824320e8bc332\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-09-06 07:32 . 2011-09-06 07:32 1859584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\3e5c07211446b947b1ecb6963946320a\System.Web.Services.ni.dll
+ 2011-09-06 07:32 . 2011-09-06 07:32 2011136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\11a89b103320d603c0bfa48179c3fe1d\System.Speech.ni.dll
+ 2011-09-06 07:32 . 2011-09-06 07:32 1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e492bb75168cc53d57c2dd5e32e9911c\System.ServiceModel.Activities.ni.dll
+ 2011-09-06 07:32 . 2011-09-06 07:32 1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b66a8b2c0b8c12540831b41c92bede12\System.ServiceModel.Discovery.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 2637312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d0ce480f313eb8be9a3a4dd6d7902325\System.Runtime.Serialization.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 1020928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\b9f7f5b0b28dd57cb5400c437c388545\System.Runtime.DurableInstancing.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 1050112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\39c3d706f0fbc21443c7747f203b0b34\System.Printing.ni.dll
+ 2011-09-06 07:31 . 2011-09-06 07:31 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\76d7e84f5dca7908b45edba58bd12f48\System.Management.ni.dll
+ 2011-09-06 07:31 . 2011-09-06 07:31 1072128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\02c1363d5beb2ae5c5722bc8f6c5b77a\System.IdentityModel.ni.dll
+ 2011-09-06 07:18 . 2011-09-06 07:18 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\53591520988a6ee49924e1efc911df30\System.Drawing.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\66c88143bc4b9f4a744b6d65e2c3629a\System.DirectoryServices.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 1878016 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\03ca38b342903b50623336b29aa507c9\System.Deployment.ni.dll
+ 2011-09-06 07:18 . 2011-09-06 07:18 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\6e6f321459aa81611031cfb582e77cc6\System.Data.ni.dll
+ 2011-09-06 07:18 . 2011-09-06 07:18 2545152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\dcdaf1644fb3aabdbea894f05d55e1ba\System.Data.SqlXml.ni.dll
+ 2011-09-06 07:31 . 2011-09-06 07:31 1338880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\0e629bbc4ccd76e072189ccbc9d7903f\System.Data.Services.Client.ni.dll
+ 2011-09-06 07:18 . 2011-09-06 07:18 2512384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\b11b842599889fe730da493d0c5e1857\System.Data.Linq.ni.dll
+ 2011-09-06 07:18 . 2011-09-06 07:18 7054336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\0d4cdd1b911d6e28b4fd5c43ab39f7ea\System.Core.ni.dll
+ 2011-09-06 07:30 . 2011-09-06 07:30 4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\4d3a20f0598b5da0ebf9e505b51886b9\System.Activities.ni.dll
+ 2011-09-06 07:30 . 2011-09-06 07:30 3713024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\e4566f552e3bda84571e04a7e5d1c41f\System.Activities.Presentation.ni.dll
+ 2011-09-06 07:30 . 2011-09-06 07:30 1518080 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\236373716dcb48f5687dd6997559a425\System.Activities.Core.Presentation.ni.dll
+ 2011-09-06 07:30 . 2011-09-06 07:30 2859008 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\48530a5ad6ec27254cde667e02d3f198\ReachFramework.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 1630208 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\5dcab8576a5e02d7264bfeed28ce69b9\PresentationUI.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 1136128 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e8c36043a5faedc93716717fc5bcdb05\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\b4879bc20d7a718dcb51f0419721e5e5\Microsoft.VisualBasic.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\aff7d215dd130cd94c54784c2df60e95\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-09-06 07:29 . 2011-09-06 07:29 1082368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\156733cb276aff562e0c39d8b4fde1c6\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-06 07:31 . 2011-09-06 07:31 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\2f83c7b63b1443a26f40b9f66bec3e2a\Microsoft.JScript.ni.dll
+ 2011-09-06 07:18 . 2011-09-06 07:18 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\fcccb5e4d4bd338c678efcfa2b3e1058\Microsoft.CSharp.ni.dll
+ 2011-09-06 08:14 . 2011-09-06 08:14 4890624 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\b4bbbb449db2a3f6378e512ae7bbc940\WindowsBase.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 1461760 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\a80c84433180f7a865656d09ff356db3\UIAutomationClientsideProviders.ni.dll
+ 2011-09-06 08:11 . 2011-09-06 08:11 6948352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\3a74964410e965cb2f3c796d303bec98\System.Xml.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 1754112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\7e0d32278eabfb8e1b629a6a396d6620\System.WorkflowServices.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 2701312 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\525e3e41630ff1e5d6e85fbd23854619\System.Workflow.Runtime.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 5955584 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\3ebc119bcfbf5eda00141a04f37782c0\System.Workflow.ComponentModel.ni.dll
+ 2011-09-06 08:15 . 2011-09-06 08:15 3892736 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\f9880f45e73a1f2607b8d870d2ff7392\System.Workflow.Activities.ni.dll
+ 2011-09-06 08:13 . 2011-09-06 08:13 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\57ac9ca5cf6221ce4e540f8de753db80\System.Web.Services.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\ee6dd1910bca151936dfdf557a0014ee\System.Web.Mobile.ni.dll
+ 2011-09-06 07:35 . 2011-09-06 07:35 1154560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\b884356c1849408eb25c11b683d37b82\System.Web.Extensions.Design.ni.dll
+ 2011-09-06 07:34 . 2011-09-06 07:34 3045888 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\98341c709ad9884c25d5355dc84b3aa1\System.Web.Extensions.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\765e53baf2adf488e3940f2c43a5cf88\System.Web.Extensions.Design.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 3045888 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\67ba7c627a53a1973490e7a7c465d578\System.Web.Extensions.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\0c3951d2696a21d02739fadede0d3e67\System.Speech.ni.dll
+ 2011-09-06 07:34 . 2011-09-06 07:34 2239488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\26e7a66225f6fc516c72477f88e55e64\System.ServiceModel.Web.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 2240000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\0ad6a1d52d3d84b7d7783c389e9901a9\System.ServiceModel.Web.ni.dll
+ 2011-09-06 08:20 . 2011-09-06 08:20 3071488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\4262d15f6e3b22ccca77f79cccaf0141\System.Runtime.Serialization.ni.dll
+ 2011-09-06 08:12 . 2011-09-06 08:12 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\41ff78b57ddae25d9cbef6ac0fd86f4e\System.Runtime.Remoting.ni.dll
+ 2011-09-06 08:15 . 2011-09-06 08:15 1453568 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\15398c07612f4155f99a78d5961fbdba\System.Printing.ni.dll
+ 2011-09-06 08:13 . 2011-09-06 08:13 1408512 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\2beea553d37a7272a0ba79105d3e9918\System.Management.ni.dll
+ 2011-09-06 08:20 . 2011-09-06 08:20 1429504 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\295a01907ec8857f4e78c7f4d96405a1\System.IdentityModel.ni.dll
+ 2011-09-06 08:12 . 2011-09-06 08:12 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\3efbf2010da7efb492fe76187451e54c\System.EnterpriseServices.ni.dll
+ 2011-09-06 08:11 . 2011-09-06 08:11 2313216 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\39b107c9e90b3451bb022ec227987912\System.Drawing.ni.dll
+ 2011-09-06 08:12 . 2011-09-06 08:12 1639424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\cd39ab4decd30e214d7c138dd95abd75\System.DirectoryServices.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 1219584 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\c1883f7edd5dc140c76ba9a1536ff07c\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-09-06 08:12 . 2011-09-06 08:12 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\73129d19c4d0be3b4af1dc39b793f8b6\System.Deployment.ni.dll
+ 2011-09-06 08:13 . 2011-09-06 08:13 8609280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\e9e57c18e6e75890632c748fa8609a94\System.Data.ni.dll
+ 2011-09-06 08:11 . 2011-09-06 08:11 3463680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\55ebf8d23fcf6a7c9ea564391d94041e\System.Data.SqlXml.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 1845248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\466206308ac9de08ae6c2007e6bfce7c\System.Data.Services.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 1276928 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\c436cc83d0dea63e22d039af1d13ff1f\System.Data.Services.Client.ni.dll
+ 2011-09-06 08:13 . 2011-09-06 08:13 1505792 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\1e4ce024bcaaa1be35e3ff3f3143bfe7\System.Data.OracleClient.ni.dll
+ 2011-09-06 08:15 . 2011-09-06 08:15 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\840ce703469912262400642e7592afd3\System.Data.Linq.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 1078272 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\42a69d978c728e036ba2489ed7332cbb\System.Data.Entity.Design.ni.dll
+ 2011-09-06 08:13 . 2011-09-06 08:13 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\c050eb67aab2d4af79881c3399c51ec5\System.Core.ni.dll
+ 2011-09-06 08:11 . 2011-09-06 08:11 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\ee8fa0d0e1d74a5f0fde2417d33ac120\System.Configuration.ni.dll
+ 2011-09-06 08:15 . 2011-09-06 08:15 3081216 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\63c6eb42d791c8f723b9055b87d49da5\ReachFramework.ni.dll
+ 2011-09-06 08:15 . 2011-09-06 08:15 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\e484f63746c350986a7d05e4e71f819e\PresentationUI.ni.dll
+ 2011-09-06 08:22 . 2011-09-06 08:22 1882112 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\a3699368626e41a4576afeba65e125b1\PresentationBuildTasks.ni.dll
+ 2011-09-06 08:22 . 2011-09-06 08:22 3482112 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\867a4b250c7c3c3efbb1dedf4a93d210\Narrator.ni.exe
+ 2011-09-06 08:22 . 2011-09-06 08:22 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\5bca0cfd7a281026629737a9c88978ed\MMCEx.ni.dll
+ 2011-09-06 08:21 . 2011-09-06 08:21 7833088 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\cb5c654f49df976c2bfa5075b02b76ea\MIGUIControls.ni.dll
+ 2011-09-06 08:19 . 2011-09-06 08:19 2173952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\9c11ca78981a3007d9ba8cce6af89974\Microsoft.VisualBasic.ni.dll
+ 2011-09-06 08:20 . 2011-09-06 08:20 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\ba1673ef268513354da6eb3c43d82407\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-06 08:13 . 2011-09-06 08:13 2101760 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\f25aa47cc00c7bc7489d4a71f1c632e2\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-09-06 08:13 . 2011-09-06 08:13 1082368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\c1ee5356fc5c819b3877d7009e193b02\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-09-06 08:15 . 2011-09-06 08:15 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b878ae732865dfbf250213acba73b106\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-09-06 08:14 . 2011-09-06 08:14 5347328 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\847cc2cb1218a2defbb2d08adff50279\Microsoft.PowerShell.Editor.ni.dll
+ 2011-09-06 08:21 . 2011-09-06 08:21 7721984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\dc3e69fd9e6987e7ca2fafc7ecc7a2c7\Microsoft.MediaCenter.UI.ni.dll
+ 2011-09-06 08:13 . 2011-09-06 08:13 3213312 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\f959f40589000286b00b81ffacd1e162\Microsoft.JScript.ni.dll
+ 2011-09-06 08:22 . 2011-09-06 08:22 2357248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\ed3ffe552fa0f3dc3d90fabaa63519cb\Microsoft.Ink.ni.dll
+ 2011-09-06 08:22 . 2011-09-06 08:22 2217984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\c0c287bf73c46bb6313e350c11ff708c\Microsoft.Build.Tasks.ni.dll
+ 2011-09-06 08:22 . 2011-09-06 08:22 2576384 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\4350cfdd5cbe946ccf5f40d562c17b08\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-09-06 08:22 . 2011-09-06 08:22 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\d1a618dafb144dbacde472cf2450946a\Microsoft.Build.Engine.ni.dll
+ 2011-09-06 08:19 . 2011-09-06 08:19 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\4a63f76274ce4f0be33faf453f35f0fc\Microsoft.Build.Engine.ni.dll
+ 2011-09-06 08:21 . 2011-09-06 08:21 2413056 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\704d947f2db681cb1c6488c26cbe2dbe\ehRecObj.ni.dll
+ 2011-09-06 08:21 . 2011-09-06 08:21 1984000 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\d49bf94b514a01ffa70b89dc739e54f5\ehiVidCtl.ni.dll
+ 2011-09-06 08:20 . 2011-09-06 08:20 2885632 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\606c0923e8695c6aa7413eea3e4d610c\ehiProxy.ni.dll
+ 2011-09-06 08:21 . 2011-09-06 08:21 1039872 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiPlay\d1a53debf30edf98bbbe50c270c25e84\ehiPlay.ni.dll
+ 2011-09-06 08:20 . 2011-09-06 08:20 3039232 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepg\85cd05db927862fe24154e051487c1d3\ehepg.ni.dll
+ 2011-09-06 08:19 . 2011-09-06 08:19 3288064 c:\windows\assembly\NativeImages_v2.0.50727_64\DellDock\5ec12928ddd9ce0ac9f046036ad2ef49\DellDock.ni.exe
+ 2011-09-06 08:16 . 2011-09-06 08:16 6394368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b5d58ad8ac860a61ded7388dc1b242f1\WindowsLive.Writer.PostEditor.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5e4b15704ec8d5d3152868ba3e32bc04\WindowsLive.Writer.CoreServices.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3cbf6b48df4e8a904f46d90697ba465b\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2011-09-06 08:09 . 2011-09-06 08:09 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\5e5d55f6c78559ec0497dadf9227291b\WindowsBase.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 1050112 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\ac3d65e8b2856c78caed6431ebe85f0f\UIAutomationClientsideProviders.ni.dll
+ 2011-09-06 08:07 . 2011-09-06 08:07 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\a9288099fbc6849c6c7523745b4f64f4\System.ni.dll
+ 2011-09-06 08:07 . 2011-09-06 08:07 5451264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\59f9dfe0ea64752c07f5a59c283c163b\System.Xml.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 1316864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c6d6df55e107cb51bf089ad7a934c221\System.WorkflowServices.ni.dll
+ 2011-09-06 08:10 . 2011-09-06 08:10 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d1d2ae7cd66732e859fe12adf51c36d7\System.Workflow.Runtime.ni.dll
+ 2011-09-06 08:10 . 2011-09-06 08:10 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\3a10fdd2cac2daa21d38f79c36286a07\System.Workflow.ComponentModel.ni.dll
+ 2011-09-06 08:10 . 2011-09-06 08:10 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\810094a9fd24babda51603388e5c0550\System.Workflow.Activities.ni.dll
+ 2011-09-06 08:08 . 2011-09-06 08:08 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\51bdab63dd9dbcddbfef9c82bffdbd59\System.Web.Services.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\8869b5b476fce5d2698b6b746c5268f3\System.Web.Mobile.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1fa9ef3f86ade7fb50da0a6eb0d3703\System.Web.Extensions.ni.dll
+ 2011-09-06 07:35 . 2011-09-06 07:35 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\43bf3e0a790bcd31e88f4c22dbc3ec64\System.Web.Extensions.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\a75a545ea47360dc84b3669e06e7e7c7\System.Speech.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 1651712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\98fbf68c55cdca1c734aeb6977d2c6c1\System.ServiceModel.Web.ni.dll
+ 2011-09-06 07:35 . 2011-09-06 07:35 1651200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\275b7e3e1c1898b4abaf39071a15ad97\System.ServiceModel.Web.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\11f44ab1ea46b39bf9784e2c42e7d453\System.Runtime.Serialization.ni.dll
+ 2011-09-06 08:09 . 2011-09-06 08:09 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\2a3e8f0617a8717993431cc89d8d1c43\System.Printing.ni.dll
+ 2011-09-06 08:07 . 2011-09-06 08:07 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\1bbc1a46bf403700d64419f7541aa349\System.Management.Automation.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 1070592 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\b0c1577e3f26f6964137e97ddeafd065\System.IdentityModel.ni.dll
+ 2011-09-06 08:07 . 2011-09-06 08:07 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d1bb7213f94f2bfa67b0b560785220\System.Drawing.ni.dll
+ 2011-09-06 08:08 . 2011-09-06 08:08 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\2065a074b766d0ad69e7e99930fa3c16\System.DirectoryServices.ni.dll
+ 2011-09-06 08:08 . 2011-09-06 08:08 1800704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\d6c9d69c7bc0026e24dfc0480d9bf126\System.Deployment.ni.dll
+ 2011-09-06 08:08 . 2011-09-06 08:08 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\44da3853aa13e56f38eac7480fffd48e\System.Data.ni.dll
+ 2011-09-06 08:07 . 2011-09-06 08:07 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d0b06d668faa1896db4e73757ddff57e\System.Data.SqlXml.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\806fbd8d86e3ebe215a24ec5e2cce307\System.Data.Services.ni.dll
+ 2011-09-06 08:08 . 2011-09-06 08:08 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\f1c7b0f6102ae985d4462223c0942ac4\System.Data.OracleClient.ni.dll
+ 2011-09-06 08:10 . 2011-09-06 08:10 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\5a932820beacb9e3b00fc6cfac7ec910\System.Data.Linq.ni.dll
+ 2011-09-06 08:18 . 2011-09-06 08:18 9921536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\4821760f1abc559bca590aa14748fe19\System.Data.Entity.ni.dll
+ 2011-09-06 08:08 . 2011-09-06 08:08 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c7ffc3517a1afc1ca49337543e4ceaff\System.Core.ni.dll
+ 2011-09-06 08:09 . 2011-09-06 08:09 2129920 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\85c971a77044326570c1764fdc5492b2\ReachFramework.ni.dll
+ 2011-09-06 08:09 . 2011-09-06 08:09 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\8e127a4b7f00be35d7d69379bafeb1a7\PresentationUI.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 1451520 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\1be9b6ab476e090ecb6728dcd9273cf9\PresentationBuildTasks.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 2539008 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\a7477ec4b9d49bd01dcea7e206a702f5\Narrator.ni.exe
+ 2011-09-06 08:17 . 2011-09-06 08:17 1535488 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\edeaba1306d2ad8c463f67fc6d285e95\MMCEx.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 6339584 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\c589e7bf21d2e2d643e601d3fc6fc461\MIGUIControls.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a3ba68e5c233fbd30a1e3458165d6a4f\Microsoft.VisualBasic.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 1093632 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\790f80c3eb42ef978b890834e2830cea\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-06 08:09 . 2011-09-06 08:09 3721728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\eb2033ab2cf43d3695bbd409276f8603\Microsoft.PowerShell.Editor.ni.dll
+ 2011-09-06 08:09 . 2011-09-06 08:09 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\e5b79f1fd42b109e1dd6c0a916338d4a\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-09-06 08:09 . 2011-09-06 08:09 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\0f435cd585115a3ee22ba1ead60b6f39\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 5486080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\00007f104db7671c4cbe095659dadcb0\Microsoft.MediaCenter.UI.ni.dll
+ 2011-09-06 08:08 . 2011-09-06 08:08 2335232 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b2cb627ddde43c25710bb19e536b67db\Microsoft.JScript.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 1355776 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\b941f8965ccf0ad5b078583f976f9c3d\Microsoft.Ink.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 1620480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\4bc5b6825b19e62b95b733d0cc4f7c60\Microsoft.Build.Tasks.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 1873408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\2277ce1905e00cc831688782084dc198\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-09-06 08:16 . 2011-09-06 08:16 1778688 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6ce58ea06d2616b25b633d2b9fec3c00\Microsoft.Build.Engine.ni.dll
- 2010-06-28 04:15 . 2010-03-29 11:57 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-09-06 07:02 . 2011-01-19 10:48 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-08-08 15:56 . 2008-07-27 18:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-09-06 07:35 . 2011-03-29 10:55 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-09-06 07:32 . 2011-09-06 07:32 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2009-08-08 16:23 . 2009-08-08 16:23 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2011-09-06 07:22 . 2009-10-09 21:39 2682880 c:\windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
+ 2011-09-06 07:04 . 2010-09-23 13:33 5251072 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-06-28 04:15 . 2010-03-29 12:04 5251072 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-08-19 21:35 . 2010-05-19 11:36 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-09-06 07:35 . 2011-03-29 10:54 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-06-28 04:15 . 2010-03-29 11:57 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-09-06 07:04 . 2010-09-23 13:32 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-08-19 21:35 . 2010-05-19 11:38 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-09-06 07:35 . 2011-03-29 10:54 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-06-28 04:20 . 2010-04-16 16:05 2153984 c:\windows\AppPatch\AcGenral.dll
+ 2011-09-06 12:45 . 2011-03-03 14:56 2153984 c:\windows\AppPatch\AcGenral.dll
+ 2011-09-06 04:41 . 2010-09-10 18:18 10624512 c:\windows\SysWOW64\wmp.dll
+ 2011-09-06 04:41 . 2011-01-21 15:46 11582464 c:\windows\SysWOW64\shell32.dll
+ 2011-09-06 05:15 . 2011-05-28 06:04 11081728 c:\windows\SysWOW64\ieframe.dll
+ 2011-09-06 04:41 . 2010-09-10 17:30 13425152 c:\windows\system32\wmp.dll
+ 2006-11-02 12:33 . 2011-09-07 07:16 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2006-11-02 12:33 . 2010-09-17 00:45 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2010-08-10 02:53 . 2010-07-26 15:31 12898304 c:\windows\system32\shell32.dll
+ 2011-09-06 04:41 . 2011-01-21 15:56 12898304 c:\windows\system32\shell32.dll
+ 2006-11-02 12:35 . 2011-07-30 14:40 54065608 c:\windows\system32\mrt.exe
+ 2011-09-06 05:15 . 2011-05-28 06:23 12477440 c:\windows\system32\ieframe.dll
+ 2011-09-06 07:34 . 2011-09-06 07:34 20333056 c:\windows\Installer\11df4b0.msp
+ 2011-04-13 15:48 . 2011-04-13 15:48 35326464 c:\windows\Installer\11df46a.msp
+ 2011-09-07 02:18 . 2011-09-07 02:18 10903552 c:\windows\ERDNT\06-09-2011\schema.dat
+ 2011-09-06 07:17 . 2011-09-06 07:17 11872768 c:\windows\assembly\NativeImages_v4.0.30319_64\System\a99116941c69e4c693518d57b8c2a861\System.ni.dll
+ 2011-09-06 07:24 . 2011-09-06 07:24 17288192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\ddee14aa45752907499bd27e0d8915b4\System.Windows.Forms.ni.dll
+ 2011-09-06 07:27 . 2011-09-06 07:27 24483840 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\2dbeb0d8155771a760efb0a97f139666\System.ServiceModel.ni.dll
+ 2011-09-06 07:26 . 2011-09-06 07:26 18434048 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\5a3b90fdffe37b03bb5046c34c7ee8e3\System.Data.Entity.ni.dll
+ 2011-09-06 07:19 . 2011-09-06 07:19 10422272 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\4b36fd10cf0f43bf947b63e4cc7f0ba5\System.Core.ni.dll
+ 2011-09-06 07:22 . 2011-09-06 07:22 23242240 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\7c15f0bf45ad9ac59ffb5e225ca82f82\PresentationFramework.ni.dll
+ 2011-09-06 07:21 . 2011-09-06 07:21 15102976 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\5977bc366d13d0891536acdbdea28c67\PresentationCore.ni.dll
+ 2011-09-06 07:17 . 2011-09-06 07:17 19352064 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\086515902736035517c63126be04a3f4\mscorlib.ni.dll
+ 2011-09-06 07:18 . 2011-09-06 07:18 13137920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3e016a2e799cfe233b13d88e90c0e0b\System.Windows.Forms.ni.dll
+ 2011-09-06 07:32 . 2011-09-06 07:32 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\dc31b22f78cb510bf470f0ab5ef65816\System.ServiceModel.ni.dll
+ 2011-09-06 07:31 . 2011-09-06 07:31 13325312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\978e8514751373383f79c3fdd667aa2b\System.Data.Entity.ni.dll
+ 2011-09-06 07:18 . 2011-09-06 07:18 17671168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\2250ddb1626087da27fb00f46a679ff5\PresentationFramework.ni.dll
+ 2011-09-06 07:18 . 2011-09-06 07:18 11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\ca8307311e87b234b2faa5ee08332722\PresentationCore.ni.dll
+ 2011-09-06 07:17 . 2011-09-06 07:17 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\74353039393f68f4c068cc37f759e5be\mscorlib.ni.dll
+ 2011-09-06 08:11 . 2011-09-06 08:11 10597376 c:\windows\assembly\NativeImages_v2.0.50727_64\System\29ddd0c46d1eae39a7e27df15055c696\System.ni.dll
+ 2011-09-06 08:12 . 2011-09-06 08:12 17377792 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\ad3a9684338d4fce79f00da9d7be09f2\System.Windows.Forms.ni.dll
+ 2011-09-06 08:12 . 2011-09-06 08:12 15221248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\545a9d68cc16d0c3b7747535faf4ac20\System.Web.ni.dll
+ 2011-09-06 08:20 . 2011-09-06 08:20 23812096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\dca2760ab518fd91d4aa68080d236a7e\System.ServiceModel.ni.dll
+ 2011-09-06 08:11 . 2011-09-06 08:11 11255808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\a3bfadda935e777e6414fb9668e3fffb\System.Management.Automation.ni.dll
+ 2011-09-06 08:13 . 2011-09-06 08:13 13718016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\a7b9f8dbf729fe63754ef5f931fc50e4\System.Design.ni.dll
+ 2011-09-06 08:23 . 2011-09-06 08:23 13759488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\e086ada0b4c29e467acba00a966b90df\System.Data.Entity.ni.dll
+ 2011-09-06 08:15 . 2011-09-06 08:15 19175424 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\b3877c6a98700b12526606cb69fc194b\PresentationFramework.ni.dll
+ 2011-09-06 08:14 . 2011-09-06 08:14 16513024 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\0f823c404f164eedce2940430226b58e\PresentationCore.ni.dll
+ 2011-09-06 08:10 . 2011-09-06 08:10 15569408 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\47b0492d194b5fa253ca5545b431946b\mscorlib.ni.dll
+ 2011-09-06 08:19 . 2011-09-06 08:19 22170624 c:\windows\assembly\NativeImages_v2.0.50727_64\MenuSkinning\b82efc3def760e60522693fa9b6dc99a\MenuSkinning.ni.dll
+ 2011-09-06 08:21 . 2011-09-06 08:21 15827968 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\f465d2f262c833ac6825f51d7d170a76\ehshell.ni.dll
+ 2011-09-06 08:08 . 2011-09-06 08:08 12432896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f4fbd5c3aa0de64cce8f542b447a31a8\System.Windows.Forms.ni.dll
+ 2011-09-06 08:08 . 2011-09-06 08:08 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\f8694104e62a8182b9fbbae0e5173fcf\System.Web.ni.dll
+ 2011-09-06 08:17 . 2011-09-06 08:17 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1ffff32b2ec2e8e2d2a88104ae4748d6\System.ServiceModel.ni.dll
+ 2011-09-06 08:08 . 2011-09-06 08:08 10685952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\63ab5acaad38948b7735e0b4ca029e9a\System.Design.ni.dll
+ 2011-09-06 08:09 . 2011-09-06 08:09 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e76687b391c0306e62f4b5d75ada1c7b\PresentationFramework.ni.dll
+ 2011-09-06 08:09 . 2011-09-06 08:09 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\fb2c19218882b1abff1153a58bbca023\PresentationCore.ni.dll
+ 2011-09-06 08:07 . 2011-09-06 08:07 11492352 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a189480a53deaaf80a820de30553259b\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}"= "mscoree.dll" [2009-11-08 297808]
.
[HKEY_CLASSES_ROOT\clsid\{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}]
[HKEY_CLASSES_ROOT\UnifiedToolbar.UnifiedToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"SightSpeed"="c:\program files (x86)\Dell Video Chat\DellVideoChat.exe" [2008-08-15 4812664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 41984]
"ooVoo.exe"="c:\program files (x86)\oovoo\oovoo.exe" [2010-08-12 19084472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask .exe -atboottime" [X]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2008-09-05 95488]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-02-19 438403]
"PCMService"="c:\program files (x86)\Dell\MediaDirect\PCMService.exe" [2008-07-04 132392]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-02-19 591696]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"Sprint SmartView"="c:\program files (x86)\Sprint\Sprint SmartView\SprintSV.exe" [2008-08-04 18968]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"KiweeHook"="c:\program files (x86)\Kiwee Toolbar\3.2\kwtbaim.exe" [2009-11-25 56544]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWow64\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
.
c:\users\ALPIMAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
Epson all-in-one Registration.lnk - e:\common\EpsonReg\Epkick.exe [N/A]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launch Whitesmoke Translator.lnk - c:\program files (x86)\WhiteSmoke Translator\WSTrayDictMode.exe [2010-11-24 2064384]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-31 1995344]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dstfixx]
dstfixx.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2008-09-05 23:16 140544 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AGCoreService;AG Core Services;c:\program files (x86)\AGI\core\4.2.0.10752\AGCoreService.exe [2010-01-19 20480]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1c9b01157632de0;Google Update Service (gupdate1c9b01157632de0);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-29 133104]
R3 bpwwpspm;bpwwpspm;c:\windows\System32\Drivers\bpwwpspm.sys [x]
R3 CASprint;Sprint Con App Svc;c:\program files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2008-07-07 124184]
R3 esrdodgm;esrdodgm;c:\windows\System32\Drivers\esrdodgm.sys [x]
R3 esubhhhn;esubhhhn;c:\windows\System32\Drivers\esubhhhn.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 gtrliyng;gtrliyng;c:\windows\System32\Drivers\gtrliyng.sys [x]
R3 hnusocwb;hnusocwb;c:\windows\System32\Drivers\hnusocwb.sys [x]
R3 jmudbzww;jmudbzww;c:\windows\System32\Drivers\jmudbzww.sys [x]
R3 ljxsebzq;ljxsebzq;c:\windows\System32\Drivers\ljxsebzq.sys [x]
R3 lmeiguoy;lmeiguoy;c:\windows\System32\Drivers\lmeiguoy.sys [x]
R3 lsaugzuq;lsaugzuq;c:\windows\System32\Drivers\lsaugzuq.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mkinavtr;mkinavtr;c:\windows\System32\Drivers\mkinavtr.sys [x]
R3 mzlhxlmd;mzlhxlmd;c:\windows\System32\Drivers\mzlhxlmd.sys [x]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 qotfeljy;qotfeljy;c:\windows\System32\Drivers\qotfeljy.sys [x]
R3 rfbwejns;rfbwejns;c:\windows\System32\Drivers\rfbwejns.sys [x]
R3 sbbcsksk;sbbcsksk;c:\windows\System32\Drivers\sbbcsksk.sys [x]
R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2008-09-22 585136]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2008-10-03 854280]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 xsvstfhi;xsvstfhi;c:\windows\System32\Drivers\xsvstfhi.sys [x]
R3 yiyktxyt;yiyktxyt;c:\windows\System32\Drivers\yiyktxyt.sys [x]
R3 zlzybacx;zlzybacx;c:\windows\System32\Drivers\zlzybacx.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_a2af78c4\AESTSr64.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2008-09-05 2340096]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [x]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-30 01:53]
.
2011-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-29 01:54]
.
2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-29 01:54]
.
2011-09-08 c:\windows\Tasks\User_Feed_Synchronization-{830A53C7-A521-4EFD-8571-D3AB6FDC631D}.job
- c:\windows\system32\msfeedssync.exe [2011-09-06 04:32]
.
2011-09-08 c:\windows\Tasks\User_Feed_Synchronization-{C49DCAFF-9550-4809-B387-0A17B44F2D64}.job
- c:\windows\system32\msfeedssync.exe [2011-09-06 04:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-25 272896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-03 153624]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-03 225816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-03 199704]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-20 3863040]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-09-22 1289992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-07 170496]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\lspF63.dll
TCP: DhcpNameServer = 66.38.1.90 66.38.0.240 66.38.1.240
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\ALPIMAS\AppData\Roaming\Mozilla\Firefox\Profiles\9qvrhcuw.default\
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)
Toolbar-{e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-FAStartup - (no file)
Wow6432Node-HKLM-Run-+fU2k6VtKYoFqWo/xh6GknBqF36ypR2s8SwBAQA7== - c:\users\ALPIMAS\AppData\Local\Temp\win16.exe
Wow6432Node-HKLM-Run-ZS/SVCQDOB6GtyEwCDtDqHwN+Cb8h3xpZUKzBklpJxEBAQA7== - c:\windows\win.exe
Wow6432Node-HKLM-Run-LvOKfeefn1zAIMAS\AppData\Local\Temp\3974322659.exe - c:\users\ALPIMAS\AppData\Local\Temp\3974322659.exe
Wow6432Node-HKLM-Run-LvOKfeefnvcPIMAS\AppData\Local\Temp\user.exe - c:\users\ALPIMAS\AppData\Local\Temp\user.exe
Wow6432Node-HKU-Default-Run-uPc+kt0NftaGuo - c:\windows\system32\y2udgsw.dll
Wow6432Node-HKU-Default-Run-Avamusige - c:\windows\system32\config\systemprofile\AppData\Local\iomdol.dll
Wow6432Node-HKU-Default-Run-uPc+kt0No_Jsiv - c:\windows\system32\wkc46.dll
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
.
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LvOKfeefnfQft.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiwocOHEAumSkgtosWLFisO9EOwIrWP/zyGHJnxoEaB1FKlBInQT6pU
fjiipIjR5ESSA0XW3MlTYUyaM2eKHIqz4MeVOTHG9EPNpUuDFW/2lIqQZc+rEU8S/AnUqMmVR2Ey
DXn0aNGzCoeKFRuTalWaFTlq/Yq1Lk+uDz+q1DuXIEyYJotOZAlSZ0OXL526dbg4rd3HgYUWjHmS
r8rLVi0uxdvxn1y0Iz2WJcuXbM6/bGXidLo5seq3fSHL7riX8senXjHORXzw9cWUnYmaXsqW6uC8
mWfHzooZs8Epqtv6Xg6aelCBMiuHHrmZOGuu2v2+/xx/tPVSuFbNzoZYNqz13gadYv2ruD591BAb
517YvOl9xCtdtt96ovWn0nXvVQZWgAwuxaCBD0YI4WUvMWiZe7sx1NdcBSaU2F9RjScieSRWKNV7
XfGl4lWcbfXXQy8xVpJeSalooXuYWVYhjTlGeOFeC/aYEoUjOhSeRCYGmBRs2E2x5Fa4XTfQgcLh
FFd1gYG0WJWNaTeRaoYhuJB6TxrGoXILktmSbwa9iFOMEbEJY140HXccVijulKeUZQ65o1QxOQkb
fZ6VCVR2kaEFZE+FHehYfNJ1d5t0MO3ZkKUZ+UnNFI4uxFtnDJ34pEInJnjeVk2FhJh39FH6nYaY
vv/1KGg7gelSgCb25iaf8XnG1KSRdiesd985WFWGRwY36n7J1bjeVJPJ2d5o//xnbX0DIrTYr3T2
pR9GAuYU66XLYiVniyiFWy2un8IHqnpeBgVecmYNSdyb2Y6JGJxW0urvs7Sp6duHQDbroYPUygkq
SSd+me2kU0Qc8VzfijfixRiPJ65dJ704rrgTToHCyCOPpSxD8oVUKVhUaaQewajFrBhMEke8FKcZ
zxyzdmei9FRsmYWJEXSCRlQwSK9Rg4LIIqMgVmX7MlWi1Ca+VLMfNo+4714ab0QR1rf+K1V/H2ON
c1dYSazftEoSKTNMJJPclogXLtxS0yNDNzbeeU//gSGbYdkcplZ0fyv0wnHVzKzBdGKHNb3wFkZv
oQPxPTJVSacbJHC9Lc2pSXKDSRZ5oglkM1ndXevqtWs1RLTJaAukboKpqB22X2CFxjblAsktt1ZY
e3UmkBQ2zRGh1cJ9PILUjh5xkjTyzHueww7refXBwg4yijSP3V7tz1snOdYjN0VybwpD1ebSUpcX
46YTdam97Ho7ynanFQ8NdtFTnr1xbkM63KYiNrrQgA86c+saSbKDtwGOjE8pkday4nI52Z0oJk4j
3naWF5UIOs00QyEMkZAywTGFhFMSM9MA9favjuRuIwSUiM0+d5CMTWRpKDgeyYDTLHTxZ2kK7EgO
/5uSHRH9yn5NyZqm9lJDF97Iblaqna9oaBSzPS92KPHTPyTWkatNriVbJBkK8wamaanKSUcyjB9K
JqaQoMAz9sIcScICNs/VbGKSqZb6FOSchNzKiiYJH+OMZDaP1A5sebpYGEU2EBxujV/bqdKSagdE
qCQmg4T7kPqq9bo7Ps4t+YMIcQY4vxPm70yxMZtYckjFFkJJjE6JWxSN+KKxmDFGEUPBEh2Vije6
5SQpc1kAG2S242mqfcmiyH2KpkovlbImK6yZkoxGvhxWLm8wi5J4PCMi0nyEaUCr1ge/wkPJbSkq
p2tTFiGUyZVtBEzp3Ar/mMSr/klsfhTKYj2rKf/GuOmSKADVp1o+5MhpXWaNOCJhdm7jztxwsVey
Sl67KkPFFUbwL63kCfgeNyZ1gS5v/mRaKKfENtFsqpLDRF1GjYI0RO1qgdARmn66OSZO7et1HUuf
hsRFvhSW600vvKY/h3qrkq6oa/7xE8neRj+/tcebmxlVBBEVT6uMTTFGoeWH9Ca5h8puOhk5IM38
likVMS2HbMnl0kiaT79skit545zbnrczc7asX9VyiVc7077mvK1CRlkp2AiyUqNJU5wV3ZyQXtbL
vBkkbgrUSsfyWLk1lu8zHQmezqK2LiDtSySJUeKOVjSzfM1xnonjlEfI+psDxvSgMS3MRSy7NAv/
4W1OsgKnLQsyxHdypIgX05RexOq2ru1ottIi2ldhRbwI3lOyVSVVVSAbvyHhzS2ncqtGBiNbyzpp
od902oOOa9KyuBaHNrMPiTi3nU0m5ZBl8mlhQ5XeDcUzVKfxoGPXx0ZdcUVUscllpTCDSJOSxjz+
Ce09bZo8G2aMNHCpnX4C9c3lLMe1YDVdDH+qSN3xhmJi1CJhU/erQP2qLE3TGwbZpz3Uws6QUR0d
hiymXhAlNTRnbdF2szZPQnaqN3jM6jTTBSUQpWYzCETNSj4DUNluzHxnJetNkOYuibbMqIwzjoON
CDaF1WykygpnRXL5SCJiL7SAEx6WRVwj+sDr/50IlB1UKHbi5v7YwPU6DRTFEzWx4MxNxfzYkYPl
XB/iN4TljdVoa+QfrtzrnS1brEFNyDMS6hGadGuw2sBcT782Nc3mldxt2sssE2b1fUVpjcoUa+ab
cNdwkWwvh2gEwUS5N4muVjJyvmU23VlqpLEi04++1+gpEcoypt3pSMbzFMBCE30fw+tZ7JPMfYaS
Ogoa9oGqJpG8gghssIZwrGdiH22SNIB4wiypmYOtunA6oaWBC+6YXbWLZlfZ1gIwaH75RYApKmzJ
7NnD5CxjdnpzcAENylqEq8fotEVZ5V5UQEsnmDQGdc/rTvZs1mZQNWER4w0mT7fZjCR6V2yQ+v/s
9phQ7u+wwjvLnXaZvLGTaVrJxEnkwaqvXrXyxSErUSsqST15YsaNXNuCTqSTrvmzKvzkF3PReeke
lyTTsppaOVgEzNDPLXMpdUwluPFWuUvdpq4VzSMxdhbF1y1B965zQ+J25bPMzdKoaGgwUzY6zB7D
oJY8LUtzdCvRGRdt3fhkOslBVLqQdy1bBwawh8MrTSd573FP9qfhFLLAC08ulC2qJcNlnZ40x+k1
9fE6PE8552HVcreTeriAy6bWhZdxWQ3J9Zmv0X9FDp/1RtbxW29j6yni8T7fLvjIdyETN54kdsIJ
ecMfvmQzE/GwTxJxpqG99NizyxESqUks/T06udsi8OjzPWAU0qZOxSfV5aNfQhaqSfpOv5uUmf/8
+fU2k6VtKYoFqWo/xh6GknBqF36ypR2s8SwBAQA7=="="c:\\Users\\ALPIMAS\\AppData\\Local\\Temp\\win16.exe"
"Mqvagestsearche.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCAf6SbXQT8KHECNKnEixosWL1KghTEWNo8eOHS9iLKixoR+TAjWm/KdRJcuB
Ll0alCkSIc2aBG9KzOgxVc+fHX2CTPXPIc6aOiEy9LnUKEWdRI9K3Tm06serIHVmhHhyYkyYIr+u
zPlyZdSXJ00upOinZdmmcNPGnStXLtOgQO/qbXqSrt+G/zySfKnSaU2fDf/SLcoUseK7CxsnTuw4
MtyOlteGzWg169Sng88+7IpUatKyCfeOHUyQoVrRbksjZv05Ik2OWsEarl3a68GgeCfiDjyZIU6f
vMMOFGyz9e7Tvz9/dRtb4nCBekMWdKjyK9HigFfn/4wqVnpC6tpRly9KHSx0sMlrbzWIOytRre9d
M9XcNj5olvNNpJlSPUV3VHsPtcTRTFfhdtVyAnGnV2Ci+VZUXcY1Z2FZAbqEHG06TUFfcR9WR5t8
g3HGU1v1bZSUcTRx9pFFxp3lEGKRDbgZWQCC5lhjH4q3k4YQAYfVR+iV1N9MOd10nUb1xYSXUEIG
pqBK5JHkWl3nWVkdTwGSVdl+S4IIH0t9GUgVklNlqJ6VDgJZVVBw4mXnXUYKdSSVRVJI5n1QyQRk
YwfpKNxSCQ6q6KKMEtXolEsBeSZZYPIIWmTBucRdl5ayVFlaLP5YYW6bEkkcjP6lit1uBi0ZY5VM
Ev+020dTCOXUdFXytN+CaOpXUVfvNTQFChVGVOyJ7qHWaYrKXogQdyBhl+yXyTrbUlAnibjcT4St
upSu1NpmoFFa9UUuCiiw2qd5XmE2BU2kKZQSlCa+tyxM5B6ZElYwnWYvV8dKStKwx0ZoGILKbvUe
ri9muxa8Rok4XHeBTaoUk9fKeSOkHg2LLrHzcqZmsM5FGqRM1KAwhbrOIRurcrf5sfK7qbHYrJ+S
Ddovf3YRCt+CMfqhMroe1/rSsf8yBuStRCM9LMuoRSZetCiXZzVJKqYyc1+iTmYZXNhR3KrMU8xc
tswQUgpTli0JTfTHROsqqqVYDmpoSh/TvJrK2lr/J5RMQ/e13kF7KUoNqHpruTbUPy1NzcoOnXR4
2VjeW3GPLA2tMtmB39aZzk0VOSzBB42+rkKOMlVU3qNDHqaZDG4dpZWlFubXdd1CHu/qSSbYrdsq
bwU8yN1yvCiWaAupeeIDDe07gx9y9PHaZX+c9IiQX05xnpXRF7ZLZfedE83+tja+8wQVLfHhfJrq
U+tBpkQw3waZTuSrh3P3sdTYEX3zy/vamuAssxITOestIcuW0c60kKthrihggVtshrcpBYWHMaRx
i9uMNih0LQRdFfKYcpazweWARGa3MpZkUPguTXVJUIORnEbC95v0VO0m0PrH6IhVIKE9rSSIwo7q
/+4mkOqx6nE8HN2MfCiSCrmNXLJK11ksuDSSpGVlsiremUSWEQnV6EZaQ1t3KlcQXlFqQe8j2qw8
lq4yfQst/xPI0GCjQ5DJLF1uqZ7P4rg2RPlwgR5aWWNCkh/XZC9CTVITjz4Xvlo1CEkq8oyiiBO4
Br2NRZ+bk4Nk5EMUyCgjTyvisKKYuAklCEtzzIzRTHSXm30RctoS0Ri3qBunyBBzZAvfWchzH9RZ
xoWegltaFJK3h42lTLmpIxZXcja8pWsgHnvdkJgiQhI6Mn4p8llIdBc5l20HVbJiW2AaSbkWDQU5
BrxcYIa2QGLSb2wVeRzlomjL4Hlqnv+JyceAlv+KNhrleIyBEjpZYrbdqRN/3UIkCa1IzrK1Ej10
CyjwtAUYCe6sIkspmmNoKD97as2TIxwn395GPDe1xnipMySwLAarhZqFQnXTGjkryEdbwmSHA0Ii
CAuHUo0FpZKIeeZyhgUllfWSRv0T6uHQRTHAXJBeX1Mp5EKHsFhlqTW78tQ9w9cWTpoxqqKCGw+Z
IkwcmSyFL+vIO4syyvSN8qNmjKcoQQpNum4Lmys6EzfBYrdGwehRkuJII/GkMNV5CVyZU+JN0Tcq
kSh2neKT48rkWTBx/cN6UWzZQtEoKkddkWtnzSoG4aLN7yHPUxrh23zsFEkhgpOCaNqfQQGUztT/
jA5KbSUlXC0iNvQN9VS/WUtlVXrU8TRqI5LJ30cw9b4FHmxbXIRgR3cIt7KdTkChTFmt7rTDyQrM
WOtE11hcY8DhAOZLwpJZcbF61rVkRk+blN6KUEW2rpYELSYtXnfEKtazNU5OjxzUT0Hotjd99IdI
6adQKbSdtclLiGVErdhUY0IwsSlsdlOvh/InSD7J7Zz/HWre2OlbU9lGtfhsDTuhpkidFkyeVtpX
qaxYRsjoySoC/i98G+NfAmq3VANdpp+4lhgZy1DBxFvWepvzR/EKVLijO6Kx7ujBjUixj52xcI7t
hSf2vHc2E5yZRxxW5H4VZjTeygyAkmdZmyyX/42CZJUxeTu56sbPbTYaZE/UjDUtTSaS3eGVSVzY
RY4o0KFe/FqZZhs2fNEUkSIDa08NqyQq2/V/g+PKZ6tHXU+ySWcKFdSiQpae8V4QwgBCZ2PLaDPD
iUyhcLrxkQg5HwFPmdOVZdeFDh039hm2xl0bVX0aCDTaBpFUOZFaVfELYFttObrla5KgnDRMyKJ1
ZLxlUl9BG6nDnae17Eubg1jMwKgUqE57ms2MFOKUUasNV9LWqqeIKNAh2fto3xyTZDB4xWLTdj6J
0ZQMxZYS5nI2L1eVsLqAiGU07Xo1XzZje64FaCG9SjP4sZwK6cRgqlzLqSXKy5zOORIO8VVPI//q
17Clq0L4PsuUE8dc3TiFEYLDGmMqKmNQagWquhCS5v+KTbGh8lDGONpTuQYgafMbrQLm3OnKpu2B
/FzD2vpJU7/ekrlSNUVFopw47EEZcyzCP5zt65QP9J3VF1nAoefcakU/tbzH1vP+JPNi77ZYzhrN
7gtPi0LXJtyjm7XslrY5xmu/q8aNjlGUNPEwQxZSBnlSsqT/xvLMks7TkUVAb0La87TckDpBfzfm
Npi9CQdgoWDGx29TXoUsTsr1Fo9UtjyEIUNhd4SmGKbrQck0rS9UcdtT9tWIDd7Bl6vx/1OWeJHq
PoTS2hYz5U1g3rtfSC0XNmmuqu5brmHacfay7dtnHe9jvVoYZymHZu+VUCV9cHfPYEKjo6Sglb1e
v16+tEqe/OdM3ft3dSfktyzwwn2j8Wp952E1tGrqxxtHZECZNi/YBoCpxijiwWiw8ioOFhPt9mu3
QX4bpoGgRx+Yx3wUOBU4tm4oYht/42bSxH6Jonr8d4LA1ym+5momJoFAFxxC0mUmR4MmCIRCaD4w
ZS/SVCQDOB6GtyEwCDtDqHwN+Cb8h3xpZUKzBklpJxEBAQA7=="="c:\\Windows\\win.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,60,53,e2,29,65,02,4e,9f,cd,b9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,60,53,e2,29,65,02,4e,9f,cd,b9,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-09-07 22:34:09
ComboFix-quarantined-files.txt 2011-09-08 02:34
ComboFix2.txt 2011-09-06 03:11
ComboFix3.txt 2011-09-05 14:46
.
Pre-Run: 256,739,090,432 bytes free
Post-Run: 256,723,984,384 bytes free
.
- - End Of File - - C94115EE5E6088121D0E4C980A73B30B

[Render]

Hi,

Please follow the steps below:

Step 1

GMER Rootkit Scanner

• Download GMER from HERE.
• Extract the contents of zipped file to your desktop.
• Double click GMER.exe.
  
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED:
• IAT/EAT
• Drives/Partition other than Systemdrive (typically C:\)
• Show All (don't miss this one)

NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.

• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.
• Please copy and paste the report into your Post.

Caution - Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Step 2

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Step 3

OTL Custom Scan

• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Select Scan all users
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  volsnap.sys
  atapi.sys
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT

• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open OTL.Txt in Notepad window.
• Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

When completed the above, please post back the following in the order asked for:

• ark.txt
  
• MBRCheck report
  
• OTL scan log
  

[ViruSpy]

When are you available to trouble shoot? i want to resolve this ASAP????

OTL logfile created on: 10/09/2011 11:22:34 a.m. - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\ALPIMAS\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 0000080A | Country: Mexico | Language: ESM | Date Format: dd/MM/yyyy

3.96 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 44.54% Memory free
8.09 Gb Paging File | 5.73 Gb Available in Paging File | 70.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 240.93 Gb Free Space | 83.65% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.97 Gb Free Space | 29.72% Space Free | Partition Type: NTFS
Drive E: | 7.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ALPIMAS-PC | User Name: ALPIMAS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/03 22:48:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\ALPIMAS\Desktop\OTL.exe
PRC - [2010/11/09 15:33:50 | 002,064,384 | ---- | M] () -- C:\Program Files (x86)\WhiteSmoke Translator\WSTrayDictMode.exe
PRC - [2010/08/12 19:44:36 | 019,084,472 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2010/01/16 13:02:38 | 000,436,752 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\mcuicnt.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/25 12:46:50 | 000,056,544 | ---- | M] (AG Interactive) -- C:\Program Files (x86)\Kiwee Toolbar\3.2\kwtbaim.exe
PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/09/05 19:17:08 | 001,836,288 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2008/09/05 19:17:08 | 000,095,488 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2008/09/05 19:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2008/08/15 17:03:50 | 004,812,664 | ---- | M] (Dell Inc. and SightSpeed Inc.) -- C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
PRC - [2008/07/04 16:16:58 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
PRC - [2008/04/17 16:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/17 16:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2008/02/19 19:05:24 | 000,591,696 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe


========== Modules (No Company Name) ==========

MOD - [2010/11/09 15:33:50 | 002,064,384 | ---- | M] () -- C:\Program Files (x86)\WhiteSmoke Translator\WSTrayDictMode.exe
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/09/05 19:16:36 | 000,233,216 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
MOD - [2008/09/05 19:16:36 | 000,059,136 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2008/09/05 19:16:20 | 000,087,296 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
MOD - [2008/08/15 17:00:54 | 006,510,416 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtGui4.dll
MOD - [2008/08/15 17:00:54 | 001,657,168 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtCore4.dll
MOD - [2008/08/15 17:00:54 | 000,396,112 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtOpenGL4.dll
MOD - [2008/08/15 17:00:54 | 000,366,928 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtNetwork4.dll
MOD - [2008/08/15 17:00:54 | 000,026,960 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\SDL.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/02/25 21:43:20 | 000,818,752 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2008/11/20 06:21:12 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/10/03 13:27:54 | 000,854,280 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV:64bit: - [2008/10/03 13:23:26 | 000,563,464 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/09/22 19:15:48 | 000,585,136 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV:64bit: - [2008/08/25 06:31:36 | 000,251,904 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_a2af78c4\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/08/25 06:31:22 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_a2af78c4\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/19 17:48:26 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Stopped] -- C:\Program Files (x86)\AGI\core\4.2.0.10752\AGCoreService.exe -- (AGCoreService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/09/05 19:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/07 16:45:50 | 000,111,896 | ---- | M] (PCTEL) [On_Demand | Stopped] -- C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2008/07/07 16:45:36 | 000,124,184 | ---- | M] (PCTEL) [On_Demand | Stopped] -- C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe -- (CASprint)
SRV - [2008/04/17 16:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/01/20 22:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/16 08:33:36 | 000,050,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/20 06:20:52 | 000,022,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/10/27 07:21:50 | 001,374,712 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/10/27 02:25:30 | 000,315,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2008/10/27 02:25:30 | 000,168,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/10/03 13:23:46 | 000,080,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2008/10/03 13:23:40 | 000,277,008 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2008/10/03 13:23:36 | 000,192,528 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2008/09/03 07:59:18 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/09/03 07:58:16 | 008,029,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/08/25 07:26:08 | 000,199,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/08/25 06:35:36 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2008/08/25 06:31:46 | 000,458,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/08/16 03:01:34 | 000,235,536 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2008/08/16 03:01:32 | 000,042,000 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2008/08/16 02:58:10 | 001,839,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vsapint.sys -- (vsapint)
DRV:64bit: - [2008/08/02 18:36:16 | 000,243,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
DRV:64bit: - [2008/07/17 06:59:12 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/07/17 06:59:10 | 000,062,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/07/17 06:59:08 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/07/16 07:50:42 | 000,239,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/07/07 16:42:52 | 000,195,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV:64bit: - [2008/07/07 16:42:50 | 000,197,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV:64bit: - [2008/07/07 16:41:32 | 000,043,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\PCTINDIS5X64.SYS -- (PCTINDIS5X64)
DRV:64bit: - [2008/01/20 22:49:47 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 22:46:52 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2007/11/14 05:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/10/12 18:04:40 | 000,041,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCASp50a64.sys -- (PCASp50a64)
DRV:64bit: - [2007/09/06 17:30:24 | 000,198,144 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2007/06/20 16:57:36 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2007/05/31 15:39:32 | 000,027,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/01/18 17:10:22 | 000,030,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2008/07/07 16:42:52 | 000,028,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://prodigy.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://prodigy.msn.com/
IE - HKLM\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://prodigy.msn.com/
IE - HKCU\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files (x86)\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.27\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/03 22:34:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/03 20:54:16 | 000,000,000 | ---D | M]

[2011/09/03 20:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALPIMAS\AppData\Roaming\Mozilla\Extensions
[2009/10/07 13:03:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALPIMAS\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/09/03 22:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/08/08 13:10:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/16 00:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/19 08:22:50 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing-zugo.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/05 10:24:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - File not found
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [KiweeHook] C:\Program Files (x86)\Kiwee Toolbar\3.2\kwtbaim.exe (AG Interactive)
O4 - HKLM..\Run: [LvOKfeefnfQft.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCBMqXMiwocOHEAumSkgtosWLFisO9EOwIrWP/zyGHJnxoEaB1FKlBInQT6pU
fjiipIjR5ESSA0XW3MlTYUyaM2eKHIqz4MeVOTHG9EPNpUuDFW/2lIqQZc+rEU8S/AnUqMmVR2Ey
DXn0aNGzCoeKFRuTalWaFTlq/Yq1Lk+uDz+q1DuXIEyYJotOZAlSZ0OXL526dbg4rd3HgYUWjHmS
r8rLVi0uxdvxn1y0Iz2WJcuXbM6/bGXidLo5seq3fSHL7riX8senXjHORXzw9cWUnYmaXsqW6uC8
mWfHzooZs8Epqtv6Xg6aelCBMiuHHrmZOGuu2v2+/xx/tPVSuFbNzoZYNqz13gadYv2ruD591BAb
517YvOl9xCtdtt96ovWn0nXvVQZWgAwuxaCBD0YI4WUvMWiZe7sx1NdcBSaU2F9RjScieSRWKNV7
XfGl4lWcbfXXQy8xVpJeSalooXuYWVYhjTlGeOFeC/aYEoUjOhSeRCYGmBRs2E2x5Fa4XTfQgcLh
FFd1gYG0WJWNaTeRaoYhuJB6TxrGoXILktmSbwa9iFOMEbEJY140HXccVijulKeUZQ65o1QxOQkb
fZ6VCVR2kaEFZE+FHehYfNJ1d5t0MO3ZkKUZ+UnNFI4uxFtnDJ34pEInJnjeVk2FhJh39FH6nYaY
vv/1KGg7gelSgCb25iaf8XnG1KSRdiesd985WFWGRwY36n7J1bjeVJPJ2d5o//xnbX0DIrTYr3T2
pR9GAuYU66XLYiVniyiFWy2un8IHqnpeBgVecmYNSdyb2Y6JGJxW0urvs7Sp6duHQDbroYPUygkq
SSd+me2kU0Qc8VzfijfixRiPJ65dJ704rrgTToHCyCOPpSxD8oVUKVhUaaQewajFrBhMEke8FKcZ
zxyzdmei9FRsmYWJEXSCRlQwSK9Rg4LIIqMgVmX7MlWi1Ca+VLMfNo+4714ab0QR1rf+K1V/H2ON
c1dYSazftEoSKTNMJJPclogXLtxS0yNDNzbeeU//gSGbYdkcplZ0fyv0wnHVzKzBdGKHNb3wFkZv
oQPxPTJVSacbJHC9Lc2pSXKDSRZ5oglkM1ndXevqtWs1RLTJaAukboKpqB22X2CFxjblAsktt1ZY
e3UmkBQ2zRGh1cJ9PILUjh5xkjTyzHueww7refXBwg4yijSP3V7tz1snOdYjN0VybwpD1ebSUpcX
46YTdam97Ho7ynanFQ8NdtFTnr1xbkM63KYiNrrQgA86c+saSbKDtwGOjE8pkday4nI52Z0oJk4j
3naWF5UIOs00QyEMkZAywTGFhFMSM9MA9favjuRuIwSUiM0+d5CMTWRpKDgeyYDTLHTxZ2kK7EgO
/5uSHRH9yn5NyZqm9lJDF97Iblaqna9oaBSzPS92KPHTPyTWkatNriVbJBkK8wamaanKSUcyjB9K
JqaQoMAz9sIcScICNs/VbGKSqZb6FOSchNzKiiYJH+OMZDaP1A5sebpYGEU2EBxujV/bqdKSagdE
qCQmg4T7kPqq9bo7Ps4t+YMIcQY4vxPm70yxMZtYckjFFkJJjE6JWxSN+KKxmDFGEUPBEh2Vije6
5SQpc1kAG2S242mqfcmiyH2KpkovlbImK6yZkoxGvhxWLm8wi5J4PCMi0nyEaUCr1ge/wkPJbSkq
p2tTFiGUyZVtBEzp3Ar/mMSr/klsfhTKYj2rKf/GuOmSKADVp1o+5MhpXWaNOCJhdm7jztxwsVey
Sl67KkPFFUbwL63kCfgeNyZ1gS5v/mRaKKfENtFsqpLDRF1GjYI0RO1qgdARmn66OSZO7et1HUuf
hsRFvhSW600vvKY/h3qrkq6oa/7xE8neRj+/tcebmxlVBBEVT6uMTTFGoeWH9Ca5h8puOhk5IM38
likVMS2HbMnl0kiaT79skit545zbnrczc7asX9VyiVc7077mvK1CRlkp2AiyUqNJU5wV3ZyQXtbL
vBkkbgrUSsfyWLk1lu8zHQmezqK2LiDtSySJUeKOVjSzfM1xnonjlEfI+psDxvSgMS3MRSy7NAv/
4W1OsgKnLQsyxHdypIgX05RexOq2ru1ottIi2ldhRbwI3lOyVSVVVSAbvyHhzS2ncqtGBiNbyzpp
od902oOOa9KyuBaHNrMPiTi3nU0m5ZBl8mlhQ5XeDcUzVKfxoGPXx0ZdcUVUscllpTCDSJOSxjz+
Ce09bZo8G2aMNHCpnX4C9c3lLMe1YDVdDH+qSN3xhmJi1CJhU/erQP2qLE3TGwbZpz3Uws6QUR0d
hiymXhAlNTRnbdF2szZPQnaqN3jM6jTTBSUQpWYzCETNSj4DUNluzHxnJetNkOYuibbMqIwzjoON
CDaF1WykygpnRXL5SCJiL7SAEx6WRVwj+sDr/50IlB1UKHbi5v7YwPU6DRTFEzWx4MxNxfzYkYPl
XB/iN4TljdVoa+QfrtzrnS1brEFNyDMS6hGadGuw2sBcT782Nc3mldxt2sssE2b1fUVpjcoUa+ab
cNdwkWwvh2gEwUS5N4muVjJyvmU23VlqpLEi04++1+gpEcoypt3pSMbzFMBCE30fw+tZ7JPMfYaS
Ogoa9oGqJpG8gghssIZwrGdiH22SNIB4wiypmYOtunA6oaWBC+6YXbWLZlfZ1gIwaH75RYApKmzJ
7NnD5CxjdnpzcAENylqEq8fotEVZ5V5UQEsnmDQGdc/rTvZs1mZQNWER4w0mT7fZjCR6V2yQ+v/s
9phQ7u+wwjvLnXaZvLGTaVrJxEnkwaqvXrXyxSErUSsqST15YsaNXNuCTqSTrvmzKvzkF3PReeke
lyTTsppaOVgEzNDPLXMpdUwluPFWuUvdpq4VzSMxdhbF1y1B965zQ+J25bPMzdKoaGgwUzY6zB7D
oJY8LUtzdCvRGRdt3fhkOslBVLqQdy1bBwawh8MrTSd573FP9qfhFLLAC08ulC2qJcNlnZ40x+k1
9fE6PE8552HVcreTeriAy6bWhZdxWQ3J9Zmv0X9FDp/1RtbxW29j6yni8T7fLvjIdyETN54kdsIJ
ecMfvmQzE/GwTxJxpqG99NizyxESqUks/T06udsi8OjzPWAU0qZOxSfV5aNfQhaqSfpOv5uUmf/8
+fU2k6VtKYoFqWo/xh6GknBqF36ypR2s8SwBAQA7==] File not found
O4 - HKLM..\Run: [Mqvagestsearche.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm
AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/
MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm
ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/
mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm
zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/
/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ
AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA
M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ
ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A
mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z
zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA
AAj/AP8JHEiwoMGDCAf6SbXQT8KHECNKnEixosWL1KghTEWNo8eOHS9iLKixoR+TAjWm/KdRJcuB
Ll0alCkSIc2aBG9KzOgxVc+fHX2CTPXPIc6aOiEy9LnUKEWdRI9K3Tm06serIHVmhHhyYkyYIr+u
zPlyZdSXJ00upOinZdmmcNPGnStXLtOgQO/qbXqSrt+G/zySfKnSaU2fDf/SLcoUseK7CxsnTuw4
MtyOlteGzWg169Sng88+7IpUatKyCfeOHUyQoVrRbksjZv05Ik2OWsEarl3a68GgeCfiDjyZIU6f
vMMOFGyz9e7Tvz9/dRtb4nCBekMWdKjyK9HigFfn/4wqVnpC6tpRly9KHSx0sMlrbzWIOytRre9d
M9XcNj5olvNNpJlSPUV3VHsPtcTRTFfhdtVyAnGnV2Ci+VZUXcY1Z2FZAbqEHG06TUFfcR9WR5t8
g3HGU1v1bZSUcTRx9pFFxp3lEGKRDbgZWQCC5lhjH4q3k4YQAYfVR+iV1N9MOd10nUb1xYSXUEIG
pqBK5JHkWl3nWVkdTwGSVdl+S4IIH0t9GUgVklNlqJ6VDgJZVVBw4mXnXUYKdSSVRVJI5n1QyQRk
YwfpKNxSCQ6q6KKMEtXolEsBeSZZYPIIWmTBucRdl5ayVFlaLP5YYW6bEkkcjP6lit1uBi0ZY5VM
Ev+020dTCOXUdFXytN+CaOpXUVfvNTQFChVGVOyJ7qHWaYrKXogQdyBhl+yXyTrbUlAnibjcT4St
upSu1NpmoFFa9UUuCiiw2qd5XmE2BU2kKZQSlCa+tyxM5B6ZElYwnWYvV8dKStKwx0ZoGILKbvUe
ri9muxa8Rok4XHeBTaoUk9fKeSOkHg2LLrHzcqZmsM5FGqRM1KAwhbrOIRurcrf5sfK7qbHYrJ+S
Ddovf3YRCt+CMfqhMroe1/rSsf8yBuStRCM9LMuoRSZetCiXZzVJKqYyc1+iTmYZXNhR3KrMU8xc
tswQUgpTli0JTfTHROsqqqVYDmpoSh/TvJrK2lr/J5RMQ/e13kF7KUoNqHpruTbUPy1NzcoOnXR4
2VjeW3GPLA2tMtmB39aZzk0VOSzBB42+rkKOMlVU3qNDHqaZDG4dpZWlFubXdd1CHu/qSSbYrdsq
bwU8yN1yvCiWaAupeeIDDe07gx9y9PHaZX+c9IiQX05xnpXRF7ZLZfedE83+tja+8wQVLfHhfJrq
U+tBpkQw3waZTuSrh3P3sdTYEX3zy/vamuAssxITOestIcuW0c60kKthrihggVtshrcpBYWHMaRx
i9uMNih0LQRdFfKYcpazweWARGa3MpZkUPguTXVJUIORnEbC95v0VO0m0PrH6IhVIKE9rSSIwo7q
/+4mkOqx6nE8HN2MfCiSCrmNXLJK11ksuDSSpGVlsiremUSWEQnV6EZaQ1t3KlcQXlFqQe8j2qw8
lq4yfQst/xPI0GCjQ5DJLF1uqZ7P4rg2RPlwgR5aWWNCkh/XZC9CTVITjz4Xvlo1CEkq8oyiiBO4
Br2NRZ+bk4Nk5EMUyCgjTyvisKKYuAklCEtzzIzRTHSXm30RctoS0Ri3qBunyBBzZAvfWchzH9RZ
xoWegltaFJK3h42lTLmpIxZXcja8pWsgHnvdkJgiQhI6Mn4p8llIdBc5l20HVbJiW2AaSbkWDQU5
BrxcYIa2QGLSb2wVeRzlomjL4Hlqnv+JyceAlv+KNhrleIyBEjpZYrbdqRN/3UIkCa1IzrK1Ej10
CyjwtAUYCe6sIkspmmNoKD97as2TIxwn395GPDe1xnipMySwLAarhZqFQnXTGjkryEdbwmSHA0Ii
CAuHUo0FpZKIeeZyhgUllfWSRv0T6uHQRTHAXJBeX1Mp5EKHsFhlqTW78tQ9w9cWTpoxqqKCGw+Z
IkwcmSyFL+vIO4syyvSN8qNmjKcoQQpNum4Lmys6EzfBYrdGwehRkuJII/GkMNV5CVyZU+JN0Tcq
kSh2neKT48rkWTBx/cN6UWzZQtEoKkddkWtnzSoG4aLN7yHPUxrh23zsFEkhgpOCaNqfQQGUztT/
jA5KbSUlXC0iNvQN9VS/WUtlVXrU8TRqI5LJ30cw9b4FHmxbXIRgR3cIt7KdTkChTFmt7rTDyQrM
WOtE11hcY8DhAOZLwpJZcbF61rVkRk+blN6KUEW2rpYELSYtXnfEKtazNU5OjxzUT0Hotjd99IdI
6adQKbSdtclLiGVErdhUY0IwsSlsdlOvh/InSD7J7Zz/HWre2OlbU9lGtfhsDTuhpkidFkyeVtpX
qaxYRsjoySoC/i98G+NfAmq3VANdpp+4lhgZy1DBxFvWepvzR/EKVLijO6Kx7ujBjUixj52xcI7t
hSf2vHc2E5yZRxxW5H4VZjTeygyAkmdZmyyX/42CZJUxeTu56sbPbTYaZE/UjDUtTSaS3eGVSVzY
RY4o0KFe/FqZZhs2fNEUkSIDa08NqyQq2/V/g+PKZ6tHXU+ySWcKFdSiQpae8V4QwgBCZ2PLaDPD
iUyhcLrxkQg5HwFPmdOVZdeFDh039hm2xl0bVX0aCDTaBpFUOZFaVfELYFttObrla5KgnDRMyKJ1
ZLxlUl9BG6nDnae17Eubg1jMwKgUqE57ms2MFOKUUasNV9LWqqeIKNAh2fto3xyTZDB4xWLTdj6J
0ZQMxZYS5nI2L1eVsLqAiGU07Xo1XzZje64FaCG9SjP4sZwK6cRgqlzLqSXKy5zOORIO8VVPI//q
17Clq0L4PsuUE8dc3TiFEYLDGmMqKmNQagWquhCS5v+KTbGh8lDGONpTuQYgafMbrQLm3OnKpu2B
/FzD2vpJU7/ekrlSNUVFopw47EEZcyzCP5zt65QP9J3VF1nAoefcakU/tbzH1vP+JPNi77ZYzhrN
7gtPi0LXJtyjm7XslrY5xmu/q8aNjlGUNPEwQxZSBnlSsqT/xvLMks7TkUVAb0La87TckDpBfzfm
Npi9CQdgoWDGx29TXoUsTsr1Fo9UtjyEIUNhd4SmGKbrQck0rS9UcdtT9tWIDd7Bl6vx/1OWeJHq
PoTS2hYz5U1g3rtfSC0XNmmuqu5brmHacfay7dtnHe9jvVoYZymHZu+VUCV9cHfPYEKjo6Sglb1e
v16+tEqe/OdM3ft3dSfktyzwwn2j8Wp952E1tGrqxxtHZECZNi/YBoCpxijiwWiw8ioOFhPt9mu3
QX4bpoGgRx+Yx3wUOBU4tm4oYht/42bSxH6Jonr8d4LA1ym+5momJoFAFxxC0mUmR4MmCIRCaD4w
ZS/SVCQDOB6GtyEwCDtDqHwN+Cb8h3xpZUKzBklpJxEBAQA7==] File not found
O4 - HKLM..\Run: [PCMService] C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] File not found
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKCU..\Run: [ooVoo.exe] C:\program files (x86)\oovoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - Startup: C:\Users\ALPIMAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\ALPIMAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found
O4 - Startup: C:\Users\ALPIMAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\ALPIMAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.38.1.90 66.38.0.240 66.38.1.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DAF6A87-4BA2-4BED-B861-F5D019D37AB2}: DhcpNameServer = 66.38.1.90 66.38.0.240 66.38.1.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{304BDE19-F312-43D0-B645-C61B958C98F6}: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O20 - Winlogon\Notify\dstfixx: DllName - dstfixx.dll - File not found
O20 - Winlogon\Notify\FastAccess: DllName - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O24 - Desktop WallPaper: C:\Users\ALPIMAS\Pictures\DSCF0077.JPG
O24 - Desktop BackupWallPaper: C:\Users\ALPIMAS\Pictures\DSCF0077.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/01 22:53:23 | 000,000,041 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/09 13:28:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/07 22:34:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/07 22:30:07 | 000,000,000 | ---D | C] -- C:\Users\ALPIMAS\AppData\Local\temp
[2011/09/07 22:27:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/07 22:27:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/07 22:27:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/06 22:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/09/06 22:17:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/09/06 22:16:34 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\ALPIMAS\Desktop\erunt_setup.exe
[2011/09/06 08:45:58 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2011/09/06 08:45:57 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2011/09/06 03:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2011/09/06 03:58:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2011/09/06 03:22:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll
[2011/09/06 03:22:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2011/09/06 03:22:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll
[2011/09/06 03:22:24 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll
[2011/09/06 03:22:19 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll
[2011/09/06 03:22:19 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2011/09/06 03:22:19 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll
[2011/09/06 03:22:19 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2011/09/06 03:22:19 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2011/09/06 03:22:19 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2011/09/06 03:22:19 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2011/09/06 03:22:15 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2011/09/06 03:22:15 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2011/09/06 03:22:15 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll
[2011/09/06 03:22:15 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2011/09/06 03:22:15 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2011/09/06 01:15:46 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/09/06 01:15:46 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/09/06 01:15:46 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/09/06 01:15:46 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/09/06 01:15:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/09/06 01:15:45 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/09/06 01:15:45 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/09/06 01:15:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/09/06 01:15:43 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/09/06 01:15:43 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/09/06 01:15:43 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/09/06 01:15:38 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/09/06 01:15:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/09/06 00:49:54 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2011/09/06 00:49:54 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2011/09/06 00:48:55 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2011/09/06 00:42:07 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/09/06 00:41:48 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/09/06 00:41:19 | 010,624,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2011/09/06 00:41:16 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2011/09/06 00:40:32 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011/09/06 00:40:31 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011/09/06 00:28:25 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/09/06 00:28:25 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/09/06 00:28:25 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/09/06 00:28:25 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbeio.dll
[2011/09/06 00:28:16 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2011/09/06 00:28:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2011/09/06 00:15:41 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/09/06 00:15:41 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2011/09/06 00:15:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/09/06 00:15:10 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/09/06 00:15:10 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/09/06 00:14:52 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2011/09/06 00:14:48 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/09/06 00:14:44 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2011/09/06 00:14:43 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2011/09/05 09:23:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/05 09:23:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/05 09:23:03 | 004,192,529 | R--- | C] (Swearware) -- C:\Users\ALPIMAS\Desktop\ComboFix.exe
[2011/09/04 23:31:32 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\ALPIMAS\Desktop\aswMBR(1).exe
[2011/09/03 22:48:10 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\ALPIMAS\Desktop\OTL.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/10 11:26:39 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C49DCAFF-9550-4809-B387-0A17B44F2D64}.job
[2011/09/10 11:26:39 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{830A53C7-A521-4EFD-8571-D3AB6FDC631D}.job
[2011/09/10 11:26:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2011/09/10 11:26:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2011/09/10 11:21:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/10 11:21:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/10 11:10:25 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/10 09:28:27 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/09/10 09:22:21 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011/09/10 09:22:18 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/10 09:21:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/07 09:21:00 | 376,226,746 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/06 22:17:55 | 000,000,945 | ---- | M] () -- C:\Users\ALPIMAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/09/06 22:17:51 | 000,000,765 | ---- | M] () -- C:\Users\ALPIMAS\Desktop\NTREGOPT.lnk
[2011/09/06 22:17:51 | 000,000,746 | ---- | M] () -- C:\Users\ALPIMAS\Desktop\ERUNT.lnk
[2011/09/06 22:17:26 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\ALPIMAS\Desktop\erunt_setup.exe
[2011/09/06 04:01:50 | 000,283,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/06 03:15:33 | 000,718,604 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/06 03:15:33 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/06 03:15:33 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/05 10:24:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/05 09:23:21 | 004,192,529 | R--- | M] (Swearware) -- C:\Users\ALPIMAS\Desktop\ComboFix.exe
[2011/09/04 23:11:18 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\ALPIMAS\Desktop\aswMBR(1).exe
[2011/09/03 22:48:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\ALPIMAS\Desktop\OTL.exe
[2011/09/03 22:34:38 | 000,000,914 | ---- | M] () -- C:\Users\ALPIMAS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/03 22:34:38 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/03 21:04:19 | 000,001,460 | ---- | M] () -- C:\Users\ALPIMAS\AppData\Local\d3d9caps64.dat
[2011/08/25 22:26:39 | 003,654,276 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC04648.JPG
[2011/08/25 22:26:32 | 003,681,259 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC04604.JPG
[2011/08/25 22:26:27 | 001,466,942 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC04595.JPG
[2011/08/25 22:26:18 | 001,468,710 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC04354.JPG
[2011/08/25 22:24:37 | 003,706,199 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC04054.JPG
[2011/08/25 22:24:31 | 001,471,513 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC04034.JPG
[2011/08/25 22:13:51 | 004,033,566 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC00596.JPG
[2011/08/25 22:13:43 | 002,297,734 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC05470.JPG
[2011/08/25 22:13:29 | 003,782,800 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC05401.JPG
[2011/08/25 22:13:22 | 003,019,984 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC05388.JPG
[2011/08/25 22:13:05 | 003,814,192 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC05371.JPG
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/07 22:27:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/07 22:27:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/07 22:27:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/07 22:27:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/07 22:27:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/06 22:17:55 | 000,000,945 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/09/06 22:17:51 | 000,000,765 | ---- | C] () -- C:\Users\ALPIMAS\Desktop\NTREGOPT.lnk
[2011/09/06 22:17:51 | 000,000,746 | ---- | C] () -- C:\Users\ALPIMAS\Desktop\ERUNT.lnk
[2011/09/06 13:15:01 | 000,000,396 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{C49DCAFF-9550-4809-B387-0A17B44F2D64}.job
[2011/09/06 08:45:58 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2011/09/06 08:45:57 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2011/09/06 03:42:30 | 000,316,416 | ---- | C] () -- C:\Windows\SysNative\msshsq.dll
[2011/09/06 03:22:39 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\winrsmgr.dll
[2011/09/06 03:22:36 | 000,013,312 | ---- | C] () -- C:\Windows\SysNative\wsmplpxy.dll
[2011/09/06 03:22:36 | 000,013,312 | ---- | C] () -- C:\Windows\SysNative\winrssrv.dll
[2011/09/06 03:22:24 | 000,053,760 | ---- | C] () -- C:\Windows\SysNative\pwrshplugin.dll
[2011/09/06 03:22:22 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\winrs.exe
[2011/09/06 03:22:22 | 000,024,064 | ---- | C] () -- C:\Windows\SysNative\winrshost.exe
[2011/09/06 03:22:22 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\wsmprovhost.exe
[2011/09/06 03:22:19 | 000,232,960 | ---- | C] () -- C:\Windows\SysNative\wecsvc.dll
[2011/09/06 03:22:19 | 000,113,152 | ---- | C] () -- C:\Windows\SysNative\wevtfwd.dll
[2011/09/06 03:22:19 | 000,113,152 | ---- | C] () -- C:\Windows\SysNative\wecutil.exe
[2011/09/06 03:22:19 | 000,084,992 | ---- | C] () -- C:\Windows\SysNative\wecapi.dll
[2011/09/06 03:22:19 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\WsmRes.dll
[2011/09/06 03:22:16 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2011/09/06 03:22:16 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2011/09/06 03:22:16 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2011/09/06 03:22:16 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2011/09/06 03:22:16 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2011/09/06 03:22:16 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2011/09/06 03:22:15 | 002,050,048 | ---- | C] () -- C:\Windows\SysNative\WsmSvc.dll
[2011/09/06 03:22:15 | 000,370,688 | ---- | C] () -- C:\Windows\SysNative\winrscmd.dll
[2011/09/06 03:22:15 | 000,352,768 | ---- | C] () -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2011/09/06 03:22:15 | 000,348,672 | ---- | C] () -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2011/09/06 03:22:15 | 000,310,272 | ---- | C] () -- C:\Windows\SysNative\WsmWmiPl.dll
[2011/09/06 03:22:15 | 000,180,736 | ---- | C] () -- C:\Windows\SysNative\WsmAuto.dll
[2011/09/06 01:15:46 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2011/09/06 01:15:46 | 001,488,384 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2011/09/06 01:15:46 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2011/09/06 01:15:46 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2011/09/06 01:15:46 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2011/09/06 01:15:46 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2011/09/06 01:15:45 | 002,339,840 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2011/09/06 01:15:45 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2011/09/06 01:15:45 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2011/09/06 01:15:45 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2011/09/06 01:15:45 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2011/09/06 01:15:44 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2011/09/06 01:15:43 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2011/09/06 01:15:43 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2011/09/06 01:15:43 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2011/09/06 01:15:42 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2011/09/06 01:15:41 | 012,477,440 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2011/09/06 01:15:41 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2011/09/06 01:15:41 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2011/09/06 01:15:40 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2011/09/06 01:15:39 | 009,272,320 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2011/09/06 01:15:39 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2011/09/06 01:15:38 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2011/09/06 01:15:38 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2011/09/06 01:04:48 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2011/09/06 00:50:01 | 001,923,584 | ---- | C] () -- C:\Windows\SysNative\ole32.dll
[2011/09/06 00:49:15 | 000,847,872 | ---- | C] () -- C:\Windows\SysNative\oleaut32.dll
[2011/09/06 00:48:55 | 000,189,952 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2011/09/06 00:48:52 | 000,633,856 | ---- | C] () -- C:\Windows\SysNative\comctl32.dll
[2011/09/06 00:48:32 | 001,208,832 | ---- | C] () -- C:\Windows\SysNative\kernel32.dll
[2011/09/06 00:42:29 | 002,762,240 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2011/09/06 00:42:20 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2011/09/06 00:42:20 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2011/09/06 00:42:17 | 000,274,432 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2011/09/06 00:42:17 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2011/09/06 00:42:17 | 000,105,984 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2011/09/06 00:42:13 | 000,407,552 | ---- | C] () -- C:\Windows\SysNative\drivers\afd.sys
[2011/09/06 00:42:07 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2011/09/06 00:42:07 | 000,613,376 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2011/09/06 00:41:48 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\odbc32.dll
[2011/09/06 00:41:35 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2011/09/06 00:41:34 | 000,454,144 | ---- | C] () -- C:\Windows\SysNative\shlwapi.dll
[2011/09/06 00:41:22 | 013,425,152 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2011/09/06 00:41:15 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2011/09/06 00:40:41 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi
[2011/09/06 00:40:41 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe
[2011/09/06 00:40:40 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi
[2011/09/06 00:40:40 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe
[2011/09/06 00:40:40 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll
[2011/09/06 00:40:40 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll
[2011/09/06 00:40:40 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll
[2011/09/06 00:40:37 | 000,087,552 | ---- | C] () -- C:\Windows\SysNative\consent.exe
[2011/09/06 00:40:32 | 002,424,320 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
[2011/09/06 00:40:31 | 000,730,624 | ---- | C] () -- C:\Windows\SysNative\mstsc.exe
[2011/09/06 00:40:19 | 000,301,568 | ---- | C] () -- C:\Windows\SysNative\shsvcs.dll
[2011/09/06 00:28:29 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys
[2011/09/06 00:28:25 | 000,560,128 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2011/09/06 00:28:25 | 000,416,768 | ---- | C] () -- C:\Windows\SysNative\sbe.dll
[2011/09/06 00:28:25 | 000,226,816 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2011/09/06 00:28:25 | 000,210,944 | ---- | C] () -- C:\Windows\SysNative\sbeio.dll
[2011/09/06 00:28:16 | 000,179,712 | ---- | C] () -- C:\Windows\SysNative\srvsvc.dll
[2011/09/06 00:28:16 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
[2011/09/06 00:28:16 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\sscore.dll
[2011/09/06 00:18:08 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\drivers\dfsc.sys
[2011/09/06 00:18:06 | 000,344,576 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2011/09/06 00:18:04 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2011/09/06 00:16:52 | 004,692,368 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2011/09/06 00:16:51 | 001,560,960 | ---- | C] () -- C:\Windows\SysNative\ntdll.dll
[2011/09/06 00:15:45 | 001,251,840 | ---- | C] () -- C:\Windows\SysNative\sdclt.exe
[2011/09/06 00:15:41 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2011/09/06 00:15:41 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2011/09/06 00:15:40 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2011/09/06 00:15:36 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2011/09/06 00:15:13 | 000,450,048 | ---- | C] () -- C:\Windows\SysNative\winsrv.dll
[2011/09/06 00:15:13 | 000,085,504 | ---- | C] () -- C:\Windows\SysNative\csrsrv.dll
[2011/09/06 00:15:11 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll
[2011/09/06 00:15:10 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll
[2011/09/06 00:14:52 | 001,090,048 | ---- | C] () -- C:\Windows\SysNative\wmpmde.dll
[2011/09/06 00:14:48 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll
[2011/09/06 00:14:48 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll
[2011/09/06 00:14:48 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe
[2011/09/06 00:14:44 | 000,854,528 | ---- | C] () -- C:\Windows\SysNative\schedsvc.dll
[2011/09/06 00:14:44 | 000,655,872 | ---- | C] () -- C:\Windows\SysNative\taskschd.dll
[2011/09/06 00:14:44 | 000,499,712 | ---- | C] () -- C:\Windows\SysNative\wmicmiplugin.dll
[2011/09/06 00:14:43 | 000,410,112 | ---- | C] () -- C:\Windows\SysNative\taskcomp.dll
[2011/09/06 00:14:43 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\taskeng.exe
[2011/09/04 23:18:20 | 376,226,746 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/03 22:34:38 | 000,000,914 | ---- | C] () -- C:\Users\ALPIMAS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/03 22:34:38 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/03 22:34:38 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/26 12:42:20 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager .INI
[2010/09/25 14:46:42 | 000,000,112 | ---- | C] () -- C:\ProgramData\Jy8atcgh5.dat
[2010/09/15 19:50:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/14 18:03:45 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/06/28 00:25:42 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2009/10/16 16:44:33 | 000,001,460 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Local\d3d9caps64.dat
[2009/09/28 15:44:33 | 000,000,109 | ---- | C] () -- C:\Windows\TmProxy.ini
[2009/06/20 12:26:37 | 000,024,226 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Roaming\UserTile.png
[2009/04/07 17:28:47 | 000,000,552 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Local\d3d8caps.dat
[2009/01/21 00:00:03 | 000,005,962 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Roaming\wklnhst.dat
[2009/01/20 23:35:55 | 000,027,136 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/20 13:12:11 | 000,006,756 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Local\d3d9caps.dat
[2009/01/19 23:13:41 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2009/01/19 23:13:41 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2009/01/19 23:13:41 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2009/01/19 23:13:41 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2009/01/19 23:13:41 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2009/01/19 23:13:41 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2009/01/19 23:13:41 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2009/01/19 23:13:41 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2009/01/19 23:13:41 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2009/01/19 23:13:41 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2009/01/19 23:13:41 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2009/01/19 23:13:41 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2009/01/19 23:13:41 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2009/01/19 23:13:41 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2009/01/19 23:13:41 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2009/01/19 23:13:41 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/01/19 23:10:31 | 000,000,079 | ---- | C] () -- C:\Windows\EPWF600.ini
[2008/12/30 07:09:38 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2008/12/30 07:09:38 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/12/30 06:42:45 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2008/12/30 06:42:45 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2008/12/30 06:42:45 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/12/30 05:51:20 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/09/05 19:16:36 | 000,233,216 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2008/09/05 19:16:36 | 000,059,136 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2008/09/05 19:16:20 | 000,087,296 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2008/07/07 16:42:52 | 000,028,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\swmsflt.sys
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008/12/30 06:44:15 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2008/12/30 06:44:15 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\ERDNT\cache64\atapi.sys
[2008/12/30 06:44:15 | 000,022,584 | ---- | M] () MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\SysNative\drivers\atapi.sys
[2008/12/30 06:44:15 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 02:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 22:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\ERDNT\cache86\explorer.exe
[2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\explorer.exe
[2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 01:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache86\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\ERDNT\cache64\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] () MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2009/04/11 03:15:45 | 000,269,288 | ---- | M] (Microsoft Corporation) MD5=5280AADA24AB36B01A84A6424C475C8D -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_73c0cc10b194374f\volsnap.sys
[2008/01/20 22:47:03 | 000,271,416 | ---- | M] () MD5=DE4307412D98050239026E56A7DFF3C0 -- C:\Windows\SysNative\drivers\volsnap.sys
[2008/01/20 22:47:03 | 000,271,416 | ---- | M] (Microsoft Corporation) MD5=DE4307412D98050239026E56A7DFF3C0 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_71d55304b4726c03\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2008/01/20 22:49:47 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe
[2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe
[2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2010/03/04 03:33:50 | 001,795,880 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2010/03/04 03:33:50 | 001,795,880 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2010/03/04 03:33:50 | 001,795,880 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2010/03/04 03:33:50 | 001,795,880 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/28 00:53:19 | 000,070,656 | ---- | M] ()
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/28 00:53:19 | 000,070,656 | ---- | M] ()
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/28 00:53:19 | 000,070,656 | ---- | M] ()
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2010/03/04 03:33:50 | 001,795,880 | ---- | M] (Apple Inc.)

========== Files - Unicode (All) ==========
[2010/09/21 18:42:59 | 000,025,470 | ---- | M] ()(C:\Users\ALPIMAS\Documents\Hmph ?.txt) -- C:\Users\ALPIMAS\Documents\Hmph ♥.txt
[2010/09/21 18:42:58 | 000,025,470 | ---- | C] ()(C:\Users\ALPIMAS\Documents\Hmph ?.txt) -- C:\Users\ALPIMAS\Documents\Hmph ♥.txt

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Attached Files

•  Ark.txt   1.67KB   168 downloads
•  MBRCheck_09.10.11_11.20.28.txt   13.45KB   149 downloads
•  newOTL.txt   155.23KB   124 downloads

[Render]

Hi,

When are you available to trouble shoot?

I'm available almost every day.

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

• Please right click on on your desktop and click on Run as administrator.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  

  :OTL
  O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    	
  :Files
  ipconfig /flushdns /c
  
  :Reg
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  
  [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Apoint"="C:\\Program Files\\DellTPad\\Apoint.exe"
  "SysTrayApp"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\
  00,6c,00,65,00,73,00,25,00,5c,00,49,00,44,00,54,00,5c,00,57,00,44,00,4d,00,\
  5c,00,73,00,74,00,74,00,72,00,61,00,79,00,36,00,34,00,2e,00,65,00,78,00,65,\
  00,00,00
  "IgfxTray"="C:\\Windows\\system32\\igfxtray.exe"
  "HotKeysCmds"="C:\\Windows\\system32\\hkcmd.exe"
  "Persistence"="C:\\Windows\\system32\\igfxpers.exe"
  "Broadcom Wireless Manager UI"="C:\\Windows\\system32\\WLTRAY.exe"
  "UfSeAgnt.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security\\UfSeAgnt.exe\""
  "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
  "Windows Mobile-based device management"=hex(2):25,00,77,00,69,00,6e,00,64,00,\
  69,00,72,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,4d,00,6f,\
  00,62,00,69,00,6c,00,65,00,5c,00,77,00,6d,00,64,00,53,00,79,00,6e,00,63,00,\
  2e,00,65,00,78,00,65,00,00,00
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"
  "SightSpeed"="\"C:\\Program Files (x86)\\Dell Video Chat\\DellVideoChat.exe\" -bootmode"
  "ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe"
  "Speech Recognition"="\"C:\\Windows\\Speech\\Common\\sapisvr.exe\" -SpeechUX -Startup"
  "ooVoo.exe"="C:\\program files (x86)\\oovoo\\oovoo.exe /minimized"
  "WMPNSCFG"="C:\\Program Files (x86)\\Windows Media Player\\WMPNSCFG.exe"
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [emptyflash]
  [createrestorepoint]
  [reboot]

• Click on button.
• OTL may ask to reboot the machine. Please do so if asked.
• Click on button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[ViruSpy]

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\ALPIMAS\Desktop\cmd.bat deleted successfully.
C:\Users\ALPIMAS\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"Apoint"|"C:\\Program Files\\DellTPad\\Apoint.exe" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"SysTrayApp"|hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,49,00,44,00,54,00,5c,00,57,00,44,00,4d,00,5c,00,73,00,74,00,74,00,72,00,61,00,79,00,36,00,34,00,2e,00,65,00,78,00,65,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"IgfxTray"|"C:\\Windows\\system32\\igfxtray.exe" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"HotKeysCmds"|"C:\\Windows\\system32\\hkcmd.exe" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"Persistence"|"C:\\Windows\\system32\\igfxpers.exe" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"Broadcom Wireless Manager UI"|"C:\\Windows\\system32\\WLTRAY.exe" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"UfSeAgnt.exe"|"\"C:\\Program Files\\Trend Micro\\Internet Security\\UfSeAgnt.exe\"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"SunJavaUpdateSched"|"\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"Windows Mobile-based device management"|hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,4d,00,6f,00,62,00,69,00,6c,00,65,00,5c,00,77,00,6d,00,64,00,53,00,79,00,6e,00,63,00,2e,00,65,00,78,00,65,00,00,00 /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"Sidebar"|"C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun" /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"SightSpeed"|"\"C:\\Program Files (x86)\\Dell Video Chat\\DellVideoChat.exe\" -bootmode" /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"ehTray.exe"|"C:\\Windows\\ehome\\ehTray.exe" /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"Speech Recognition"|"\"C:\\Windows\\Speech\\Common\\sapisvr.exe\" -SpeechUX -Startup" /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"ooVoo.exe"|"C:\\program files (x86)\\oovoo\\oovoo.exe /minimized" /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"WMPNSCFG"|"C:\\Program Files (x86)\\Windows Media Player\\WMPNSCFG.exe" /E : value set successfully!
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: ALPIMAS
->Temp folder emptied: 306 bytes
->Temporary Internet Files folder emptied: 27769981 bytes
->Java cache emptied: 38516960 bytes
->FireFox cache emptied: 6683588 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 46953 bytes

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7012 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49554 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 70.00 mb


[EMPTYFLASH]

User: All Users

User: ALPIMAS
->Flash cache emptied: 0 bytes

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.27.0 log created on 09112011_224340

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
C:\Users\ALPIMAS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XGMV532N\ads[4].htm moved successfully.
C:\Users\ALPIMAS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVJUVSYG\ads[4].htm moved successfully.
C:\Users\ALPIMAS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVJUVSYG\ads[5].htm moved successfully.
C:\Users\ALPIMAS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVJUVSYG\iframe[1].htm moved successfully.
C:\Users\ALPIMAS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZFMPHT0\306969-firefox-will-not-connect-to-internetie-connects-ff-wil-not[1].htm moved successfully.
C:\Users\ALPIMAS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZFMPHT0\ads[6].htm moved successfully.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QL6GK9F6\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1MM1SPX\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M3J1DWF\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JQHS8G2\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[ViruSpy]

OTL logfile created on: 11/09/2011 10:54:45 p.m. - Run 3
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\ALPIMAS\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 0000080A | Country: Mexico | Language: ESM | Date Format: dd/MM/yyyy

3.96 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 58.44% Memory free
8.09 Gb Paging File | 6.25 Gb Available in Paging File | 77.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 242.87 Gb Free Space | 84.33% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.97 Gb Free Space | 29.72% Space Free | Partition Type: NTFS
Drive E: | 7.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ALPIMAS-PC | User Name: ALPIMAS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/03 22:48:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\ALPIMAS\Desktop\OTL.exe
PRC - [2010/11/09 15:33:50 | 002,064,384 | ---- | M] () -- C:\Program Files (x86)\WhiteSmoke Translator\WSTrayDictMode.exe
PRC - [2010/08/12 19:44:36 | 019,084,472 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2010/01/19 17:48:26 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files (x86)\AGI\core\4.2.0.10752\AGCoreService.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/09/05 19:17:08 | 001,836,288 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2008/09/05 19:17:08 | 000,095,488 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2008/09/05 19:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2008/04/17 16:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe


========== Modules (No Company Name) ==========

MOD - [2010/11/09 15:33:50 | 002,064,384 | ---- | M] () -- C:\Program Files (x86)\WhiteSmoke Translator\WSTrayDictMode.exe
MOD - [2008/09/05 19:16:36 | 000,233,216 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
MOD - [2008/09/05 19:16:36 | 000,059,136 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2008/09/05 19:16:20 | 000,087,296 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/02/25 21:43:20 | 000,818,752 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2008/11/20 06:21:12 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/10/03 13:27:54 | 000,854,280 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV:64bit: - [2008/10/03 13:23:26 | 000,563,464 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/09/22 19:15:48 | 000,585,136 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV:64bit: - [2008/08/25 06:31:36 | 000,251,904 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_a2af78c4\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/08/25 06:31:22 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_a2af78c4\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/19 17:48:26 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files (x86)\AGI\core\4.2.0.10752\AGCoreService.exe -- (AGCoreService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/09/05 19:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/07 16:45:50 | 000,111,896 | ---- | M] (PCTEL) [On_Demand | Stopped] -- C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2008/07/07 16:45:36 | 000,124,184 | ---- | M] (PCTEL) [On_Demand | Stopped] -- C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe -- (CASprint)
SRV - [2008/04/17 16:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/01/20 22:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/16 08:33:36 | 000,050,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/20 06:20:52 | 000,022,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/10/27 07:21:50 | 001,374,712 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/10/27 02:25:30 | 000,315,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2008/10/27 02:25:30 | 000,168,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/10/03 13:23:46 | 000,080,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2008/10/03 13:23:40 | 000,277,008 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2008/10/03 13:23:36 | 000,192,528 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2008/09/03 07:59:18 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/09/03 07:58:16 | 008,029,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/08/25 07:26:08 | 000,199,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/08/25 06:35:36 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2008/08/25 06:31:46 | 000,458,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/08/16 03:01:34 | 000,235,536 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2008/08/16 03:01:32 | 000,042,000 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2008/08/16 02:58:10 | 001,839,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vsapint.sys -- (vsapint)
DRV:64bit: - [2008/08/02 18:36:16 | 000,243,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
DRV:64bit: - [2008/07/17 06:59:12 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/07/17 06:59:10 | 000,062,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/07/17 06:59:08 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/07/16 07:50:42 | 000,239,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/07/07 16:42:52 | 000,195,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV:64bit: - [2008/07/07 16:42:50 | 000,197,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV:64bit: - [2008/07/07 16:41:32 | 000,043,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\PCTINDIS5X64.SYS -- (PCTINDIS5X64)
DRV:64bit: - [2008/01/20 22:49:47 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 22:46:52 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2007/11/14 05:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/10/12 18:04:40 | 000,041,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCASp50a64.sys -- (PCASp50a64)
DRV:64bit: - [2007/09/06 17:30:24 | 000,198,144 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2007/06/20 16:57:36 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2007/05/31 15:39:32 | 000,027,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/01/18 17:10:22 | 000,030,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2008/07/07 16:42:52 | 000,028,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://prodigy.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://prodigy.msn.com/
IE - HKLM\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://prodigy.msn.com/
IE - HKCU\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files (x86)\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.27\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/03 22:34:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/03 20:54:16 | 000,000,000 | ---D | M]

[2011/09/03 20:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALPIMAS\AppData\Roaming\Mozilla\Extensions
[2009/10/07 13:03:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALPIMAS\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/09/03 22:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/08/08 13:10:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/16 00:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/19 08:22:50 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing-zugo.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/11 22:43:42 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - File not found
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] File not found
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [HotKeysCmds] File not found
O4 - HKLM..\Run: [IgfxTray] File not found
O4 - HKLM..\Run: [Persistence] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [SysTrayApp] File not found
O4 - HKLM..\Run: [UfSeAgnt.exe] File not found
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ooVoo.exe] C:\program files (x86)\oovoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [SightSpeed] File not found
O4 - HKCU..\Run: [Speech Recognition] File not found
O4 - HKCU..\Run: [WMPNSCFG] File not found
O4 - Startup: C:\Users\ALPIMAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\ALPIMAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found
O4 - Startup: C:\Users\ALPIMAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\ALPIMAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.38.1.90 66.38.0.240 66.38.1.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DAF6A87-4BA2-4BED-B861-F5D019D37AB2}: DhcpNameServer = 66.38.1.90 66.38.0.240 66.38.1.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{304BDE19-F312-43D0-B645-C61B958C98F6}: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O20 - Winlogon\Notify\dstfixx: DllName - dstfixx.dll - File not found
O20 - Winlogon\Notify\FastAccess: DllName - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O24 - Desktop WallPaper: C:\Users\ALPIMAS\Pictures\DSCF0077.JPG
O24 - Desktop BackupWallPaper: C:\Users\ALPIMAS\Pictures\DSCF0077.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/01 22:53:23 | 000,000,041 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/11 22:43:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/09 13:28:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/07 22:34:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/07 22:30:07 | 000,000,000 | ---D | C] -- C:\Users\ALPIMAS\AppData\Local\temp
[2011/09/07 22:27:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/07 22:27:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/07 22:27:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/06 22:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/09/06 22:17:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/09/06 22:16:34 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\ALPIMAS\Desktop\erunt_setup.exe
[2011/09/06 03:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2011/09/06 03:58:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2011/09/05 09:23:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/05 09:23:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/05 09:23:03 | 004,192,529 | R--- | C] (Swearware) -- C:\Users\ALPIMAS\Desktop\ComboFix.exe
[2011/09/04 23:31:32 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\ALPIMAS\Desktop\aswMBR(1).exe
[2011/09/03 22:48:10 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\ALPIMAS\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2011/09/11 22:57:09 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2011/09/11 22:57:03 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2011/09/11 22:56:18 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C49DCAFF-9550-4809-B387-0A17B44F2D64}.job
[2011/09/11 22:56:00 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{830A53C7-A521-4EFD-8571-D3AB6FDC631D}.job
[2011/09/11 22:52:49 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/09/11 22:50:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/11 22:47:31 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011/09/11 22:47:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/11 22:47:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/11 22:46:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/11 22:43:42 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/10 13:10:25 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/07 09:21:00 | 376,226,746 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/06 22:17:55 | 000,000,945 | ---- | M] () -- C:\Users\ALPIMAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/09/06 22:17:51 | 000,000,765 | ---- | M] () -- C:\Users\ALPIMAS\Desktop\NTREGOPT.lnk
[2011/09/06 22:17:51 | 000,000,746 | ---- | M] () -- C:\Users\ALPIMAS\Desktop\ERUNT.lnk
[2011/09/06 22:17:26 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\ALPIMAS\Desktop\erunt_setup.exe
[2011/09/06 04:01:50 | 000,283,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/06 03:15:33 | 000,718,604 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/06 03:15:33 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/06 03:15:33 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/05 09:23:21 | 004,192,529 | R--- | M] (Swearware) -- C:\Users\ALPIMAS\Desktop\ComboFix.exe
[2011/09/04 23:11:18 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\ALPIMAS\Desktop\aswMBR(1).exe
[2011/09/03 22:48:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\ALPIMAS\Desktop\OTL.exe
[2011/09/03 22:34:38 | 000,000,914 | ---- | M] () -- C:\Users\ALPIMAS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/03 22:34:38 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/03 21:04:19 | 000,001,460 | ---- | M] () -- C:\Users\ALPIMAS\AppData\Local\d3d9caps64.dat
[2011/08/25 22:26:39 | 003,654,276 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC04648.JPG
[2011/08/25 22:26:32 | 003,681,259 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC04604.JPG
[2011/08/25 22:26:27 | 001,466,942 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC04595.JPG
[2011/08/25 22:26:18 | 001,468,710 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC04354.JPG
[2011/08/25 22:24:37 | 003,706,199 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC04054.JPG
[2011/08/25 22:24:31 | 001,471,513 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC04034.JPG
[2011/08/25 22:13:51 | 004,033,566 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC00596.JPG
[2011/08/25 22:13:43 | 002,297,734 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC05470.JPG
[2011/08/25 22:13:29 | 003,782,800 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC05401.JPG
[2011/08/25 22:13:22 | 003,019,984 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC05388.JPG
[2011/08/25 22:13:05 | 003,814,192 | ---- | M] () -- C:\Users\ALPIMAS\Documents\DSC05371.JPG

========== Files Created - No Company Name ==========

[2011/09/07 22:27:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/07 22:27:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/07 22:27:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/07 22:27:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/07 22:27:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/06 22:17:55 | 000,000,945 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/09/06 22:17:51 | 000,000,765 | ---- | C] () -- C:\Users\ALPIMAS\Desktop\NTREGOPT.lnk
[2011/09/06 22:17:51 | 000,000,746 | ---- | C] () -- C:\Users\ALPIMAS\Desktop\ERUNT.lnk
[2011/09/06 13:15:01 | 000,000,396 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{C49DCAFF-9550-4809-B387-0A17B44F2D64}.job
[2011/09/06 08:45:58 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2011/09/06 08:45:57 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2011/09/06 03:42:30 | 000,316,416 | ---- | C] () -- C:\Windows\SysNative\msshsq.dll
[2011/09/06 03:22:39 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\winrsmgr.dll
[2011/09/06 03:22:36 | 000,013,312 | ---- | C] () -- C:\Windows\SysNative\wsmplpxy.dll
[2011/09/06 03:22:36 | 000,013,312 | ---- | C] () -- C:\Windows\SysNative\winrssrv.dll
[2011/09/06 03:22:24 | 000,053,760 | ---- | C] () -- C:\Windows\SysNative\pwrshplugin.dll
[2011/09/06 03:22:22 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\winrs.exe
[2011/09/06 03:22:22 | 000,024,064 | ---- | C] () -- C:\Windows\SysNative\winrshost.exe
[2011/09/06 03:22:22 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\wsmprovhost.exe
[2011/09/06 03:22:19 | 000,232,960 | ---- | C] () -- C:\Windows\SysNative\wecsvc.dll
[2011/09/06 03:22:19 | 000,113,152 | ---- | C] () -- C:\Windows\SysNative\wevtfwd.dll
[2011/09/06 03:22:19 | 000,113,152 | ---- | C] () -- C:\Windows\SysNative\wecutil.exe
[2011/09/06 03:22:19 | 000,084,992 | ---- | C] () -- C:\Windows\SysNative\wecapi.dll
[2011/09/06 03:22:19 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\WsmRes.dll
[2011/09/06 03:22:16 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2011/09/06 03:22:16 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2011/09/06 03:22:16 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2011/09/06 03:22:16 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2011/09/06 03:22:16 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2011/09/06 03:22:16 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2011/09/06 03:22:15 | 002,050,048 | ---- | C] () -- C:\Windows\SysNative\WsmSvc.dll
[2011/09/06 03:22:15 | 000,370,688 | ---- | C] () -- C:\Windows\SysNative\winrscmd.dll
[2011/09/06 03:22:15 | 000,352,768 | ---- | C] () -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2011/09/06 03:22:15 | 000,348,672 | ---- | C] () -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2011/09/06 03:22:15 | 000,310,272 | ---- | C] () -- C:\Windows\SysNative\WsmWmiPl.dll
[2011/09/06 03:22:15 | 000,180,736 | ---- | C] () -- C:\Windows\SysNative\WsmAuto.dll
[2011/09/06 01:15:46 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2011/09/06 01:15:46 | 001,488,384 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2011/09/06 01:15:46 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2011/09/06 01:15:46 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2011/09/06 01:15:46 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2011/09/06 01:15:46 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2011/09/06 01:15:45 | 002,339,840 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2011/09/06 01:15:45 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2011/09/06 01:15:45 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2011/09/06 01:15:45 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2011/09/06 01:15:45 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2011/09/06 01:15:44 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2011/09/06 01:15:43 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2011/09/06 01:15:43 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2011/09/06 01:15:43 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2011/09/06 01:15:42 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2011/09/06 01:15:41 | 012,477,440 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2011/09/06 01:15:41 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2011/09/06 01:15:41 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2011/09/06 01:15:40 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2011/09/06 01:15:39 | 009,272,320 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2011/09/06 01:15:39 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2011/09/06 01:15:38 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2011/09/06 01:15:38 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2011/09/06 01:04:48 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2011/09/06 00:50:01 | 001,923,584 | ---- | C] () -- C:\Windows\SysNative\ole32.dll
[2011/09/06 00:49:15 | 000,847,872 | ---- | C] () -- C:\Windows\SysNative\oleaut32.dll
[2011/09/06 00:48:55 | 000,189,952 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2011/09/06 00:48:52 | 000,633,856 | ---- | C] () -- C:\Windows\SysNative\comctl32.dll
[2011/09/06 00:48:32 | 001,208,832 | ---- | C] () -- C:\Windows\SysNative\kernel32.dll
[2011/09/06 00:42:29 | 002,762,240 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2011/09/06 00:42:20 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2011/09/06 00:42:20 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2011/09/06 00:42:17 | 000,274,432 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2011/09/06 00:42:17 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2011/09/06 00:42:17 | 000,105,984 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2011/09/06 00:42:13 | 000,407,552 | ---- | C] () -- C:\Windows\SysNative\drivers\afd.sys
[2011/09/06 00:42:07 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2011/09/06 00:42:07 | 000,613,376 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2011/09/06 00:41:48 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\odbc32.dll
[2011/09/06 00:41:35 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2011/09/06 00:41:34 | 000,454,144 | ---- | C] () -- C:\Windows\SysNative\shlwapi.dll
[2011/09/06 00:41:22 | 013,425,152 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2011/09/06 00:41:15 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2011/09/06 00:40:41 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi
[2011/09/06 00:40:41 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe
[2011/09/06 00:40:40 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi
[2011/09/06 00:40:40 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe
[2011/09/06 00:40:40 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll
[2011/09/06 00:40:40 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll
[2011/09/06 00:40:40 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll
[2011/09/06 00:40:37 | 000,087,552 | ---- | C] () -- C:\Windows\SysNative\consent.exe
[2011/09/06 00:40:32 | 002,424,320 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
[2011/09/06 00:40:31 | 000,730,624 | ---- | C] () -- C:\Windows\SysNative\mstsc.exe
[2011/09/06 00:40:19 | 000,301,568 | ---- | C] () -- C:\Windows\SysNative\shsvcs.dll
[2011/09/06 00:28:29 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys
[2011/09/06 00:28:25 | 000,560,128 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2011/09/06 00:28:25 | 000,416,768 | ---- | C] () -- C:\Windows\SysNative\sbe.dll
[2011/09/06 00:28:25 | 000,226,816 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2011/09/06 00:28:25 | 000,210,944 | ---- | C] () -- C:\Windows\SysNative\sbeio.dll
[2011/09/06 00:28:16 | 000,179,712 | ---- | C] () -- C:\Windows\SysNative\srvsvc.dll
[2011/09/06 00:28:16 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
[2011/09/06 00:28:16 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\sscore.dll
[2011/09/06 00:18:08 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\drivers\dfsc.sys
[2011/09/06 00:18:06 | 000,344,576 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2011/09/06 00:18:04 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2011/09/06 00:16:52 | 004,692,368 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2011/09/06 00:16:51 | 001,560,960 | ---- | C] () -- C:\Windows\SysNative\ntdll.dll
[2011/09/06 00:15:45 | 001,251,840 | ---- | C] () -- C:\Windows\SysNative\sdclt.exe
[2011/09/06 00:15:41 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2011/09/06 00:15:41 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2011/09/06 00:15:40 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2011/09/06 00:15:36 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2011/09/06 00:15:13 | 000,450,048 | ---- | C] () -- C:\Windows\SysNative\winsrv.dll
[2011/09/06 00:15:13 | 000,085,504 | ---- | C] () -- C:\Windows\SysNative\csrsrv.dll
[2011/09/06 00:15:11 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll
[2011/09/06 00:15:10 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll
[2011/09/06 00:14:52 | 001,090,048 | ---- | C] () -- C:\Windows\SysNative\wmpmde.dll
[2011/09/06 00:14:48 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll
[2011/09/06 00:14:48 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll
[2011/09/06 00:14:48 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe
[2011/09/06 00:14:44 | 000,854,528 | ---- | C] () -- C:\Windows\SysNative\schedsvc.dll
[2011/09/06 00:14:44 | 000,655,872 | ---- | C] () -- C:\Windows\SysNative\taskschd.dll
[2011/09/06 00:14:44 | 000,499,712 | ---- | C] () -- C:\Windows\SysNative\wmicmiplugin.dll
[2011/09/06 00:14:43 | 000,410,112 | ---- | C] () -- C:\Windows\SysNative\taskcomp.dll
[2011/09/06 00:14:43 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\taskeng.exe
[2011/09/04 23:18:20 | 376,226,746 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/03 22:34:38 | 000,000,914 | ---- | C] () -- C:\Users\ALPIMAS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/03 22:34:38 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/03 22:34:38 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/26 12:42:20 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager .INI
[2010/09/25 14:46:42 | 000,000,112 | ---- | C] () -- C:\ProgramData\Jy8atcgh5.dat
[2010/09/15 19:50:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/14 18:03:45 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/06/28 00:25:42 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2009/10/16 16:44:33 | 000,001,460 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Local\d3d9caps64.dat
[2009/09/28 15:44:33 | 000,000,109 | ---- | C] () -- C:\Windows\TmProxy.ini
[2009/06/20 12:26:37 | 000,024,226 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Roaming\UserTile.png
[2009/04/07 17:28:47 | 000,000,552 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Local\d3d8caps.dat
[2009/01/21 00:00:03 | 000,005,962 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Roaming\wklnhst.dat
[2009/01/20 23:35:55 | 000,027,136 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/20 13:12:11 | 000,006,756 | ---- | C] () -- C:\Users\ALPIMAS\AppData\Local\d3d9caps.dat
[2009/01/19 23:13:41 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2009/01/19 23:13:41 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2009/01/19 23:13:41 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2009/01/19 23:13:41 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2009/01/19 23:13:41 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2009/01/19 23:13:41 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2009/01/19 23:13:41 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2009/01/19 23:13:41 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2009/01/19 23:13:41 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2009/01/19 23:13:41 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2009/01/19 23:13:41 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2009/01/19 23:13:41 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2009/01/19 23:13:41 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2009/01/19 23:13:41 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2009/01/19 23:13:41 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2009/01/19 23:13:41 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/01/19 23:10:31 | 000,000,079 | ---- | C] () -- C:\Windows\EPWF600.ini
[2008/12/30 07:09:38 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2008/12/30 07:09:38 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/12/30 06:42:45 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2008/12/30 06:42:45 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2008/12/30 06:42:45 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/12/30 05:51:20 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/09/05 19:16:36 | 000,233,216 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2008/09/05 19:16:36 | 000,059,136 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2008/09/05 19:16:20 | 000,087,296 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2008/07/07 16:42:52 | 000,028,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\swmsflt.sys
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2009/02/21 21:21:37 | 000,000,000 | ---D | M] -- C:\Users\ALPIMAS\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/28 20:02:37 | 000,000,000 | ---D | M] -- C:\Users\ALPIMAS\AppData\Roaming\Epson
[2010/06/26 21:23:25 | 000,000,000 | ---D | M] -- C:\Users\ALPIMAS\AppData\Roaming\FrostWire
[2009/01/19 23:20:45 | 000,000,000 | ---D | M] -- C:\Users\ALPIMAS\AppData\Roaming\Leadertech
[2010/01/10 15:06:18 | 000,000,000 | ---D | M] -- C:\Users\ALPIMAS\AppData\Roaming\ooVoo Details
[2010/06/22 21:03:04 | 000,000,000 | ---D | M] -- C:\Users\ALPIMAS\AppData\Roaming\oovootb
[2009/07/23 10:58:45 | 000,000,000 | ---D | M] -- C:\Users\ALPIMAS\AppData\Roaming\PeerNetworking
[2010/10/23 14:34:30 | 000,000,000 | ---D | M] -- C:\Users\ALPIMAS\AppData\Roaming\Template
[2011/09/07 22:25:39 | 000,000,000 | ---D | M] -- C:\Users\ALPIMAS\AppData\Roaming\WhiteSmokeTranslator
[2011/09/11 22:45:24 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/11 22:56:00 | 000,000,396 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{830A53C7-A521-4EFD-8571-D3AB6FDC631D}.job
[2011/09/11 22:57:20 | 000,000,396 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C49DCAFF-9550-4809-B387-0A17B44F2D64}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/09/21 18:42:59 | 000,025,470 | ---- | M] ()(C:\Users\ALPIMAS\Documents\Hmph ?.txt) -- C:\Users\ALPIMAS\Documents\Hmph ♥.txt
[2010/09/21 18:42:58 | 000,025,470 | ---- | C] ()(C:\Users\ALPIMAS\Documents\Hmph ?.txt) -- C:\Users\ALPIMAS\Documents\Hmph ♥.txt

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >