Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

removing "trojan win64/sirefef.b" causes windows 7 to not star


  • This topic is locked This topic is locked

#1
rotccapt

rotccapt

    New Member

  • Member
  • Pip
  • 9 posts
hello i am working on my inlaws computer and it is having multiple problems, random redirects, pop ups and unusual performance. also windows firewall is disabled and i get error code 0x80070424 when i try to turn it on. also ocasionaly i get a pop up that apears to be part of a security software but i can not open the program it just gives me the option to rescan, fix errors. they had mcafee at one point but the program can not be found in the start menu but the folder still exists in c: program files. i installed malware bites and it found 5 threats and claimes to have sucsessfully fixed these. i also installed microsoft security essentials and it found multiple threats and removed all but one "win64/sirefef.b" when i remove this threat it requests a restart and then will not load windows. i have to restore to a previous point to get the computer back up and running just to go back through the same dance if i try to remove it again.

i will have access to the computer till May 21 2012 so if i could get help before then i would apreciate it. thank you for your help.

here is the last log from malwarebites

Malwarebytes' Anti-Malware 1.44
Database version: 3610
Windows 6.1.7600
Internet Explorer 9.0.8112.16421

5/15/2012 3:09:01 PM
mbam-log-2012-05-15 (15-09-01).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 503599
Time elapsed: 1 hour(s), 55 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Windows\SysWOW64\%appdata%\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{96afbe69-c3b0-4b00-8578-d933d2896ee2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96afbe69-c3b0-4b00-8578-d933d2896ee2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\SysWOW64\%appdata%\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.

and OTL

OTL logfile created on: 5/15/2012 8:09:14 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\david\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 62.83% Memory free
7.75 Gb Paging File | 5.88 Gb Available in Paging File | 75.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.72 Gb Total Space | 78.21 Gb Free Space | 17.24% Space Free | Partition Type: NTFS
Drive D: | 11.94 Gb Total Space | 2.17 Gb Free Space | 18.20% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: david | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/15 20:08:56 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\david\Downloads\OTL.exe
PRC - [2012/01/19 10:18:33 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/10/25 10:59:16 | 000,244,960 | ---- | M] () -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/02 11:38:28 | 000,176,408 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/12 03:24:45 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d932bdb0712c33e0000c75035dbe74d1\PresentationFramework.ni.dll
MOD - [2012/04/12 03:24:25 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b7bec10dca3f27113cc91c24b79c8f75\System.Drawing.ni.dll
MOD - [2012/04/12 03:24:21 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\66fdd11e758f6c833fbc173338c1ff5b\PresentationCore.ni.dll
MOD - [2012/04/04 20:52:24 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2012/02/15 04:29:41 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\0794d7af09099432ebfb51af1d7f15ae\System.Management.ni.dll
MOD - [2012/02/15 04:25:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6954c7f14ea634672cdacf2cd793497e\PresentationFramework.Aero.ni.dll
MOD - [2012/02/15 04:25:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 04:25:05 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\c06a0517281bb4a9c7fcaeb58d38cd63\System.Data.ni.dll
MOD - [2012/02/15 04:24:27 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll
MOD - [2012/02/15 04:24:23 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/02/15 04:24:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012/02/15 04:24:18 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2011/10/13 03:25:41 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a3f989a61ab0468876629134c49514b2\UIAutomationTypes.ni.dll
MOD - [2011/10/13 03:25:16 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/07/03 10:50:29 | 000,181,248 | -H-- | M] () -- C:\Program Files (x86)\Play Pickle\pptl.dll
MOD - [2010/06/30 00:12:54 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/06/30 00:12:52 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/06/30 00:12:42 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/06/30 00:12:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/06/30 00:12:40 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/06/30 00:12:40 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/06/30 00:12:36 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/06/30 00:12:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/06/10 17:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/02 18:42:36 | 000,017,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/03/27 14:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/10/25 10:59:16 | 000,244,960 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/02 11:38:28 | 000,176,408 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/08 16:32:52 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/08/13 16:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/31 01:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/08/19 16:47:48 | 000,051,744 | -H-- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Free Ride Games\X5XS64Ex.sys -- (X5XS64Ex)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{5BA5F6EE-0B24-4C4E-B239-9258741550EF}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{607855CD-12A2-4249-BD04-F246C0594D98}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files (x86)\iWin\tbiWin.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files (x86)\Free_Ride_Games\tbFre1.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{5BA5F6EE-0B24-4C4E-B239-9258741550EF}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{607855CD-12A2-4249-BD04-F246C0594D98}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1320680
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheri...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files (x86)\iWin\tbiWin.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files (x86)\Free_Ride_Games\tbFre1.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {379290B3-8C7E-4127-921C-5C3C3371BE62}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...s}&locale=en_US
IE - HKCU\..\SearchScopes\{379290B3-8C7E-4127-921C-5C3C3371BE62}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKCU\..\SearchScopes\{55CD823B-57C9-4386-AE62-23A6B673BE66}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{5BA5F6EE-0B24-4C4E-B239-9258741550EF}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{607855CD-12A2-4249-BD04-F246C0594D98}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7RNTM_en
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1320680
IE - HKCU\..\SearchScopes\{DDE0AF19-47DE-4867-86C6-D9F9B135E684}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



Hosts file not found
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Play Pickle Text) - {02F0243C-2E71-4a1a-A790-6C30888119D0} - C:\Program Files (x86)\Play Pickle\pptl.dll ()
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files (x86)\Family Toolbar\tbcore3.dll ()
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Dogpile Bundle Toolbar BHO) - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\Program Files (x86)\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O2 - BHO: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files (x86)\iWin\tbiWin.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (CMySite Class) - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files (x86)\Family Toolbar\mhxpcomi.dll ()
O2 - BHO: (Free Ride Games Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files (x86)\Free_Ride_Games\tbFre1.dll (Conduit Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files (x86)\iWin\tbiWin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Free Ride Games Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files (x86)\Free_Ride_Games\tbFre1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files (x86)\Family Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (iWin Toolbar) - {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - C:\Program Files (x86)\iWin\tbiWin.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Free Ride Games Toolbar) - {F92A9FE4-2850-4198-B9D5-279880E49B16} - C:\Program Files (x86)\Free_Ride_Games\tbFre1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files (x86)\Family Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PC MightyMax 2010 Tray Icon] C:\Program Files (x86)\PC MightyMax 2010\TrayIcon.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF4B6D31-8A27-4C04-9896-4C32350A8C15}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\inbox - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\mhtb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\rebinfo - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files (x86)\Family Toolbar\mhxpcomi.dll ()
O18 - Protocol\Handler\rebinfo {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files (x86)\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{052c784a-09b3-11df-9b64-90e6baa526bf}\Shell - "" = AutoRun
O33 - MountPoints2\{052c784a-09b3-11df-9b64-90e6baa526bf}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


========== Files/Folders - Created Within 30 Days ==========

[2012/05/15 20:06:42 | 000,000,000 | ---D | C] -- C:\Users\david\Desktop\virus fixing
[2012/05/15 19:54:11 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{3143E9B7-A263-4BC6-BC9F-6B91B4143C42}
[2012/05/15 19:53:59 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{23161939-FC30-452C-9C68-E0B3A32C18A8}
[2012/05/15 18:56:13 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{E5032266-DFDE-4B50-9212-5DCAE13414F1}
[2012/05/15 18:56:00 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{F7F3B2EC-C3B8-405C-8219-0F5E6C29CB0B}
[2012/05/15 18:05:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2012/05/15 17:28:40 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{3F7968D4-D306-4DA2-9821-ABDB071BCED7}
[2012/05/15 17:28:28 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{9B07421D-766A-4F9E-B29D-161A386ABF32}
[2012/05/15 17:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/05/15 16:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/05/15 16:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/05/15 16:55:28 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Roaming\TestApp
[2012/05/15 16:49:54 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{240206B3-680E-4D81-854A-CC8CFA464F0D}
[2012/05/15 16:49:41 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{EF491E3D-3F3F-407A-9E05-9B90D0253CD2}
[2012/05/15 16:31:41 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{F32AF9D6-7C47-4076-853C-DE2EC7ACE665}
[2012/05/15 16:31:25 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{0B102CE1-EB1B-4761-B012-F3E856FB4834}
[2012/05/15 16:05:17 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{CA285B2F-4909-4C0E-AEE8-E191DD9E1718}
[2012/05/15 16:05:02 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{76C5FE3C-0073-4853-8017-37FB97FE4F91}
[2012/05/15 15:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2012/05/15 15:50:20 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{10BAFA4E-D63D-4ED9-B164-0412A80FDEBD}
[2012/05/15 15:49:56 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{0429431D-C820-43DF-8FA4-46849C753B6E}
[2012/05/15 12:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/05/15 12:29:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/05/15 12:18:58 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{A421E472-05D8-40BA-A062-79FCF6E0D831}
[2012/05/15 12:18:42 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Roaming\Apple Computer
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/15 19:59:53 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/15 19:59:53 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/15 19:56:33 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/15 19:56:33 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/15 19:56:33 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/15 19:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/05/15 19:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At39.job
[2012/05/15 19:52:55 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/15 19:52:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/15 19:52:07 | 3119,374,336 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/15 18:54:44 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFordavid.job
[2012/05/15 15:57:27 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2012/05/15 15:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/05/15 15:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At31.job
[2012/05/15 15:37:11 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/05/15 15:37:11 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForlynne.job
[2012/05/13 03:00:19 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/13 03:00:19 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/05/13 03:00:19 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At48.job
[2012/05/13 03:00:19 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At46.job
[2012/05/13 03:00:19 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/05/13 03:00:19 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/05/13 03:00:19 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At47.job
[2012/05/13 03:00:19 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/05/13 03:00:19 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/05/13 03:00:14 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/05/13 03:00:14 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At45.job
[2012/05/13 03:00:14 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At43.job
[2012/05/12 20:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/05/12 20:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At41.job
[2012/05/12 19:45:09 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/05/12 19:45:09 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At37.job
[2012/05/12 18:03:43 | 000,000,448 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for LYNNE.job
[2012/05/12 17:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/05/12 17:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At35.job
[2012/05/12 17:20:21 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/05/12 17:20:21 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/05/12 17:20:21 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/05/12 17:20:21 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At33.job
[2012/05/12 17:20:21 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At29.job
[2012/05/12 17:20:21 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At27.job
[2012/05/12 12:57:14 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/05/12 12:57:14 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/05/12 12:57:14 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At24.job
[2012/05/12 12:57:14 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At22.job
[2012/05/12 12:57:14 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At20.job
[2012/05/12 12:57:14 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At18.job
[2012/05/12 12:57:14 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At16.job
[2012/05/12 12:57:14 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At14.job
[2012/05/12 12:57:14 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At12.job
[2012/05/12 12:57:14 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/05/12 12:57:14 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At9.job
[2012/05/12 12:57:14 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At7.job
[2012/05/12 12:57:14 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At25.job
[2012/05/12 12:57:14 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At23.job
[2012/05/12 12:57:14 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At21.job
[2012/05/12 12:57:14 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At19.job
[2012/05/12 12:57:14 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At17.job
[2012/05/12 12:57:14 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At15.job
[2012/05/12 12:57:14 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At13.job
[2012/05/12 12:57:14 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At11.job
[2012/04/30 10:00:00 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/15 17:37:33 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleFordavid.job
[2012/05/15 15:57:27 | 000,001,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/15 15:57:27 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2012/01/27 14:47:58 | 000,000,280 | -H-- | C] () -- C:\ProgramData\~EtOodXBa27igN5
[2012/01/27 14:47:58 | 000,000,192 | -H-- | C] () -- C:\ProgramData\~EtOodXBa27igN5r
[2012/01/27 14:47:53 | 000,000,344 | -H-- | C] () -- C:\ProgramData\EtOodXBa27igN5
[2012/01/02 12:04:52 | 000,008,936 | -HS- | C] () -- C:\ProgramData\0vhak66pl0tc4kamv01vl858567g0m1175qc44co54q10
[2011/12/25 10:42:44 | 000,009,468 | -HS- | C] () -- C:\ProgramData\2qol718xakttsfuu0sonc613pl7t7
[2011/12/24 18:07:08 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\HDtt52.com
[2011/12/22 16:42:13 | 000,011,420 | -HS- | C] () -- C:\ProgramData\0v7s8tt7nfpx28154a
[2011/12/17 00:19:30 | 000,011,932 | -HS- | C] () -- C:\ProgramData\lpimos2h3dbd2qke1jux3u611j6e
[2011/04/06 23:30:39 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~54255368r
[2011/04/06 23:30:39 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~54255368
[2011/04/06 23:30:35 | 000,000,336 | -H-- | C] () -- C:\ProgramData\54255368
[2011/04/06 23:30:34 | 000,479,232 | -H-- | C] () -- C:\ProgramData\54255368.exe
[2011/04/06 23:17:02 | 000,080,898 | -H-- | C] () -- C:\ProgramData\Vh4aq812.exe
[2011/04/06 23:16:51 | 000,000,112 | -H-- | C] () -- C:\ProgramData\TQK4c3K0.dat
[2011/04/06 23:13:52 | 000,548,864 | -H-- | C] () -- C:\ProgramData\VMoQecwufX .exe
[2011/04/06 23:13:52 | 000,126,980 | -H-- | C] () -- C:\ProgramData\VMoQecwufX.exe
[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:E81E58FA
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:6DA18708
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:67F0F865
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:AA857467

< End of report >



OTL Extras logfile created on: 5/15/2012 8:09:14 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\david\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 62.83% Memory free
7.75 Gb Paging File | 5.88 Gb Available in Paging File | 75.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.72 Gb Total Space | 78.21 Gb Free Space | 17.24% Space Free | Partition Type: NTFS
Drive D: | 11.94 Gb Total Space | 2.17 Gb Free Space | 18.20% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: david | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08BAE8A1-87EE-4B18-A1A0-6F388F319106}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{09400038-4FC3-4D78-A48F-91566F936EF4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{262695A0-E901-4CC4-B605-5302E1F83AEB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2843FD7E-AF70-46B5-9032-48BE8AFB5725}" = rport=138 | protocol=17 | dir=out | app=system |
"{3720B4D4-DBA7-44CA-89DE-77AD805A7988}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4A3734E6-02DE-43F7-9F88-A6DECC346EE9}" = lport=445 | protocol=6 | dir=in | app=system |
"{6D2DDA66-0FE9-42F6-B982-8FDB2387B546}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7061656E-982B-4E88-8818-023F3F63FA78}" = lport=137 | protocol=17 | dir=in | app=system |
"{85F5A008-149A-4D83-82B3-2D24F97DA7AA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8E0321E3-4AAC-4DC3-8A06-AEB57ED68E23}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8E33551C-1D33-4FC5-966D-DEDBC796E16A}" = rport=445 | protocol=6 | dir=out | app=system |
"{8F581F3B-91CA-435B-87CC-89169BD8DFFD}" = rport=139 | protocol=6 | dir=out | app=system |
"{9025116A-CEA0-460E-99E5-83D69EACD931}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{983F4805-1070-41F2-83D4-864CAC1B0386}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9AA884AD-AF62-4F75-BAC1-21188ED65578}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9C517963-D017-4E7E-A69E-2C0CD5499DBF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3818339-492A-495B-90B0-F97589E2B4CE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{BEF6F7F7-3DE8-4C5A-9CFF-D6BBE50127EC}" = rport=137 | protocol=17 | dir=out | app=system |
"{C0FB3873-E284-45C8-BA85-64B5899E78DD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C1AEFF54-7D74-4BB6-9920-69091C0C3887}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C7F9F48F-DB43-468B-A8A3-41F237418C95}" = lport=138 | protocol=17 | dir=in | app=system |
"{CCFF9E77-1959-417D-A123-8C7E5AEFF8E7}" = lport=139 | protocol=6 | dir=in | app=system |
"{D89C858D-E56F-4349-8051-24E38F0F19C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EC4582E9-AA93-4952-9916-7D0C44781EDB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F10A01F1-2379-4633-AD0D-85570A1E0E2E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F8836B21-782F-4581-BA35-005CDD24D068}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07E6FBCD-8E51-447D-835B-B8D202AC0C41}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{0808D8D5-6798-43C6-9522-FE491ECB5DCF}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{14A21058-4CAD-4245-9083-8577AB43B01B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{180ADF58-B0B7-41AC-957C-4685B5D272AA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{19BD40F0-6BED-4BE5-B0D8-2D3D430FA7EF}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4059}" = protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4060}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{28C108F0-CAD1-443E-8922-773C3DCEA50A}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{2903B411-344C-42BD-841D-884E6976939B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2E12CA57-B509-47BF-AECE-BE26847A9534}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{31D05D10-E717-4177-B4D8-90299F677A49}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{3D7E2368-2CDE-47D7-8C58-D3B791FE0839}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{45EBD322-FCD3-4AEB-AF07-9AAE503E43C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4B032A36-9A29-40FE-8C2D-1419AD4C4027}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4B3A1371-9DE3-46EA-94B1-318BF14C7A3A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{4CB8F826-B699-44B5-97C8-9C7BD5BE8224}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4CF27746-1643-4394-938D-A9F649A1503D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{4F658127-CD70-4417-9903-C6C43DE0BB81}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{5436247D-8D5E-4975-9B73-FA97BB06531E}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe |
"{587A41A5-65D7-4101-8939-03977AD5283A}" = protocol=17 | dir=in | app=c:\program files (x86)\dogpile bundle toolbar\troubleshooter.exe |
"{5DD9DC99-59C9-46F9-8F53-C8314912201B}" = protocol=6 | dir=out | app=system |
"{632AB616-E457-4C60-8629-A47AA44457D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F7B3980-ACA8-4424-85D6-36D6DFC4323D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7073D23D-F8DE-4E38-A547-1494E12B5EC7}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{756E71CA-2384-4386-B7E9-13BD8F7CEDC8}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{7C5C9DC7-6041-4AED-8FCC-01B889C65202}" = protocol=17 | dir=in | app=c:\users\david\appdata\local\temp\7zs9bc2.tmp\symnrt.exe |
"{81228447-6CB9-4367-80AD-EB8634A8258B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87E12A4A-CB22-4F4E-BE78-15C2CAC8988A}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{89EC2BC4-34B2-4ECD-9BC6-46AA670EF3BD}" = protocol=17 | dir=in | app=c:\program files (x86)\dogpile bundle toolbar\toolbarupdate.exe |
"{8A4B69D3-DDD3-4E83-902D-12FDB901E63B}" = protocol=6 | dir=in | app=c:\program files (x86)\dogpile bundle toolbar\troubleshooter.exe |
"{90B6E246-E52D-4C24-8DE8-810F415B5B9E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{9A32709B-2F27-4FCC-88EE-BD5731235833}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{9A8CAD57-E84E-4EFB-B2FD-41809D76A3E1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{9D52BABA-C87E-4B08-9C16-B8E0EE603FB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9D7EC0FD-F076-40E3-9859-6883F64AFF7C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B069969E-381E-4A0E-953B-15B570A25F6C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{B06FD065-8FF1-4148-B423-43AE4582740E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{BAEAF8B0-096B-4285-9612-22A7245C9E6F}" = protocol=1 | dir=out | [email protected],-28544 |
"{BF25652A-95CF-4258-950F-1FE7AC7ABC97}" = protocol=6 | dir=in | app=c:\program files (x86)\dogpile bundle toolbar\toolbarupdate.exe |
"{C0924419-F433-4972-9DCB-97E743669FA5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C181F9C1-EAAC-45BB-848C-37B2A86062C2}" = protocol=58 | dir=out | [email protected],-28546 |
"{C7740DC8-8377-485D-B662-8D0DF8CAA5FD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CDE4050F-2A30-4255-8802-9F064C3B75EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2774BC6-EEEB-4316-8E6D-AB3D2A129020}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D6B37156-020C-44DA-8B8D-D643091AF4FC}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{DD9A3E8B-78A7-4CAE-8166-0D67A6A0038F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E407A625-5E31-49C2-9113-53926CCA069D}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe |
"{E6443E7C-33E1-432C-9016-8F5FB39BF8FE}" = protocol=1 | dir=in | [email protected],-28543 |
"{E8E14C37-D56D-4594-ABD0-28DE87F51407}" = protocol=58 | dir=in | [email protected],-28545 |
"{EB6ACB70-780C-4AF4-AC80-E5413E5876DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EDC02499-914C-49B1-8A34-5E606622A61C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{F1082E94-E6D8-4D1D-94FE-6B465E8662FE}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe |
"{F913B2CB-5FD6-4B7A-9236-1DD13741BDB6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F94B434F-5CC5-4737-9736-E0FB838E4843}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe |
"{FCD1C249-AE1F-4E91-91BA-E2D8BFB2135A}" = protocol=6 | dir=in | app=c:\users\david\appdata\local\temp\7zs9bc2.tmp\symnrt.exe |
"{FD0B659E-8685-4E08-BF71-3E3268C46914}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{FD1D957A-48E4-4BCF-A714-61C9E4650351}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{1A198277-EE11-45E6-ADFD-5C1D71704531}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"TCP Query User{42E9A456-4729-4157-9A58-612B2FA5CF04}C:\users\lynne\appdata\roaming\momo\caiks.exe" = protocol=6 | dir=in | app=c:\users\lynne\appdata\roaming\momo\caiks.exe |
"TCP Query User{4608FF36-1000-42B4-B663-A414AB93DEC9}C:\users\public\hex-5823-6893-6818\jusched.exe" = protocol=6 | dir=in | app=c:\users\public\hex-5823-6893-6818\jusched.exe |
"TCP Query User{4FEF556C-739B-47F5-9834-6221C2218BF9}C:\users\lynne\appdata\local\temp\gutkfa.exe" = protocol=6 | dir=in | app=c:\users\lynne\appdata\local\temp\gutkfa.exe |
"TCP Query User{64DFF8C5-9924-4366-8FB4-A72E92B2EF40}C:\windows\temp\temp2019185512642122.exe" = protocol=6 | dir=in | app=c:\windows\temp\temp2019185512642122.exe |
"TCP Query User{73B9FB4B-3046-476C-A52B-9F0AB93DEE17}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{C2626068-9197-4BF6-B6CA-24DF0DEDFEE7}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{D89A5E52-E79D-4287-A59E-25727FD4DED7}C:\users\lynne\appdata\local\temp\akeq.exe" = protocol=6 | dir=in | app=c:\users\lynne\appdata\local\temp\akeq.exe |
"UDP Query User{055D27C5-F18E-434A-BCE4-3E7FE2B811CE}C:\users\public\hex-5823-6893-6818\jusched.exe" = protocol=17 | dir=in | app=c:\users\public\hex-5823-6893-6818\jusched.exe |
"UDP Query User{1ED059A0-A02C-4112-BCAD-249A43A04761}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{285EDA08-58D8-4BEA-B8F4-5EF48EF35DEB}C:\windows\temp\temp2019185512642122.exe" = protocol=17 | dir=in | app=c:\windows\temp\temp2019185512642122.exe |
"UDP Query User{2D28EDB0-E045-4FB0-8AA1-3213E4917AFA}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{545644B2-DA94-43CC-AA76-3ABCB3781B7F}C:\users\lynne\appdata\local\temp\akeq.exe" = protocol=17 | dir=in | app=c:\users\lynne\appdata\local\temp\akeq.exe |
"UDP Query User{69A710D2-C9E3-4322-81BC-D7755D885862}C:\users\lynne\appdata\roaming\momo\caiks.exe" = protocol=17 | dir=in | app=c:\users\lynne\appdata\roaming\momo\caiks.exe |
"UDP Query User{BFBEEDB1-9515-47FC-98A0-F16AA17E366A}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"UDP Query User{D4922AE6-4C97-4546-90BA-BD80FC2C393A}C:\users\lynne\appdata\local\temp\gutkfa.exe" = protocol=17 | dir=in | app=c:\users\lynne\appdata\local\temp\gutkfa.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java™ 6 Update 31 (64-bit)
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{59B4B93D-FC47-4F16-AE8E-CD103F022654}" = Microsoft Security Essentials
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF48631A-7F45-430A-8AD3-B41CFB1D7596}" = HP Deskjet 2050 J510 series Product Improvement Study
"{F2C07BE3-0F88-4D0C-957B-3557699981E9}" = HP Deskjet 2050 J510 series Basic Device Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{088423A3-62AF-47AD-A143-C4FBA46C52D8}" = W Photo Studio
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 24
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37D59F62-2FC7-412D-AA55-3D0E6A9BD9C7}" = Microsoft Live Search Toolbar
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1" = RebateInformer
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9D76EFC-F231-4DB4-AEF5-7C76241241F1}_is1" = Family Feud
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"am-doubleplayfamilyfeudtmiii" = Double Play - Family Feud™ I & II
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cooking Academy 2" = Cooking Academy 2 (remove only)
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"dh3" = Deer Hunter 3
"Dogpile Bundle Toolbar" = Dogpile Bundle Toolbar
"Express" = Express Dictate
"Family Feud™ II" = Family Feud™ II (remove only)
"Family Toolbar" = Family Toolbar
"Free_Ride_Games Toolbar" = Free_Ride_Games Toolbar
"Google Chrome" = Google Chrome
"Homepage Protection" = Homepage Protection
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"iWin Toolbar" = iWin Toolbar
"iWinArcade" = iWin Games (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"NSS" = Norton Security Scan
"Play Pickle" = Play Pickle
"PROR" = Microsoft Office Professional 2007 Trial
"Scribe" = Express Scribe
"Silent Hunter II" = Silent Hunter II
"StartNow Toolbar" = StartNow Toolbar
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Tropical Farm" = Tropical Farm (remove only)
"VLC Player" = VLC Player
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Zynga Toolbar" = Zynga Toolbar

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi, rotccapt! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.



Step 1.

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
  • Note: If RogueKiller will not run please try it several times, if it still does not run rename it winlogon.com and try it several times.
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on ShortcutsFix

    Posted Image
  • The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.


Step 2.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{607855CD-12A2-4249-BD04-F246C0594D98}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files (x86)\iWin\tbiWin.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files (x86)\Free_Ride_Games\tbFre1.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes\{607855CD-12A2-4249-BD04-F246C0594D98}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1320680
    IE - HKCU\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files (x86)\iWin\tbiWin.dll (Conduit Ltd.)
    IE - HKCU\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files (x86)\Free_Ride_Games\tbFre1.dll (Conduit Ltd.)
    IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...s}&locale=en_US
    IE - HKCU\..\SearchScopes\{607855CD-12A2-4249-BD04-F246C0594D98}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1320680
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Play Pickle Text) - {02F0243C-2E71-4a1a-A790-6C30888119D0} - C:\Program Files (x86)\Play Pickle\pptl.dll ()
    O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
    O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
    O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
    O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
    O2 - BHO: (Dogpile Bundle Toolbar BHO) - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
    O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\Program Files (x86)\RebateInformer\RebateI.dll (Inbox.com, Inc.)
    O2 - BHO: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files (x86)\iWin\tbiWin.dll (Conduit Ltd.)
    O2 - BHO: (Free Ride Games Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files (x86)\Free_Ride_Games\tbFre1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
    O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
    O3 - HKLM\..\Toolbar: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files (x86)\iWin\tbiWin.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (Free Ride Games Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files (x86)\Free_Ride_Games\tbFre1.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (iWin Toolbar) - {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - C:\Program Files (x86)\iWin\tbiWin.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (Free Ride Games Toolbar) - {F92A9FE4-2850-4198-B9D5-279880E49B16} - C:\Program Files (x86)\Free_Ride_Games\tbFre1.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [PC MightyMax 2010 Tray Icon] C:\Program Files (x86)\PC MightyMax 2010\TrayIcon.exe ()
    O4 - HKLM..\Run: [] File not found
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
    O33 - MountPoints2\{052c784a-09b3-11df-9b64-90e6baa526bf}\Shell - "" = AutoRun
    O33 - MountPoints2\{052c784a-09b3-11df-9b64-90e6baa526bf}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
    [2012/01/27 14:47:58 | 000,000,280 | -H-- | C] () -- C:\ProgramData\~EtOodXBa27igN5
    [2012/01/27 14:47:58 | 000,000,192 | -H-- | C] () -- C:\ProgramData\~EtOodXBa27igN5r
    [2012/01/27 14:47:53 | 000,000,344 | -H-- | C] () -- C:\ProgramData\EtOodXBa27igN5
    [2012/01/02 12:04:52 | 000,008,936 | -HS- | C] () -- C:\ProgramData\0vhak66pl0tc4kamv01vl858567g0m1175qc44co54q10
    [2011/12/25 10:42:44 | 000,009,468 | -HS- | C] () -- C:\ProgramData\2qol718xakttsfuu0sonc613pl7t7
    [2011/12/24 18:07:08 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\HDtt52.com
    [2011/12/22 16:42:13 | 000,011,420 | -HS- | C] () -- C:\ProgramData\0v7s8tt7nfpx28154a
    [2011/12/17 00:19:30 | 000,011,932 | -HS- | C] () -- C:\ProgramData\lpimos2h3dbd2qke1jux3u611j6e
    [2011/04/06 23:30:39 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~54255368r
    [2011/04/06 23:30:39 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~54255368
    [2011/04/06 23:30:35 | 000,000,336 | -H-- | C] () -- C:\ProgramData\54255368
    [2011/04/06 23:30:34 | 000,479,232 | -H-- | C] () -- C:\ProgramData\54255368.exe
    [2011/04/06 23:17:02 | 000,080,898 | -H-- | C] () -- C:\ProgramData\Vh4aq812.exe
    [2011/04/06 23:16:51 | 000,000,112 | -H-- | C] () -- C:\ProgramData\TQK4c3K0.dat
    [2011/04/06 23:13:52 | 000,548,864 | -H-- | C] () -- C:\ProgramData\VMoQecwufX .exe
    [2011/04/06 23:13:52 | 000,126,980 | -H-- | C] () -- C:\ProgramData\VMoQecwufX.exe
    
    
    
    :files
    ipconfig /flushdns /c
    C:\Windows\tasks\At*.job
    c:\users\david\appdata\local\temp\7zs9bc2.tmp\symnrt.exe
    c:\users\lynne\appdata\local\temp\gutkfa.exe
    
    
    :reg
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 3.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to somethng problems. Simply reboot the computer.


Step 4.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • Get the report by selecting Reports

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 5.

Please post:

All RkReport.txt files
OTL fix log
Combofix.txt
TDSSKiller log



Please give me an update on the computer issues.
  • 0

#3
rotccapt

rotccapt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
thank you for the fast reply

here are the requested reports. as an observation after the restart from combofix the computer was running a bit faster than it was and the internet loaded alot faster.



RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: david [Admin rights]
Mode: Scan -- Date: 05/15/2012 22:42:27

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] sys32\consrv.dll present!

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00AAKS-65V0A SCSI Disk Device +++++
--- User ---
[MBR] 95c5eb03e79127a743656b9a4fca268a
[BSP] b5f924c6a6e962d4d1dede7870d9e459 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 464611 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 951730176 | Size: 12227 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: david [Admin rights]
Mode: Remove -- Date: 05/15/2012 22:42:39

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] sys32\consrv.dll present!

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00AAKS-65V0A SCSI Disk Device +++++
--- User ---
[MBR] 95c5eb03e79127a743656b9a4fca268a
[BSP] b5f924c6a6e962d4d1dede7870d9e459 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 464611 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 951730176 | Size: 12227 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: david [Admin rights]
Mode: Remove -- Date: 05/15/2012 22:43:27

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] sys32\consrv.dll present!

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00AAKS-65V0A SCSI Disk Device +++++
--- User ---
[MBR] 95c5eb03e79127a743656b9a4fca268a
[BSP] b5f924c6a6e962d4d1dede7870d9e459 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 464611 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 951730176 | Size: 12227 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: david [Admin rights]
Mode: Scan -- Date: 05/15/2012 22:44:27

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] sys32\consrv.dll present!

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00AAKS-65V0A SCSI Disk Device +++++
--- User ---
[MBR] 95c5eb03e79127a743656b9a4fca268a
[BSP] b5f924c6a6e962d4d1dede7870d9e459 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 464611 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 951730176 | Size: 12227 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{607855CD-12A2-4249-BD04-F246C0594D98}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{607855CD-12A2-4249-BD04-F246C0594D98}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7b13ec3e-999a-4b70-b9cb-2617b8323822} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ deleted successfully.
C:\Program Files (x86)\Zynga\tbZyng.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ce0c2586-da36-452b-acdb-320d9bcb19bf} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce0c2586-da36-452b-acdb-320d9bcb19bf}\ deleted successfully.
C:\Program Files (x86)\iWin\tbiWin.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{f92a9fe4-2850-4198-b9d5-279880e49b16} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f92a9fe4-2850-4198-b9d5-279880e49b16}\ deleted successfully.
C:\Program Files (x86)\Free_Ride_Games\tbFre1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{607855CD-12A2-4249-BD04-F246C0594D98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{607855CD-12A2-4249-BD04-F246C0594D98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ce0c2586-da36-452b-acdb-320d9bcb19bf} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce0c2586-da36-452b-acdb-320d9bcb19bf}\ not found.
File C:\Program Files (x86)\iWin\tbiWin.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{f92a9fe4-2850-4198-b9d5-279880e49b16} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f92a9fe4-2850-4198-b9d5-279880e49b16}\ not found.
File C:\Program Files (x86)\Free_Ride_Games\tbFre1.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{607855CD-12A2-4249-BD04-F246C0594D98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{607855CD-12A2-4249-BD04-F246C0594D98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0\ deleted successfully.
C:\Program Files (x86)\Free Ride Games\npExentCtl.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files\Java\jre6\bin\ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02F0243C-2E71-4a1a-A790-6C30888119D0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02F0243C-2E71-4a1a-A790-6C30888119D0}\ deleted successfully.
C:\Program Files (x86)\Play Pickle\pptl.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully.
C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ not found.
File C:\Program Files (x86)\Zynga\tbZyng.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\ deleted successfully.
C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABD3B5E1-B268-407B-A150-2641DAB8D898}\ deleted successfully.
C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}\ deleted successfully.
C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCB69577-088B-4004-9ED8-FF5BCC83A039}\ deleted successfully.
C:\Program Files (x86)\RebateInformer\RebateI.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce0c2586-da36-452b-acdb-320d9bcb19bf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce0c2586-da36-452b-acdb-320d9bcb19bf}\ not found.
File C:\Program Files (x86)\iWin\tbiWin.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f92a9fe4-2850-4198-b9d5-279880e49b16}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f92a9fe4-2850-4198-b9d5-279880e49b16}\ not found.
File C:\Program Files (x86)\Free_Ride_Games\tbFre1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ deleted successfully.
File C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7b13ec3e-999a-4b70-b9cb-2617b8323822} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ not found.
File C:\Program Files (x86)\Zynga\tbZyng.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C80BDEB2-8735-44C6-BD55-A1CCD555667A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}\ deleted successfully.
File C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ce0c2586-da36-452b-acdb-320d9bcb19bf} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce0c2586-da36-452b-acdb-320d9bcb19bf}\ not found.
File C:\Program Files (x86)\iWin\tbiWin.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{f92a9fe4-2850-4198-b9d5-279880e49b16} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f92a9fe4-2850-4198-b9d5-279880e49b16}\ not found.
File C:\Program Files (x86)\Free_Ride_Games\tbFre1.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7B13EC3E-999A-4B70-B9CB-2617B8323822} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B13EC3E-999A-4B70-B9CB-2617B8323822}\ not found.
File C:\Program Files (x86)\Zynga\tbZyng.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C80BDEB2-8735-44C6-BD55-A1CCD555667A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}\ not found.
File C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CE0C2586-DA36-452B-ACDB-320D9BCB19BF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}\ not found.
File C:\Program Files (x86)\iWin\tbiWin.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F92A9FE4-2850-4198-B9D5-279880E49B16} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F92A9FE4-2850-4198-B9D5-279880E49B16}\ not found.
File C:\Program Files (x86)\Free_Ride_Games\tbFre1.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PC MightyMax 2010 Tray Icon deleted successfully.
C:\Program Files (x86)\PC MightyMax 2010\TrayIcon.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{052c784a-09b3-11df-9b64-90e6baa526bf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{052c784a-09b3-11df-9b64-90e6baa526bf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{052c784a-09b3-11df-9b64-90e6baa526bf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{052c784a-09b3-11df-9b64-90e6baa526bf}\ not found.
File J:\LaunchU3.exe -a not found.
C:\ProgramData\~EtOodXBa27igN5 moved successfully.
C:\ProgramData\~EtOodXBa27igN5r moved successfully.
C:\ProgramData\EtOodXBa27igN5 moved successfully.
C:\ProgramData\0vhak66pl0tc4kamv01vl858567g0m1175qc44co54q10 moved successfully.
C:\ProgramData\2qol718xakttsfuu0sonc613pl7t7 moved successfully.
C:\Windows\SysWOW64\HDtt52.com moved successfully.
C:\ProgramData\0v7s8tt7nfpx28154a moved successfully.
C:\ProgramData\lpimos2h3dbd2qke1jux3u611j6e moved successfully.
C:\ProgramData\~54255368r moved successfully.
C:\ProgramData\~54255368 moved successfully.
C:\ProgramData\54255368 moved successfully.
C:\ProgramData\54255368.exe moved successfully.
C:\ProgramData\Vh4aq812.exe moved successfully.
C:\ProgramData\TQK4c3K0.dat moved successfully.
C:\ProgramData\VMoQecwufX .exe moved successfully.
C:\ProgramData\VMoQecwufX.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\david\Downloads\cmd.bat deleted successfully.
C:\Users\david\Downloads\cmd.txt deleted successfully.
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At13.job moved successfully.
C:\Windows\tasks\At14.job moved successfully.
C:\Windows\tasks\At15.job moved successfully.
C:\Windows\tasks\At16.job moved successfully.
C:\Windows\tasks\At17.job moved successfully.
C:\Windows\tasks\At18.job moved successfully.
C:\Windows\tasks\At19.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At20.job moved successfully.
C:\Windows\tasks\At21.job moved successfully.
C:\Windows\tasks\At22.job moved successfully.
C:\Windows\tasks\At23.job moved successfully.
C:\Windows\tasks\At24.job moved successfully.
C:\Windows\tasks\At25.job moved successfully.
C:\Windows\tasks\At26.job moved successfully.
C:\Windows\tasks\At27.job moved successfully.
C:\Windows\tasks\At28.job moved successfully.
C:\Windows\tasks\At29.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At30.job moved successfully.
C:\Windows\tasks\At31.job moved successfully.
C:\Windows\tasks\At32.job moved successfully.
C:\Windows\tasks\At33.job moved successfully.
C:\Windows\tasks\At34.job moved successfully.
C:\Windows\tasks\At35.job moved successfully.
C:\Windows\tasks\At36.job moved successfully.
C:\Windows\tasks\At37.job moved successfully.
C:\Windows\tasks\At38.job moved successfully.
C:\Windows\tasks\At39.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At40.job moved successfully.
C:\Windows\tasks\At41.job moved successfully.
C:\Windows\tasks\At42.job moved successfully.
C:\Windows\tasks\At43.job moved successfully.
C:\Windows\tasks\At44.job moved successfully.
C:\Windows\tasks\At45.job moved successfully.
C:\Windows\tasks\At46.job moved successfully.
C:\Windows\tasks\At47.job moved successfully.
C:\Windows\tasks\At48.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.
File\Folder c:\users\david\appdata\local\temp\7zs9bc2.tmp\symnrt.exe not found.
File\Folder c:\users\lynne\appdata\local\temp\gutkfa.exe not found.
========== REGISTRY ==========
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: amanda

User: AppData

User: dad

User: dad.david-PC
->Temp folder emptied: 141123126 bytes
->Temporary Internet Files folder emptied: 242716223 bytes
->Java cache emptied: 30263632 bytes
->Google Chrome cache emptied: 6817824 bytes
->Flash cache emptied: 37361 bytes

User: david
->Temp folder emptied: 43431996 bytes
->Temporary Internet Files folder emptied: 58192431 bytes
->Java cache emptied: 15736432 bytes
->Flash cache emptied: 2766 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: face book
->Temp folder emptied: 3182969 bytes
->Temporary Internet Files folder emptied: 46739373 bytes
->Flash cache emptied: 1483 bytes

User: lynne

User: Lynne.david-PC
->Temp folder emptied: 223714679 bytes
->Temporary Internet Files folder emptied: 433773714 bytes
->Java cache emptied: 547064930 bytes
->Flash cache emptied: 83663 bytes

User: lynne.david-PC.000
->Temp folder emptied: 87573809 bytes
->Temporary Internet Files folder emptied: 292354669 bytes
->Java cache emptied: 56176220 bytes
->Flash cache emptied: 26503 bytes

User: Public

User: qw
->Temp folder emptied: 8107293 bytes
->Temporary Internet Files folder emptied: 280130659 bytes
->Java cache emptied: 19002053 bytes
->Google Chrome cache emptied: 11022864 bytes
->Flash cache emptied: 17751 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 636092528 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 1700 bytes

Total Files Cleaned = 3,036.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.43.0 log created on 05152012_230118

Files\Folders moved on Reboot...
C:\Users\david\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\david\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QF5RJLO1\fastbutton[1].htm moved successfully.
C:\Users\david\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\david\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VR6WP51S\-q1.health_l-q1.fam_l-cm.polit_l;;cmw=owl;sz=728x90;net=q1;ord1=77921;contx=fam;dc=w;btg=q1.hg_l;btg=q1.auto_l;btg=q1.sports_l;btg=q1.health_l;btg=q1.fam_l;btg=cm[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VR6WP51S\-q1.health_m-q1.fam_m-cm.polit_l;;cmw=owl;sz=728x90;net=q1;ord1=947991;contx=hg;dc=w;btg=q1.hg_l;btg=q1.auto_m;btg=q1.sports_m;btg=q1.health_m;btg=q1.fam_m;btg=cm[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VR6WP51S\1.health_l-q1.fam_l-cm.polit_l;;cmw=owl;sz=160x600;net=q1;ord1=320146;contx=fam;dc=w;btg=q1.hg_l;btg=q1.auto_l;btg=q1.sports_l;btg=q1.health_l;btg=q1.fam_l;btg=cm[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VR6WP51S\ealth_l-q1.fam_m-cm.polit_l;;cmw=owl;sz=300x250;net=q1;ord1=917336;contx=health;dc=w;btg=q1.hg_l;btg=q1.auto_l;btg=q1.sports_l;btg=q1.health_l;btg=q1.fam_m;btg=cm[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VR6WP51S\ealth_m-q1.fam_m-cm.polit_l;;cmw=owl;sz=300x250;net=q1;ord1=203068;contx=educat;dc=w;btg=q1.hg_m;btg=q1.auto_m;btg=q1.sports_m;btg=q1.health_m;btg=q1.fam_m;btg=cm[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VR6WP51S\health_m-q1.fam_m-cm.polit_l;;cmw=owl;sz=728x90;net=q1;ord1=718989;contx=sports;dc=w;btg=q1.hg_l;btg=q1.auto_l;btg=q1.sports_l;btg=q1.health_m;btg=q1.fam_m;btg=cm[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VR6WP51S\nodeID=219453&devkey=nascarClient-057763283c48e76cc4421380a0c0145d&ecPartnerID=81&ecType=story&ecXrefID=1309918791&output=json&jsonp_callback=nscrSetNumComments9[1].htm not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VR6WP51S\nodeID=219453&devkey=nascarClient-057763283c48e76cc4421380a0c0145d&ecPartnerID=81&ecType=story&ecXrefID=1312900377&output=json&jsonp_callback=nscrSetNumComments3[1].htm not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VR6WP51S\nodeID=219453&devkey=nascarClient-057763283c48e76cc4421380a0c0145d&ecPartnerID=81&ecType=story&ecXrefID=1312922476&output=json&jsonp_callback=nscrSetNumComments0[1].htm not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VR6WP51S\tOGQyOS1hMzBkLTAwMDAzYzk3YWQ3NARwbHJfcwNhVDdRREhtZ0dubVdoU3BxRGp5bW5LBHJkA3ZpZGVvLnlhaG9vLmNvbS1vZmZzaXRlBHNlYwNwYgRzaWQDLTk4MDg1MgRzbGsDcHM2MAR2aWQDMjYyMzQ3MTg-[1].gif not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VR6WP51S\tOGQyOS1hMzBkLTAwMDAzYzk3YWQ3NARwbHJfcwNhVDdRREhtZ0dubVdoU3BxRGp5bW5LBHJkA3ZpZGVvLnlhaG9vLmNvbS1vZmZzaXRlBHNlYwNwYgRzaWQDLTk4MDg1MgRzbGsDcHMyMAR2aWQDMjYyMzQ3MTg-[1].gif not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VR6WP51S\u=,q1-10110949209_1312990312,121d81128e01372,auto,q1.hg_l-q1.auto_l;;cmw=owl;sz=728x90;net=q1;ord1=225451;contx=auto;dc=w;btg=q1.hg_l;btg=q1.auto_l;ord=1312990309[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SQXENTQH\21804650_1312990336,121d81128e01372,sports,q1.hg_l-q1.auto_l-q1.sports_l;;cmw=owl;sz=160x600;net=q1;ord1=245249;contx=sports;dc=w;btg=q1.hg_l;btg=q1.auto_l;btg=q1[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SQXENTQH\AUW-whkxxLA2Is7Esp16TvGdkHzz75iWdeheO3kEHTXy_NJAAuEh5jGc4rdrFQ92HWnmXzA-1lJrUnZ6-wcK48ROywgVjVxEtOHnWSXWPespu6Fd3A6gE0hIx_EDCzgMauPrJZ2PGoHWltkJ3MLwj18p1dXxRMG1w[1].gif not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SQXENTQH\ealth_l-q1.fam_m-cm.polit_l;;cmw=owl;sz=160x600;net=q1;ord1=199175;contx=health;dc=w;btg=q1.hg_l;btg=q1.auto_l;btg=q1.sports_l;btg=q1.health_l;btg=q1.fam_m;btg=cm[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SQXENTQH\ealth_m-q1.fam_m-cm.polit_l;;cmw=owl;sz=300x250;net=q1;ord1=329769;contx=sports;dc=w;btg=q1.hg_l;btg=q1.auto_l;btg=q1.sports_m;btg=q1.health_m;btg=q1.fam_m;btg=cm[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SQXENTQH\l-cm.polit_l;;cmw=owl;sz=728x90;net=q1;ord1=437953;contx=educat;dc=w;btg=q1.hg_m;btg=q1.auto_m;btg=q1.sports_m;btg=q1.health_m;btg=q1.fam_m;btg=q1.educat_l;btg=cm[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SQXENTQH\l-cm.polit_l;;cmw=owl;sz=728x90;net=q1;ord1=956678;contx=educat;dc=w;btg=q1.hg_m;btg=q1.auto_m;btg=q1.sports_m;btg=q1.health_m;btg=q1.fam_m;btg=q1.educat_l;btg=cm[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SQXENTQH\nodeID=219453&devkey=nascarClient-057763283c48e76cc4421380a0c0145d&ecPartnerID=81&ecType=story&ecXrefID=1312901167&output=json&jsonp_callback=nscrSetNumComments4[1].htm not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SQXENTQH\nodeID=219453&devkey=nascarClient-057763283c48e76cc4421380a0c0145d&ecPartnerID=81&ecType=story&ecXrefID=1312916393&output=json&jsonp_callback=nscrSetNumComments6[1].htm not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SQXENTQH\polit_l;;cmw=owl;sz=300x250;net=q1;ord1=935980;contx=fam;dc=w;btg=q1.hg_l;btg=q1.auto_l;btg=q1.sports_l;btg=q1.health_l;btg=q1.fam_l;btg=cm.polit_l;ord=1312990570[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SQXENTQH\q1.health_l-q1.fam_m-cm.polit_l;;cmw=owl;sz=728x90;net=q1;ord1=486027;contx=fam;dc=w;btg=q1.hg_l;btg=q1.auto_l;btg=q1.sports_l;btg=q1.health_l;btg=q1.fam_m;btg=cm[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SQXENTQH\tOGQyOS1hMzBkLTAwMDAzYzk3YWQ3NARwbHJfcwNhVDdRREhtZ0dubVdoU3BxRGp5bW5LBHJkA3ZpZGVvLnlhaG9vLmNvbS1vZmZzaXRlBHNlYwNwYgRzaWQDLTk4MDg1MgRzbGsDcHM3MAR2aWQDMjYyMzQ3MTg-[1].gif not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SQXENTQH\tOGQyOS1hMzBkLTAwMDAzYzk3YWQ3NARwbHJfcwNhVDdRREhtZ0dubVdoU3BxRGp5bW5LBHJkA3ZpZGVvLnlhaG9vLmNvbS1vZmZzaXRlBHNlYwNwYgRzaWQDLTk4MDg1MgRzbGsDcHM5MAR2aWQDMjYyMzQ3MTg-[1].gif not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SQXENTQH\tOGQyOS1hMzBkLTAwMDAzYzk3YWQ3NARwbHJfcwNhVDdRREhtZ0dubVdoU3BxRGp5bW5LBHJkA3ZpZGVvLnlhaG9vLmNvbS1vZmZzaXRlBHNlYwNwYgRzaWQDLTk4MDg1MgRzbGsDcHMzMAR2aWQDMjYyMzQ3MTg-[1].gif not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SQXENTQH\yNDMwNjM4OQRjYXQDbWRiBGNkbgMEcGcDBHBsX3MDBHBscl9zA2FUN1FESG1nR25tV2hTcHFEanltbksEcmQDdmlkZW8ueWFob28uY29tLW9mZnNpdGUEc2VjA3BiBHNpZAMEc2xrA3BsBHZpZAMyNjIzNDcxOA--[1].gif not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SQXENTQH\yNDMwNjM4OQRjYXQDbWRiBGNkbgMEcGcDBHBsX3MDBHBscl9zA2FUN1FESG1nR25tV2hTcHFEanltbksEcmQDdmlkZW8ueWFob28uY29tLW9mZnNpdGUEc2VjA3BiBHNpZAMEc2xrA3BzLTEEdmlkAzI2MjM0NzE4[1].gif not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\K309B1SY\.polit_l;;cmw=owl;sz=300x250;net=q1;ord1=267499;contx=hg;dc=w;btg=q1.hg_l;btg=q1.auto_m;btg=q1.sports_m;btg=q1.health_m;btg=q1.fam_m;btg=cm.polit_l;ord=1312990618[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\K309B1SY\.polit_l;;cmw=owl;sz=728x90;net=q1;ord1=379441;contx=fam;dc=w;btg=q1.hg_l;btg=q1.auto_l;btg=q1.sports_l;btg=q1.health_l;btg=q1.fam_m;btg=cm.polit_l;ord=1312990596[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\K309B1SY\1.health_l-q1.fam_l-cm.polit_l;;cmw=owl;sz=160x600;net=q1;ord1=602734;contx=fam;dc=w;btg=q1.hg_l;btg=q1.auto_l;btg=q1.sports_l;btg=q1.health_l;btg=q1.fam_l;btg=cm[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\K309B1SY\1.health_m-q1.fam_m-cm.polit_l;;cmw=owl;sz=728x90;net=q1;ord1=149616;contx=auto;dc=w;btg=q1.hg_l;btg=q1.auto_l;btg=q1.sports_m;btg=q1.health_m;btg=q1.fam_m;btg=cm[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\K309B1SY\128e01372,health,q1.hg_l-q1.auto_l-q1.sports_l-cm.polit_l;;cmw=owl;sz=728x90;net=q1;ord1=328361;contx=health;dc=w;btg=q1.hg_l;btg=q1.auto_l;btg=q1.sports_l;btg=cm[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\K309B1SY\dqGwQDGZxYF46KUF8930fu497d4yDWxdiSJA2TY0-XWc5hFoxWtWKtPb_K2qACf_kWKwTyCRFJDjTKWIF5YI2qbY9Psa9_-hwm6fx2HRa48QDmfyEJiiAPS4t5AaRHH4lnKYFxejaaDEu0YG4QJvihZoTZUd5LFXU[1].gif not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\K309B1SY\e%25253D1%252526wid%25253D100%252526imgType%25253D0%252526refPub%25253D322%252526prs%25253Dfalse%252526scp%25253Dfalse%252526version%25253D42137%252526idx%25253D0[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\K309B1SY\nodeID=219453&devkey=nascarClient-057763283c48e76cc4421380a0c0145d&ecPartnerID=81&ecType=story&ecXrefID=1312829495&output=json&jsonp_callback=nscrSetNumComments7[1].htm not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\K309B1SY\nodeID=219453&devkey=nascarClient-057763283c48e76cc4421380a0c0145d&ecPartnerID=81&ecType=story&ecXrefID=1312830397&output=json&jsonp_callback=nscrSetNumComments5[1].htm not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\K309B1SY\olit_l;;cmw=owl;sz=300x250;net=q1;ord1=827453;contx=auto;dc=w;btg=q1.hg_l;btg=q1.auto_l;btg=q1.sports_m;btg=q1.health_m;btg=q1.fam_m;btg=cm.polit_l;ord=1312990613[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\K309B1SY\tOGQyOS1hMzBkLTAwMDAzYzk3YWQ3NARwbHJfcwNhVDdRREhtZ0dubVdoU3BxRGp5bW5LBHJkA3ZpZGVvLnlhaG9vLmNvbS1vZmZzaXRlBHNlYwNwYgRzaWQDLTk4MDg1MgRzbGsDcHM0MAR2aWQDMjYyMzQ3MTg-[1].gif not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\K309B1SY\tOGQyOS1hMzBkLTAwMDAzYzk3YWQ3NARwbHJfcwNhVDdRREhtZ0dubVdoU3BxRGp5bW5LBHJkA3ZpZGVvLnlhaG9vLmNvbS1vZmZzaXRlBHNlYwNwYgRzaWQDLTk4MDg1MgRzbGsDcHM4MAR2aWQDMjYyMzQ3MTg-[1].gif not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\K309B1SY\tOGQyOS1hMzBkLTAwMDAzYzk3YWQ3NARwbHJfcwNhVDdRREhtZ0dubVdoU3BxRGp5bW5LBHJkA3ZpZGVvLnlhaG9vLmNvbS1vZmZzaXRlBHNlYwNwYgRzaWQDLTk4MDg1MgRzbGsDcHMwBHZpZAMyNjIzNDcxOA--[1].gif not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\K309B1SY\tOGQyOS1hMzBkLTAwMDAzYzk3YWQ3NARwbHJfcwNhVDdRREhtZ0dubVdoU3BxRGp5bW5LBHJkA3ZpZGVvLnlhaG9vLmNvbS1vZmZzaXRlBHNlYwNwYgRzaWQDLTk4MDg1MgRzbGsDcHMxMDAEdmlkAzI2MjM0NzE4[1].gif not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\K309B1SY\uto_l-q1.sports_l-q1.health_l-cm.polit_l;;cmw=owl;sz=300x250;net=q1;ord1=985055;contx=health;dc=w;btg=q1.hg_l;btg=q1.auto_l;btg=q1.sports_l;btg=q1.health_l;btg=cm[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\K309B1SY\yNDMwNjM4OQRjYXQDbWRiBGNkbgMEcGcDBHBsX3MDBHBscl9zA2FUN1FESG1nR25tV2hTcHFEanltbksEcmQDdmlkZW8ueWFob28uY29tLW9mZnNpdGUEc2VjA3BiBHNpZAMEc2xrA2xkBHZpZAMyNjIzNDcxOA--[1].gif not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DU2MODDN\-cm.polit_l;;cmw=owl;sz=160x600;net=q1;ord1=467299;contx=educat;dc=w;btg=q1.hg_m;btg=q1.auto_m;btg=q1.sports_m;btg=q1.health_m;btg=q1.fam_m;btg=q1.educat_l;btg=cm[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DU2MODDN\.health_l-cm.polit_l;;cmw=owl;sz=300x250;net=q1;ord1=924072;contx=fam;dc=w;btg=q1.hg_l;btg=q1.auto_l;btg=q1.sports_l;btg=q1.health_l;btg=cm.polit_l;ord=1312990485[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DU2MODDN\09403959_1312990335,121d81128e01372,sports,q1.hg_l-q1.auto_l-q1.sports_l;;cmw=owl;sz=300x250;net=q1;ord1=203797;contx=sports;dc=w;btg=q1.hg_l;btg=q1.auto_l;btg=q1[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DU2MODDN\1.health_l-q1.fam_m-cm.polit_l;;cmw=owl;sz=160x600;net=q1;ord1=624357;contx=fam;dc=w;btg=q1.hg_l;btg=q1.auto_l;btg=q1.sports_l;btg=q1.health_l;btg=q1.fam_m;btg=cm[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DU2MODDN\104779226_1312990337,121d81128e01372,sports,q1.hg_l-q1.auto_l-q1.sports_l;;cmw=owl;sz=728x90;net=q1;ord1=946845;contx=sports;dc=w;btg=q1.hg_l;btg=q1.auto_l;btg=q1[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DU2MODDN\3cpgj6dhi.ver.32.app.62dhh6thj8cb3.ver.27.app.64p33climcphh.ver.18.app.66c1j6ph68ohn.ver.10.app.66c9i6pj32d33.ver.10.app.6ae32cgp68pb6.ver.19.app.6cdj26sq3cdb6.ver[1].8 not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DU2MODDN\;net=cm;u=,cm-10219153438_1312990490,121d81128e01372,polit,ax.80-cm.polit_l;;cmw=owl;sz=160x600;net=cm;env=ifr;ord1=116767;dcopt=ist;contx=polit;an=80;dc=w;btg=cm[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DU2MODDN\;net=cm;u=,cm-10309900149_1312990574,121d81128e01372,polit,ax.80-cm.polit_l;;cmw=owl;sz=160x600;net=cm;env=ifr;ord1=541077;dcopt=ist;contx=polit;an=80;dc=w;btg=cm[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DU2MODDN\auto_l-q1.sports_l-q1.health_l-cm.polit_l;;cmw=owl;sz=728x90;net=q1;ord1=458206;contx=health;dc=w;btg=q1.hg_l;btg=q1.auto_l;btg=q1.sports_l;btg=q1.health_l;btg=cm[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DU2MODDN\health_l-q1.fam_m-cm.polit_l;;cmw=owl;sz=728x90;net=q1;ord1=257495;contx=health;dc=w;btg=q1.hg_l;btg=q1.auto_l;btg=q1.sports_l;btg=q1.health_l;btg=q1.fam_m;btg=cm[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DU2MODDN\l-cm.polit_l;;cmw=owl;sz=728x90;net=q1;ord1=527596;contx=educat;dc=w;btg=q1.hg_m;btg=q1.auto_m;btg=q1.sports_m;btg=q1.health_m;btg=q1.fam_m;btg=q1.educat_l;btg=cm[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DU2MODDN\m_replies&maxHoursOld=250&sortOrder=DESC&num=5&viewOptions=num_replies&useSphinx=true&viewOptions=attachedcontent&output=json&jsonp_callback=nscrSetMostCommented[1].htm not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DU2MODDN\nodeID=219453&devkey=nascarClient-057763283c48e76cc4421380a0c0145d&ecPartnerID=81&ecType=story&ecXrefID=1312828922&output=json&jsonp_callback=nscrSetNumComments8[1].htm not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DU2MODDN\nodeID=219453&devkey=nascarClient-057763283c48e76cc4421380a0c0145d&ecPartnerID=81&ecType=story&ecXrefID=1312913017&output=json&jsonp_callback=nscrSetNumComments2[1].htm not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DU2MODDN\nodeID=219453&devkey=nascarClient-057763283c48e76cc4421380a0c0145d&ecPartnerID=81&ecType=story&ecXrefID=1312920022&output=json&jsonp_callback=nscrSetNumComments1[1].htm not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DU2MODDN\polit_l;;cmw=owl;sz=300x250;net=q1;ord1=694046;contx=fam;dc=w;btg=q1.hg_l;btg=q1.auto_l;btg=q1.sports_l;btg=q1.health_l;btg=q1.fam_m;btg=cm.polit_l;ord=1312990596[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DU2MODDN\q1.health_l-q1.fam_m-cm.polit_l;;cmw=owl;sz=728x90;net=q1;ord1=721605;contx=fam;dc=w;btg=q1.hg_l;btg=q1.auto_l;btg=q1.sports_l;btg=q1.health_l;btg=q1.fam_m;btg=cm[1].js not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DU2MODDN\tOGQyOS1hMzBkLTAwMDAzYzk3YWQ3NARwbHJfcwNhVDdRREhtZ0dubVdoU3BxRGp5bW5LBHJkA3ZpZGVvLnlhaG9vLmNvbS1vZmZzaXRlBHNlYwNwYgRzaWQDLTk4MDg1MgRzbGsDcHM1MAR2aWQDMjYyMzQ3MTg-[1].gif not found!
File\Folder C:\Users\Lynne.david-PC\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DU2MODDN\tOGQyOS1hMzBkLTAwMDAzYzk3YWQ3NARwbHJfcwNhVDdRREhtZ0dubVdoU3BxRGp5bW5LBHJkA3ZpZGVvLnlhaG9vLmNvbS1vZmZzaXRlBHNlYwNwYgRzaWQDLTk4MDg1MgRzbGsDcHMxMAR2aWQDMjYyMzQ3MTg-[1].gif not found!

Registry entries deleted on Reboot...


ComboFix 12-05-15.04 - david 05/15/2012 23:24:27.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3966.2613 [GMT -4:00]
Running from: c:\users\david\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\ReactivateIE.exe
c:\program files (x86)\StartNow Toolbar\Resources\images\btn-msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\chevronButton.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\images\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\ToolbarBroker.exe
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\programdata\hL01804MmFhH01804
c:\programdata\hL01804MmFhH01804\hL01804MmFhH01804
c:\programdata\hL01804MmFhH01804\hL01804MmFhH01804.exe
c:\users\dad.david-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\dad.david-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\dad.david-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\lynne.david-PC.000\AppData\Local\epu.exe
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-04-16 to 2012-05-16 )))))))))))))))))))))))))))))))
.
.
2012-05-16 04:03 . 2012-05-16 04:03 -------- d-----w- c:\users\qw\AppData\Local\temp
2012-05-16 04:03 . 2012-05-16 04:03 -------- d-----w- c:\users\Lynne.david-PC\AppData\Local\temp
2012-05-16 03:01 . 2012-05-16 03:01 -------- d-----w- C:\_OTL
2012-05-15 22:05 . 2012-05-15 22:41 -------- d-----w- c:\windows\system32\MpEngineStore
2012-05-15 21:07 . 2012-05-15 21:07 -------- d-----w- c:\program files (x86)\PC Tools
2012-05-15 20:56 . 2012-05-16 01:24 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-05-15 20:55 . 2012-05-15 21:08 -------- d-----w- c:\programdata\PC Tools
2012-05-15 20:55 . 2012-05-15 20:55 -------- d-----w- c:\users\david\AppData\Roaming\TestApp
2012-05-15 19:58 . 2012-04-13 05:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49B86717-BD01-44BF-9CCC-A02AB8779169}\mpengine.dll
2012-05-15 19:57 . 2012-05-16 06:31 -------- d-----w- c:\program files (x86)\Microsoft Antimalware
2012-05-15 16:29 . 2012-05-15 23:20 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-05-15 16:29 . 2012-05-15 23:20 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-15 16:18 . 2012-05-15 16:18 -------- d-----w- c:\users\david\AppData\Roaming\Apple Computer
2012-05-11 21:00 . 2012-05-16 06:31 -------- d-----w- c:\users\face book
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 21:58 . 2012-04-13 21:58 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-06 06:43 . 2012-04-12 07:03 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-06 05:59 . 2012-04-12 07:03 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59 . 2012-04-12 07:03 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-01 06:54 . 2012-04-12 07:00 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:45 . 2012-04-12 07:00 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:40 . 2012-04-12 07:00 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:35 . 2012-04-12 07:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:49 . 2012-04-12 07:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:45 . 2012-04-12 07:00 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:40 . 2012-04-12 07:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 07:03 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 07:03 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 07:03 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 07:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 07:03 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 07:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 07:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 07:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
<pre>
c:\program files (x86)\Free Ride Games\GPlayer .exe
c:\program files (x86)\hp\HP Software Update\HPWuSchd2 .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files (x86)\Family Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
2010-02-18 07:37 221184 ----a-w- c:\program files (x86)\Family Toolbar\mhxpcomi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files (x86)\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-30 1689144]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-04 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 uxrsiezz;uxrsiezz;c:\windows\system32\drivers\uxrsiezz.sys [x]
R1 wdzwtucb;wdzwtucb;c:\windows\system32\drivers\wdzwtucb.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe [2010-09-02 176408]
S2 X5XS64Ex;X5XS64Ex;c:\program files (x86)\Free Ride Games\X5XS64Ex.Sys [2009-08-19 51744]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 04:39]
.
2012-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 04:39]
.
2012-05-15 c:\windows\Tasks\HPCeeScheduleFordavid.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]
.
2012-05-15 c:\windows\Tasks\HPCeeScheduleForlynne.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]
.
2012-05-12 c:\windows\Tasks\Norton Security Scan for LYNNE.job
- c:\progra~2\NORTON~2\Engine\311~1.6\Nss.exe [2011-04-22 10:23]
.
2012-04-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1380584]
"combofix"="c:\combofix\CF31674.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.myheritage.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files (x86)\Family Toolbar\mhxpcomi.dll
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} -
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-05-16 00:11:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-16 04:11
.
Pre-Run: 87,602,950,144 bytes free
Post-Run: 87,071,666,176 bytes free
.
- - End Of File - - C4EC874C4D1C12D6204F6A13E3D92865


00:16:12.0407 3032 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
00:16:14.0419 3032 ============================================================
00:16:14.0419 3032 Current date / time: 2012/05/16 00:16:14.0419
00:16:14.0419 3032 SystemInfo:
00:16:14.0419 3032
00:16:14.0419 3032 OS Version: 6.1.7600 ServicePack: 0.0
00:16:14.0419 3032 Product type: Workstation
00:16:14.0419 3032 ComputerName: DAVID-PC
00:16:14.0419 3032 UserName: david
00:16:14.0419 3032 Windows directory: C:\Windows
00:16:14.0419 3032 System windows directory: C:\Windows
00:16:14.0419 3032 Running under WOW64
00:16:14.0419 3032 Processor architecture: Intel x64
00:16:14.0419 3032 Number of processors: 2
00:16:14.0419 3032 Page size: 0x1000
00:16:14.0419 3032 Boot type: Normal boot
00:16:14.0419 3032 ============================================================
00:16:15.0480 3032 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
00:16:15.0496 3032 ============================================================
00:16:15.0496 3032 \Device\Harddisk0\DR0:
00:16:15.0496 3032 MBR partitions:
00:16:15.0496 3032 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:16:15.0496 3032 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38B71800
00:16:15.0496 3032 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38BA4000, BlocksNum 0x17E1800
00:16:15.0496 3032 ============================================================
00:16:15.0511 3032 C: <-> \Device\Harddisk0\DR0\Partition1
00:16:15.0558 3032 D: <-> \Device\Harddisk0\DR0\Partition2
00:16:15.0558 3032 ============================================================
00:16:15.0558 3032 Initialize success
00:16:15.0558 3032 ============================================================
00:16:57.0023 3824 ============================================================
00:16:57.0023 3824 Scan started
00:16:57.0023 3824 Mode: Manual; SigCheck; TDLFS;
00:16:57.0023 3824 ============================================================
00:16:57.0694 3824 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
00:16:57.0850 3824 1394ohci - ok
00:16:57.0881 3824 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
00:16:57.0912 3824 ACPI - ok
00:16:57.0928 3824 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
00:16:58.0037 3824 AcpiPmi - ok
00:16:58.0068 3824 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:16:58.0115 3824 adp94xx - ok
00:16:58.0146 3824 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:16:58.0177 3824 adpahci - ok
00:16:58.0193 3824 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:16:58.0224 3824 adpu320 - ok
00:16:58.0255 3824 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:16:58.0333 3824 AeLookupSvc - ok
00:16:58.0396 3824 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
00:16:58.0521 3824 AFD - ok
00:16:58.0567 3824 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
00:16:58.0645 3824 AgereModemAudio - ok
00:16:58.0708 3824 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\Windows\system32\DRIVERS\agrsm64.sys
00:16:58.0801 3824 AgereSoftModem - ok
00:16:58.0848 3824 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
00:16:58.0895 3824 agp440 - ok
00:16:58.0895 3824 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:16:58.0926 3824 ALG - ok
00:16:58.0957 3824 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
00:16:58.0989 3824 aliide - ok
00:16:59.0004 3824 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
00:16:59.0035 3824 amdide - ok
00:16:59.0051 3824 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:16:59.0113 3824 AmdK8 - ok
00:16:59.0145 3824 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:16:59.0191 3824 AmdPPM - ok
00:16:59.0238 3824 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
00:16:59.0285 3824 amdsata - ok
00:16:59.0332 3824 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:16:59.0394 3824 amdsbs - ok
00:16:59.0394 3824 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
00:16:59.0410 3824 amdxata - ok
00:16:59.0457 3824 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
00:16:59.0550 3824 AppID - ok
00:16:59.0566 3824 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:16:59.0628 3824 AppIDSvc - ok
00:16:59.0659 3824 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
00:16:59.0753 3824 Appinfo - ok
00:16:59.0784 3824 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:16:59.0815 3824 arc - ok
00:16:59.0831 3824 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:16:59.0862 3824 arcsas - ok
00:16:59.0878 3824 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:16:59.0925 3824 AsyncMac - ok
00:16:59.0971 3824 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
00:17:00.0003 3824 atapi - ok
00:17:00.0065 3824 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
00:17:00.0143 3824 AudioEndpointBuilder - ok
00:17:00.0143 3824 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
00:17:00.0205 3824 AudioSrv - ok
00:17:00.0237 3824 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
00:17:00.0283 3824 AxInstSV - ok
00:17:00.0361 3824 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:17:00.0439 3824 b06bdrv - ok
00:17:00.0502 3824 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:17:00.0533 3824 b57nd60a - ok
00:17:00.0549 3824 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:17:00.0580 3824 BDESVC - ok
00:17:00.0611 3824 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:17:00.0673 3824 Beep - ok
00:17:00.0767 3824 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
00:17:00.0829 3824 BFE - ok
00:17:00.0876 3824 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
00:17:00.0939 3824 BITS - ok
00:17:00.0985 3824 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:17:01.0063 3824 blbdrive - ok
00:17:01.0110 3824 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
00:17:01.0219 3824 bowser - ok
00:17:01.0235 3824 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:17:01.0282 3824 BrFiltLo - ok
00:17:01.0297 3824 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:17:01.0329 3824 BrFiltUp - ok
00:17:01.0360 3824 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:17:01.0407 3824 BridgeMP - ok
00:17:01.0422 3824 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
00:17:01.0469 3824 Browser - ok
00:17:01.0500 3824 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:17:01.0563 3824 Brserid - ok
00:17:01.0578 3824 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:17:01.0641 3824 BrSerWdm - ok
00:17:01.0656 3824 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:17:01.0687 3824 BrUsbMdm - ok
00:17:01.0703 3824 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:17:01.0750 3824 BrUsbSer - ok
00:17:01.0781 3824 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:17:01.0828 3824 BTHMODEM - ok
00:17:01.0859 3824 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:17:01.0906 3824 bthserv - ok
00:17:01.0937 3824 catchme - ok
00:17:01.0953 3824 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:17:02.0046 3824 cdfs - ok
00:17:02.0093 3824 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
00:17:02.0124 3824 cdrom - ok
00:17:02.0140 3824 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
00:17:02.0202 3824 CertPropSvc - ok
00:17:02.0233 3824 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:17:02.0296 3824 circlass - ok
00:17:02.0327 3824 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:17:02.0358 3824 CLFS - ok
00:17:02.0421 3824 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:17:02.0483 3824 clr_optimization_v2.0.50727_32 - ok
00:17:02.0514 3824 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:17:02.0561 3824 clr_optimization_v2.0.50727_64 - ok
00:17:02.0623 3824 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:17:02.0686 3824 clr_optimization_v4.0.30319_32 - ok
00:17:02.0733 3824 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:17:02.0795 3824 clr_optimization_v4.0.30319_64 - ok
00:17:02.0826 3824 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:17:02.0873 3824 CmBatt - ok
00:17:02.0904 3824 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
00:17:02.0920 3824 cmdide - ok
00:17:02.0967 3824 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
00:17:03.0013 3824 CNG - ok
00:17:03.0045 3824 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:17:03.0076 3824 Compbatt - ok
00:17:03.0107 3824 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:17:03.0185 3824 CompositeBus - ok
00:17:03.0201 3824 COMSysApp - ok
00:17:03.0216 3824 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:17:03.0247 3824 crcdisk - ok
00:17:03.0279 3824 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
00:17:03.0341 3824 CryptSvc - ok
00:17:03.0372 3824 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
00:17:03.0435 3824 DcomLaunch - ok
00:17:03.0450 3824 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:17:03.0559 3824 defragsvc - ok
00:17:03.0591 3824 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
00:17:03.0684 3824 DfsC - ok
00:17:03.0715 3824 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
00:17:03.0778 3824 Dhcp - ok
00:17:03.0793 3824 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:17:03.0856 3824 discache - ok
00:17:03.0934 3824 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:17:03.0981 3824 Disk - ok
00:17:04.0074 3824 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
00:17:04.0137 3824 Dnscache - ok
00:17:04.0168 3824 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
00:17:04.0246 3824 dot3svc - ok
00:17:04.0277 3824 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
00:17:04.0386 3824 DPS - ok
00:17:04.0417 3824 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:17:04.0449 3824 drmkaud - ok
00:17:04.0527 3824 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
00:17:04.0558 3824 DXGKrnl - ok
00:17:04.0573 3824 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:17:04.0620 3824 EapHost - ok
00:17:04.0776 3824 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:17:04.0870 3824 ebdrv - ok
00:17:04.0979 3824 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
00:17:05.0026 3824 EFS - ok
00:17:05.0119 3824 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
00:17:05.0213 3824 ehRecvr - ok
00:17:05.0244 3824 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:17:05.0275 3824 ehSched - ok
00:17:05.0338 3824 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:17:05.0400 3824 elxstor - ok
00:17:05.0431 3824 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
00:17:05.0478 3824 ErrDev - ok
00:17:05.0525 3824 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:17:05.0572 3824 EventSystem - ok
00:17:05.0603 3824 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:17:05.0650 3824 exfat - ok
00:17:05.0681 3824 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:17:05.0743 3824 fastfat - ok
00:17:05.0790 3824 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
00:17:05.0868 3824 Fax - ok
00:17:05.0884 3824 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:17:05.0946 3824 fdc - ok
00:17:05.0977 3824 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:17:06.0024 3824 fdPHost - ok
00:17:06.0040 3824 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:17:06.0102 3824 FDResPub - ok
00:17:06.0133 3824 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:17:06.0149 3824 FileInfo - ok
00:17:06.0165 3824 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:17:06.0243 3824 Filetrace - ok
00:17:06.0274 3824 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:17:06.0321 3824 flpydisk - ok
00:17:06.0352 3824 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
00:17:06.0383 3824 FltMgr - ok
00:17:06.0461 3824 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
00:17:06.0523 3824 FontCache - ok
00:17:06.0570 3824 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:17:06.0617 3824 FontCache3.0.0.0 - ok
00:17:06.0648 3824 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:17:06.0679 3824 FsDepends - ok
00:17:06.0726 3824 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
00:17:06.0757 3824 fssfltr - ok
00:17:06.0929 3824 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
00:17:07.0007 3824 fsssvc - ok
00:17:07.0085 3824 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
00:17:07.0147 3824 Fs_Rec - ok
00:17:07.0210 3824 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:17:07.0272 3824 fvevol - ok
00:17:07.0319 3824 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:17:07.0366 3824 gagp30kx - ok
00:17:07.0428 3824 GameConsoleService (73a2ec1a8dd15f85f92f8ac303a7e39b) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
00:17:07.0491 3824 GameConsoleService - ok
00:17:07.0537 3824 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
00:17:07.0600 3824 gpsvc - ok
00:17:07.0693 3824 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:17:07.0756 3824 gupdate - ok
00:17:07.0787 3824 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:17:07.0834 3824 gupdatem - ok
00:17:07.0896 3824 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:17:07.0959 3824 gusvc - ok
00:17:07.0974 3824 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:17:08.0021 3824 hcw85cir - ok
00:17:08.0052 3824 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:17:08.0083 3824 HDAudBus - ok
00:17:08.0099 3824 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:17:08.0146 3824 HidBatt - ok
00:17:08.0177 3824 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:17:08.0224 3824 HidBth - ok
00:17:08.0255 3824 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:17:08.0302 3824 HidIr - ok
00:17:08.0333 3824 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
00:17:08.0395 3824 hidserv - ok
00:17:08.0442 3824 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
00:17:08.0473 3824 HidUsb - ok
00:17:08.0473 3824 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
00:17:08.0551 3824 hkmsvc - ok
00:17:08.0583 3824 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
00:17:08.0614 3824 HomeGroupListener - ok
00:17:08.0645 3824 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
00:17:08.0676 3824 HomeGroupProvider - ok
00:17:08.0754 3824 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
00:17:08.0801 3824 HP Support Assistant Service - ok
00:17:08.0863 3824 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
00:17:08.0910 3824 HPDrvMntSvc.exe - ok
00:17:08.0988 3824 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
00:17:09.0066 3824 hpqwmiex - ok
00:17:09.0144 3824 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
00:17:09.0207 3824 HpSAMD - ok
00:17:09.0269 3824 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
00:17:09.0331 3824 HTTP - ok
00:17:09.0347 3824 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
00:17:09.0378 3824 hwpolicy - ok
00:17:09.0425 3824 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:17:09.0456 3824 i8042prt - ok
00:17:09.0503 3824 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
00:17:09.0550 3824 iaStorV - ok
00:17:09.0659 3824 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:17:09.0737 3824 idsvc - ok
00:17:09.0753 3824 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:17:09.0784 3824 iirsp - ok
00:17:09.0862 3824 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
00:17:09.0987 3824 IKEEXT - ok
00:17:10.0096 3824 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
00:17:10.0189 3824 IntcAzAudAddService - ok
00:17:10.0314 3824 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
00:17:10.0377 3824 intelide - ok
00:17:10.0408 3824 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:17:10.0439 3824 intelppm - ok
00:17:10.0470 3824 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:17:10.0517 3824 IPBusEnum - ok
00:17:10.0548 3824 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:17:10.0595 3824 IpFilterDriver - ok
00:17:10.0657 3824 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
00:17:10.0735 3824 iphlpsvc - ok
00:17:10.0751 3824 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
00:17:10.0798 3824 IPMIDRV - ok
00:17:10.0845 3824 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:17:10.0907 3824 IPNAT - ok
00:17:10.0954 3824 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:17:10.0985 3824 IRENUM - ok
00:17:11.0001 3824 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
00:17:11.0016 3824 isapnp - ok
00:17:11.0032 3824 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
00:17:11.0079 3824 iScsiPrt - ok
00:17:11.0172 3824 iWinTrusted (0e99e8a722fd6c5552fb60eea0008565) C:\Program Files (x86)\iWin Games\iWinTrusted.exe
00:17:11.0235 3824 iWinTrusted - ok
00:17:11.0281 3824 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:17:11.0328 3824 kbdclass - ok
00:17:11.0359 3824 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
00:17:11.0391 3824 kbdhid - ok
00:17:11.0406 3824 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:17:11.0437 3824 KeyIso - ok
00:17:11.0453 3824 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
00:17:11.0484 3824 KSecDD - ok
00:17:11.0500 3824 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
00:17:11.0531 3824 KSecPkg - ok
00:17:11.0547 3824 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:17:11.0609 3824 ksthunk - ok
00:17:11.0671 3824 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:17:11.0734 3824 KtmRm - ok
00:17:11.0796 3824 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
00:17:11.0874 3824 LanmanServer - ok
00:17:11.0921 3824 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
00:17:11.0999 3824 LanmanWorkstation - ok
00:17:12.0077 3824 LightScribeService (108333981c841eb0ff198aa5dfcf3d3b) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
00:17:12.0139 3824 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
00:17:12.0139 3824 LightScribeService - detected UnsignedFile.Multi.Generic (1)
00:17:12.0171 3824 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:17:12.0217 3824 lltdio - ok
00:17:12.0264 3824 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:17:12.0342 3824 lltdsvc - ok
00:17:12.0358 3824 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:17:12.0405 3824 lmhosts - ok
00:17:12.0451 3824 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:17:12.0483 3824 LSI_FC - ok
00:17:12.0498 3824 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:17:12.0529 3824 LSI_SAS - ok
00:17:12.0561 3824 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:17:12.0592 3824 LSI_SAS2 - ok
00:17:12.0607 3824 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:17:12.0639 3824 LSI_SCSI - ok
00:17:12.0654 3824 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:17:12.0717 3824 luafv - ok
00:17:12.0810 3824 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
00:17:12.0857 3824 McComponentHostService - ok
00:17:12.0888 3824 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
00:17:12.0888 3824 Mcx2Svc - ok
00:17:12.0919 3824 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:17:12.0935 3824 megasas - ok
00:17:12.0966 3824 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:17:12.0982 3824 MegaSR - ok
00:17:12.0982 3824 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:17:13.0013 3824 MMCSS - ok
00:17:13.0029 3824 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:17:13.0060 3824 Modem - ok
00:17:13.0091 3824 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:17:13.0122 3824 monitor - ok
00:17:13.0153 3824 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:17:13.0169 3824 mouclass - ok
00:17:13.0185 3824 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:17:13.0216 3824 mouhid - ok
00:17:13.0231 3824 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
00:17:13.0247 3824 mountmgr - ok
00:17:13.0309 3824 MpFilter (174a9f1f01f7a21ac5e5813d3fddc0ce) C:\Windows\system32\DRIVERS\MpFilter.sys
00:17:13.0341 3824 MpFilter - ok
00:17:13.0356 3824 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
00:17:13.0372 3824 mpio - ok
00:17:13.0387 3824 MpNWMon (ba073a6810ba8f53ebc4ac2e4eec61e1) C:\Windows\system32\DRIVERS\MpNWMon.sys
00:17:13.0403 3824 MpNWMon - ok
00:17:13.0434 3824 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:17:13.0465 3824 mpsdrv - ok
00:17:13.0559 3824 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
00:17:13.0653 3824 MpsSvc - ok
00:17:13.0668 3824 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
00:17:13.0699 3824 MRxDAV - ok
00:17:13.0731 3824 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:17:13.0793 3824 mrxsmb - ok
00:17:13.0840 3824 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:17:13.0855 3824 mrxsmb10 - ok
00:17:13.0887 3824 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:17:13.0902 3824 mrxsmb20 - ok
00:17:13.0918 3824 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
00:17:13.0933 3824 msahci - ok
00:17:13.0949 3824 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
00:17:13.0965 3824 msdsm - ok
00:17:13.0980 3824 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:17:14.0011 3824 MSDTC - ok
00:17:14.0043 3824 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:17:14.0105 3824 Msfs - ok
00:17:14.0121 3824 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:17:14.0152 3824 mshidkmdf - ok
00:17:14.0167 3824 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
00:17:14.0167 3824 msisadrv - ok
00:17:14.0199 3824 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:17:14.0261 3824 MSiSCSI - ok
00:17:14.0261 3824 msiserver - ok
00:17:14.0292 3824 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:17:14.0323 3824 MSKSSRV - ok
00:17:14.0401 3824 MsMpSvc (69da1c00ed5561f7f8028720c367c91e) c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
00:17:14.0433 3824 MsMpSvc - ok
00:17:14.0448 3824 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:17:14.0479 3824 MSPCLOCK - ok
00:17:14.0495 3824 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:17:14.0526 3824 MSPQM - ok
00:17:14.0589 3824 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
00:17:14.0620 3824 MsRPC - ok
00:17:14.0635 3824 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
00:17:14.0635 3824 mssmbios - ok
00:17:14.0651 3824 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:17:14.0698 3824 MSTEE - ok
00:17:14.0729 3824 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:17:14.0745 3824 MTConfig - ok
00:17:14.0760 3824 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:17:14.0776 3824 Mup - ok
00:17:14.0807 3824 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
00:17:14.0869 3824 napagent - ok
00:17:14.0916 3824 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:17:14.0947 3824 NativeWifiP - ok
00:17:14.0994 3824 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
00:17:15.0025 3824 NDIS - ok
00:17:15.0041 3824 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:17:15.0072 3824 NdisCap - ok
00:17:15.0103 3824 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:17:15.0135 3824 NdisTapi - ok
00:17:15.0150 3824 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
00:17:15.0181 3824 Ndisuio - ok
00:17:15.0197 3824 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:17:15.0228 3824 NdisWan - ok
00:17:15.0244 3824 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
00:17:15.0306 3824 NDProxy - ok
00:17:15.0306 3824 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:17:15.0337 3824 NetBIOS - ok
00:17:15.0369 3824 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
00:17:15.0415 3824 NetBT - ok
00:17:15.0447 3824 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:17:15.0462 3824 Netlogon - ok
00:17:15.0509 3824 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:17:15.0571 3824 Netman - ok
00:17:15.0603 3824 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:17:15.0665 3824 netprofm - ok
00:17:15.0727 3824 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:17:15.0759 3824 NetTcpPortSharing - ok
00:17:15.0790 3824 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:17:15.0805 3824 nfrd960 - ok
00:17:15.0837 3824 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
00:17:15.0899 3824 NlaSvc - ok
00:17:15.0946 3824 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:17:15.0977 3824 Npfs - ok
00:17:15.0977 3824 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:17:16.0008 3824 nsi - ok
00:17:16.0024 3824 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:17:16.0055 3824 nsiproxy - ok
00:17:16.0164 3824 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
00:17:16.0195 3824 Ntfs - ok
00:17:16.0273 3824 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:17:16.0336 3824 Null - ok
00:17:16.0944 3824 nvlddmkm (181b6e6f49f9f3ad05589b48e29ba167) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:17:17.0100 3824 nvlddmkm - ok
00:17:17.0256 3824 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
00:17:17.0303 3824 NVNET - ok
00:17:17.0319 3824 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
00:17:17.0334 3824 nvraid - ok
00:17:17.0365 3824 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
00:17:17.0381 3824 nvstor - ok
00:17:17.0412 3824 nvstor64 (6ba747b1a9297a6c0271700d12fdd495) C:\Windows\system32\DRIVERS\nvstor64.sys
00:17:17.0428 3824 nvstor64 - ok
00:17:17.0490 3824 nvsvc (b5b5da18380f625c34b88b93d09d7d40) C:\Windows\system32\nvvsvc.exe
00:17:17.0521 3824 nvsvc - ok
00:17:17.0537 3824 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
00:17:17.0553 3824 nv_agp - ok
00:17:17.0662 3824 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:17:17.0693 3824 odserv - ok
00:17:17.0724 3824 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
00:17:17.0771 3824 ohci1394 - ok
00:17:17.0818 3824 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:17:17.0849 3824 ose - ok
00:17:17.0880 3824 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:17:17.0911 3824 p2pimsvc - ok
00:17:17.0958 3824 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:17:18.0005 3824 p2psvc - ok
00:17:18.0036 3824 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:17:18.0052 3824 Parport - ok
00:17:18.0083 3824 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
00:17:18.0099 3824 partmgr - ok
00:17:18.0130 3824 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:17:18.0177 3824 PcaSvc - ok
00:17:18.0192 3824 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
00:17:18.0208 3824 pci - ok
00:17:18.0223 3824 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
00:17:18.0239 3824 pciide - ok
00:17:18.0255 3824 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:17:18.0270 3824 pcmcia - ok
00:17:18.0286 3824 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:17:18.0301 3824 pcw - ok
00:17:18.0317 3824 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:17:18.0379 3824 PEAUTH - ok
00:17:18.0442 3824 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:17:18.0473 3824 PerfHost - ok
00:17:18.0535 3824 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
00:17:18.0598 3824 pla - ok
00:17:18.0645 3824 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
00:17:18.0691 3824 PlugPlay - ok
00:17:18.0707 3824 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:17:18.0723 3824 PNRPAutoReg - ok
00:17:18.0754 3824 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:17:18.0754 3824 PNRPsvc - ok
00:17:18.0801 3824 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
00:17:18.0847 3824 PolicyAgent - ok
00:17:18.0879 3824 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:17:18.0925 3824 Power - ok
00:17:18.0988 3824 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
00:17:19.0081 3824 PptpMiniport - ok
00:17:19.0113 3824 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:17:19.0144 3824 Processor - ok
00:17:19.0159 3824 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
00:17:19.0222 3824 ProfSvc - ok
00:17:19.0253 3824 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:17:19.0253 3824 ProtectedStorage - ok
00:17:19.0284 3824 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
00:17:19.0315 3824 Psched - ok
00:17:19.0409 3824 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:17:19.0471 3824 ql2300 - ok
00:17:19.0565 3824 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:17:19.0612 3824 ql40xx - ok
00:17:19.0627 3824 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:17:19.0659 3824 QWAVE - ok
00:17:19.0674 3824 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:17:19.0737 3824 QWAVEdrv - ok
00:17:19.0752 3824 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:17:19.0799 3824 RasAcd - ok
00:17:19.0846 3824 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:17:19.0877 3824 RasAgileVpn - ok
00:17:19.0893 3824 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:17:19.0939 3824 RasAuto - ok
00:17:19.0971 3824 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:17:20.0033 3824 Rasl2tp - ok
00:17:20.0064 3824 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
00:17:20.0142 3824 RasMan - ok
00:17:20.0158 3824 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:17:20.0205 3824 RasPppoe - ok
00:17:20.0236 3824 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:17:20.0283 3824 RasSstp - ok
00:17:20.0314 3824 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
00:17:20.0376 3824 rdbss - ok
00:17:20.0407 3824 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:17:20.0454 3824 rdpbus - ok
00:17:20.0485 3824 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:17:20.0532 3824 RDPCDD - ok
00:17:20.0563 3824 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:17:20.0610 3824 RDPENCDD - ok
00:17:20.0610 3824 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:17:20.0657 3824 RDPREFMP - ok
00:17:20.0688 3824 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
00:17:20.0719 3824 RDPWD - ok
00:17:20.0751 3824 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
00:17:20.0782 3824 rdyboost - ok
00:17:20.0813 3824 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:17:20.0860 3824 RemoteAccess - ok
00:17:20.0907 3824 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:17:20.0953 3824 RemoteRegistry - ok
00:17:20.0969 3824 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:17:21.0031 3824 RpcEptMapper - ok
00:17:21.0063 3824 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:17:21.0094 3824 RpcLocator - ok
00:17:21.0125 3824 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
00:17:21.0172 3824 RpcSs - ok
00:17:21.0187 3824 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:17:21.0250 3824 rspndr - ok
00:17:21.0281 3824 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:17:21.0312 3824 SamSs - ok
00:17:21.0343 3824 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
00:17:21.0375 3824 sbp2port - ok
00:17:21.0375 3824 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:17:21.0437 3824 SCardSvr - ok
00:17:21.0453 3824 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
00:17:21.0484 3824 scfilter - ok
00:17:21.0562 3824 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
00:17:21.0593 3824 Schedule - ok
00:17:21.0624 3824 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
00:17:21.0655 3824 SCPolicySvc - ok
00:17:21.0671 3824 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
00:17:21.0718 3824 SDRSVC - ok
00:17:21.0780 3824 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
00:17:21.0827 3824 SeaPort - ok
00:17:21.0858 3824 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:17:21.0936 3824 secdrv - ok
00:17:21.0952 3824 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
00:17:22.0014 3824 seclogon - ok
00:17:22.0045 3824 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
00:17:22.0123 3824 SENS - ok
00:17:22.0123 3824 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:17:22.0170 3824 SensrSvc - ok
00:17:22.0217 3824 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:17:22.0248 3824 Serenum - ok
00:17:22.0264 3824 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:17:22.0295 3824 Serial - ok
00:17:22.0326 3824 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:17:22.0373 3824 sermouse - ok
00:17:22.0404 3824 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
00:17:22.0451 3824 SessionEnv - ok
00:17:22.0467 3824 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
00:17:22.0498 3824 sffdisk - ok
00:17:22.0513 3824 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
00:17:22.0545 3824 sffp_mmc - ok
00:17:22.0545 3824 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:17:22.0576 3824 sffp_sd - ok
00:17:22.0607 3824 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:17:22.0638 3824 sfloppy - ok
00:17:22.0685 3824 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:17:22.0732 3824 SharedAccess - ok
00:17:22.0763 3824 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
00:17:22.0794 3824 ShellHWDetection - ok
00:17:22.0841 3824 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:17:22.0857 3824 SiSRaid2 - ok
00:17:22.0872 3824 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:17:22.0903 3824 SiSRaid4 - ok
00:17:22.0950 3824 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:17:23.0013 3824 Smb - ok
00:17:23.0044 3824 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:17:23.0106 3824 SNMPTRAP - ok
00:17:23.0122 3824 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:17:23.0153 3824 spldr - ok
00:17:23.0200 3824 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
00:17:23.0231 3824 Spooler - ok
00:17:23.0371 3824 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
00:17:23.0481 3824 sppsvc - ok
00:17:23.0574 3824 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:17:23.0668 3824 sppuinotify - ok
00:17:23.0746 3824 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
00:17:23.0871 3824 srv - ok
00:17:23.0902 3824 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
00:17:23.0964 3824 srv2 - ok
00:17:23.0995 3824 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
00:17:24.0042 3824 srvnet - ok
00:17:24.0089 3824 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:17:24.0136 3824 SSDPSRV - ok
00:17:24.0151 3824 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:17:24.0214 3824 SstpSvc - ok
00:17:24.0261 3824 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:17:24.0307 3824 stexstor - ok
00:17:24.0354 3824 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
00:17:24.0401 3824 stisvc - ok
00:17:24.0417 3824 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
00:17:24.0448 3824 swenum - ok
00:17:24.0495 3824 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:17:24.0557 3824 swprv - ok
00:17:24.0635 3824 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
00:17:24.0729 3824 SysMain - ok
00:17:24.0931 3824 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
00:17:24.0994 3824 TabletInputService - ok
00:17:25.0041 3824 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
00:17:25.0103 3824 TapiSrv - ok
00:17:25.0103 3824 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:17:25.0165 3824 TBS - ok
00:17:25.0306 3824 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
00:17:25.0368 3824 Tcpip - ok
00:17:25.0524 3824 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
00:17:25.0587 3824 TCPIP6 - ok
00:17:25.0633 3824 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
00:17:25.0680 3824 tcpipreg - ok
00:17:25.0696 3824 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:17:25.0743 3824 TDPIPE - ok
00:17:25.0774 3824 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
00:17:25.0805 3824 TDTCP - ok
00:17:25.0821 3824 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
00:17:25.0867 3824 tdx - ok
00:17:25.0899 3824 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
00:17:25.0930 3824 TermDD - ok
00:17:25.0961 3824 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
00:17:26.0023 3824 TermService - ok
00:17:26.0023 3824 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:17:26.0070 3824 Themes - ok
00:17:26.0101 3824 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:17:26.0148 3824 THREADORDER - ok
00:17:26.0164 3824 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:17:26.0226 3824 TrkWks - ok
00:17:26.0289 3824 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
00:17:26.0367 3824 TrustedInstaller - ok
00:17:26.0398 3824 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:17:26.0445 3824 tssecsrv - ok
00:17:26.0476 3824 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
00:17:26.0554 3824 tunnel - ok
00:17:26.0569 3824 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:17:26.0601 3824 uagp35 - ok
00:17:26.0632 3824 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
00:17:26.0694 3824 udfs - ok
00:17:26.0725 3824 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:17:26.0757 3824 UI0Detect - ok
00:17:26.0772 3824 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
00:17:26.0803 3824 uliagpkx - ok
00:17:26.0803 3824 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
00:17:26.0835 3824 umbus - ok
00:17:26.0850 3824 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:17:26.0913 3824 UmPass - ok
00:17:26.0944 3824 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:17:27.0022 3824 upnphost - ok
00:17:27.0053 3824 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
00:17:27.0100 3824 usbccgp - ok
00:17:27.0131 3824 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
00:17:27.0225 3824 usbcir - ok
00:17:27.0271 3824 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
00:17:27.0287 3824 usbehci - ok
00:17:27.0365 3824 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
00:17:27.0459 3824 usbhub - ok
00:17:27.0490 3824 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
00:17:27.0521 3824 usbohci - ok
00:17:27.0552 3824 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:17:27.0630 3824 usbprint - ok
00:17:27.0677 3824 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:17:27.0724 3824 usbscan - ok
00:17:27.0771 3824 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
00:17:27.0817 3824 USBSTOR - ok
00:17:27.0849 3824 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
00:17:27.0880 3824 usbuhci - ok
00:17:27.0911 3824 uxrsiezz - ok
00:17:27.0942 3824 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:17:28.0036 3824 UxSms - ok
00:17:28.0067 3824 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
00:17:28.0098 3824 VaultSvc - ok
00:17:28.0114 3824 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
00:17:28.0145 3824 vdrvroot - ok
00:17:28.0176 3824 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
00:17:28.0223 3824 vds - ok
00:17:28.0270 3824 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:17:28.0301 3824 vga - ok
00:17:28.0301 3824 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:17:28.0363 3824 VgaSave - ok
00:17:28.0395 3824 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
00:17:28.0426 3824 vhdmp - ok
00:17:28.0441 3824 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
00:17:28.0457 3824 viaide - ok
00:17:28.0488 3824 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
00:17:28.0504 3824 volmgr - ok
00:17:28.0535 3824 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
00:17:28.0566 3824 volmgrx - ok
00:17:28.0613 3824 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
00:17:28.0644 3824 volsnap - ok
00:17:28.0675 3824 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:17:28.0707 3824 vsmraid - ok
00:17:28.0785 3824 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
00:17:28.0863 3824 VSS - ok
00:17:28.0956 3824 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
00:17:29.0034 3824 vwifibus - ok
00:17:29.0081 3824 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:17:29.0159 3824 W32Time - ok
00:17:29.0190 3824 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:17:29.0237 3824 WacomPen - ok
00:17:29.0268 3824 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
00:17:29.0346 3824 WANARP - ok
00:17:29.0362 3824 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
00:17:29.0409 3824 Wanarpv6 - ok
00:17:29.0502 3824 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:17:29.0580 3824 WatAdminSvc - ok
00:17:29.0658 3824 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
00:17:29.0783 3824 wbengine - ok
00:17:29.0892 3824 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:17:29.0970 3824 WbioSrvc - ok
00:17:30.0001 3824 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
00:17:30.0048 3824 wcncsvc - ok
00:17:30.0064 3824 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:17:30.0095 3824 WcsPlugInService - ok
00:17:30.0111 3824 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:17:30.0142 3824 Wd - ok
00:17:30.0189 3824 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:17:30.0235 3824 Wdf01000 - ok
00:17:30.0251 3824 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:17:30.0282 3824 WdiServiceHost - ok
00:17:30.0298 3824 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:17:30.0313 3824 WdiSystemHost - ok
00:17:30.0345 3824 wdzwtucb - ok
00:17:30.0376 3824 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
00:17:30.0438 3824 WebClient - ok
00:17:30.0454 3824 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:17:30.0501 3824 Wecsvc - ok
00:17:30.0516 3824 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:17:30.0563 3824 wercplsupport - ok
00:17:30.0594 3824 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:17:30.0641 3824 WerSvc - ok
00:17:30.0657 3824 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:17:30.0703 3824 WfpLwf - ok
00:17:30.0719 3824 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:17:30.0750 3824 WIMMount - ok
00:17:30.0781 3824 WinDefend - ok
00:17:30.0797 3824 WinHttpAutoProxySvc - ok
00:17:30.0859 3824 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:17:30.0937 3824 Winmgmt - ok
00:17:31.0000 3824 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
00:17:31.0109 3824 WinRM - ok
00:17:31.0249 3824 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
00:17:31.0327 3824 WinUsb - ok
00:17:31.0390 3824 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:17:31.0452 3824 Wlansvc - ok
00:17:31.0671 3824 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:17:31.0764 3824 wlidsvc - ok
00:17:31.0827 3824 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:17:31.0889 3824 WmiAcpi - ok
00:17:31.0936 3824 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:17:31.0998 3824 wmiApSrv - ok
00:17:32.0045 3824 WMPNetworkSvc - ok
00:17:32.0061 3824 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:17:32.0123 3824 WPCSvc - ok
00:17:32.0139 3824 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
00:17:32.0185 3824 WPDBusEnum - ok
00:17:32.0201 3824 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:17:32.0279 3824 ws2ifsl - ok
00:17:32.0341 3824 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
00:17:32.0435 3824 wscsvc - ok
00:17:32.0451 3824 WSearch - ok
00:17:32.0560 3824 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
00:17:32.0685 3824 wuauserv - ok
00:17:32.0778 3824 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
00:17:32.0872 3824 WudfPf - ok
00:17:32.0919 3824 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:17:32.0965 3824 WUDFRd - ok
00:17:32.0981 3824 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
00:17:33.0059 3824 wudfsvc - ok
00:17:33.0090 3824 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:17:33.0168 3824 WwanSvc - ok
00:17:33.0262 3824 X5XS64Ex (4b238d439f252fbd9cc4711a13563c62) C:\Program Files (x86)\Free Ride Games\X5XS64Ex.Sys
00:17:33.0324 3824 X5XS64Ex - ok
00:17:33.0433 3824 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
00:17:33.0480 3824 YahooAUService - ok
00:17:33.0496 3824 MBR (0x1B8) (a5b154d4f8d7652cdc798e81446ea5d5) \Device\Harddisk0\DR0
00:17:33.0761 3824 \Device\Harddisk0\DR0 - ok
00:17:33.0761 3824 Boot (0x1200) (cab20d97a2d166f09a4f1784751f7808) \Device\Harddisk0\DR0\Partition0
00:17:33.0777 3824 \Device\Harddisk0\DR0\Partition0 - ok
00:17:33.0808 3824 Boot (0x1200) (fe20c010582a1c4ecae7cd0835bf6fb0) \Device\Harddisk0\DR0\Partition1
00:17:33.0808 3824 \Device\Harddisk0\DR0\Partition1 - ok
00:17:33.0839 3824 Boot (0x1200) (1ee363b586308bcd5baebea8a3188fd3) \Device\Harddisk0\DR0\Partition2
00:17:33.0855 3824 \Device\Harddisk0\DR0\Partition2 - ok
00:17:33.0855 3824 ============================================================
00:17:33.0855 3824 Scan finished
00:17:33.0855 3824 ============================================================
00:17:33.0901 1496 Detected object count: 1
00:17:33.0901 1496 Actual detected object count: 1
00:17:49.0704 1496 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
00:17:49.0704 1496 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\uxrsiezz.sys
c:\windows\system32\drivers\wdzwtucb.sys

Folder::

Registry::

Driver::
uxrsiezz
wdzwtucb


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Step 2.

Click Start >> Control Panel >> Under Programs click Uninstall a program

All of these programs facilitate adding malware to your machine some in the form of adware and trackers and the others as stronger malware.

Free Ride Games Player
RebateInformer
Ask Toolbar
Coupon Printer for Windows
Dogpile Bundle Toolbar
Free_Ride_Games Toolbar
Homepage Protection
iWin Toolbar
iWin Games (remove only)
Play Pickle
StartNow Toolbar
Zynga Toolbar




Step 3.

Uninstall these as well:

McAfee Security Scan Plus
Norton Security Scan


Then download and run these tools

Norton removal tool

McAfee removal tool


Step 4.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 5.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    C:\windows\*. /RP /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt
  • Post the log


Step 5.

Please post:

Combofix.txt
aswMBR log
OTL.txt



Give me a detailed update on the computer issues
  • 0

#5
rotccapt

rotccapt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
here is the next set of logs

ComboFix 12-05-15.04 - david 05/16/2012 9:15.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3966.3063 [GMT -4:00]
Running from: c:\users\david\Downloads\ComboFix.exe
Command switches used :: c:\users\david\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {2E6C4BAB-3371-CD46-62DC-0E0A86B42619}
SP: Microsoft Security Essentials *Disabled/Updated* {950DAA4F-154B-C2C8-586C-3578FD336CA4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\uxrsiezz.sys"
"c:\windows\system32\drivers\wdzwtucb.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\nvsvc32 .exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_wdzwtucb
.
.
((((((((((((((((((((((((( Files Created from 2012-04-16 to 2012-05-16 )))))))))))))))))))))))))))))))
.
.
2012-05-16 13:25 . 2012-05-16 13:25 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49B86717-BD01-44BF-9CCC-A02AB8779169}\offreg.dll
2012-05-16 13:23 . 2012-05-16 13:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-05-16 13:23 . 2012-05-16 13:23 -------- d-----w- c:\users\qw\AppData\Local\temp
2012-05-16 13:23 . 2012-05-16 13:23 -------- d-----w- c:\users\lynne\AppData\Local\temp
2012-05-16 13:23 . 2012-05-16 13:23 -------- d-----w- c:\users\Lynne.david-PC\AppData\Local\temp
2012-05-16 13:23 . 2012-05-16 13:23 -------- d-----w- c:\users\lynne.david-PC.000\AppData\Local\temp
2012-05-16 13:23 . 2012-05-16 13:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-16 13:23 . 2012-05-16 13:23 -------- d-----w- c:\users\dad\AppData\Local\temp
2012-05-16 13:23 . 2012-05-16 13:23 -------- d-----w- c:\users\dad.david-PC\AppData\Local\temp
2012-05-16 13:23 . 2012-05-16 13:23 -------- d-----w- c:\users\amanda\AppData\Local\temp
2012-05-16 05:19 . 2012-05-16 05:19 -------- d-----w- c:\users\lynne.david-PC.000\AppData\Local\visi_coupon
2012-05-16 05:19 . 2012-05-16 05:19 -------- d-----w- c:\users\lynne.david-PC.000\AppData\Roaming\Yahoo!
2012-05-16 03:01 . 2012-05-16 03:01 -------- d-----w- C:\_OTL
2012-05-15 22:05 . 2012-05-16 07:12 -------- d-----w- c:\windows\system32\MpEngineStore
2012-05-15 21:07 . 2012-05-15 21:07 -------- d-----w- c:\program files (x86)\PC Tools
2012-05-15 20:56 . 2012-05-16 01:24 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-05-15 20:55 . 2012-05-15 21:08 -------- d-----w- c:\programdata\PC Tools
2012-05-15 20:55 . 2012-05-15 20:55 -------- d-----w- c:\users\david\AppData\Roaming\TestApp
2012-05-15 19:58 . 2012-04-13 05:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49B86717-BD01-44BF-9CCC-A02AB8779169}\mpengine.dll
2012-05-15 19:57 . 2012-05-16 06:31 -------- d-----w- c:\program files (x86)\Microsoft Antimalware
2012-05-15 19:46 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-05-15 19:46 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-15 19:46 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-15 19:46 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-15 19:46 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-15 19:46 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-15 19:46 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-05-15 19:46 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-15 19:46 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-05-15 19:46 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-05-15 19:45 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-15 19:45 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys
2012-05-15 19:45 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-15 19:45 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-15 19:45 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-15 19:44 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-15 19:44 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-15 19:44 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-15 19:44 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-15 19:44 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-15 19:44 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-15 16:29 . 2012-05-15 23:20 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-05-15 16:29 . 2012-05-15 23:20 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-15 16:18 . 2012-05-15 16:18 -------- d-----w- c:\users\david\AppData\Roaming\Apple Computer
2012-05-11 21:00 . 2012-05-16 06:31 -------- d-----w- c:\users\face book
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 21:58 . 2012-04-13 21:58 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 06:54 . 2012-04-12 07:00 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:45 . 2012-04-12 07:00 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:40 . 2012-04-12 07:00 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:35 . 2012-04-12 07:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:49 . 2012-04-12 07:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:45 . 2012-04-12 07:00 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:40 . 2012-04-12 07:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 07:03 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 07:03 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 07:03 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 07:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 07:03 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 07:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 07:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 07:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
<pre>
c:\program files (x86)\Free Ride Games\GPlayer .exe
c:\program files (x86)\hp\HP Software Update\HPWuSchd2 .exe
</pre>
.
((((((((((((((((((((((((((((( SnapShot@2012-05-16_04.05.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-28 18:43 . 2012-05-16 13:26 46244 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-16 13:26 44284 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2012-05-16 07:33 78512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-12-15 18:01 . 2011-12-15 18:01 68880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
- 2011-11-22 03:57 . 2011-11-22 03:57 68880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
- 2011-11-22 02:31 . 2011-11-22 02:31 57616 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 57616 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-04-12 07:06 . 2012-04-12 07:06 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-05-16 07:08 . 2012-05-16 07:08 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-11 07:05 . 2012-05-16 07:03 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2010-06-11 07:05 . 2012-03-30 03:04 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2010-01-26 00:00 . 2012-04-12 07:04 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-01-26 00:00 . 2012-05-16 07:12 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-01-26 00:00 . 2012-05-16 07:12 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-01-26 00:00 . 2012-04-12 07:04 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-01-26 00:00 . 2012-04-12 07:04 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-01-26 00:00 . 2012-05-16 07:12 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-01-26 00:29 . 2012-05-16 07:12 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-01-26 00:29 . 2012-04-12 07:05 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-01-26 00:29 . 2012-05-16 07:12 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-01-26 00:29 . 2012-04-12 07:05 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-01-26 00:29 . 2012-04-12 07:05 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-01-26 00:29 . 2012-05-16 07:12 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-04-14 04:36 . 2012-03-30 03:08 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-04-14 04:36 . 2012-05-16 07:12 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-06-05 12:44 . 2012-02-16 08:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-05 12:44 . 2012-05-16 07:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-05-16 07:18 . 2012-05-16 07:18 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\7fa267d10b2df6dbd00d00d130715f0a\System.Xml.Serialization.ni.dll
+ 2012-05-16 07:18 . 2012-05-16 07:18 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\054fce9466c6cef615b2f7cc9ff4e7f8\System.Windows.Presentation.ni.dll
+ 2012-05-16 07:18 . 2012-05-16 07:18 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\ff78ec1b5bf38a8fb74c2d4f41bb308a\System.Web.ApplicationServices.ni.dll
+ 2012-05-16 07:15 . 2012-05-16 07:15 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\e144d0028365c62178eb0662911ac910\System.AddIn.Contract.ni.dll
+ 2012-05-16 07:12 . 2012-05-16 07:12 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\93295f3771dc9e5be2d49d5f5d76a7a6\Microsoft.VisualC.ni.dll
+ 2012-05-16 07:11 . 2012-05-16 07:11 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\5ea625ce2d6c08687f70cb81a003a28b\dfsvc.ni.exe
+ 2012-05-16 07:11 . 2012-05-16 07:11 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\061cbee19075e086d675a9e1f65725d7\Accessibility.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\05787d96761cf20b76b927ace10ef1d3\UIAutomationProvider.ni.dll
+ 2012-05-16 07:21 . 2012-05-16 07:21 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\f3a9c6e87bfa4bab3689ec1cdb56964f\System.Windows.Presentation.ni.dll
+ 2012-05-16 07:21 . 2012-05-16 07:21 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\9b418f37f4594806e1f4b0ed6d083a95\System.Web.ApplicationServices.ni.dll
+ 2012-05-16 07:21 . 2012-05-16 07:21 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d09c237ee72af3935f1a01388ef8e315\System.ServiceModel.Channels.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\59be5fb54e018032511415f0b0523ee3\System.AddIn.Contract.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\46f273930666397a8cb538ffe9190eef\Microsoft.VisualC.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\62c1a496dff99a6e5f5e4278d31ca4c1\Accessibility.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\cf409e6576e3acec611838a755293418\System.Windows.Presentation.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\99c48948cadbb09df96bfe36edf60511\System.Web.DynamicData.Design.ni.dll
+ 2012-05-16 07:40 . 2012-05-16 07:40 90624 c:\windows\assembly\NativeImages_v2.0.50727_64\stdole\ef1f41de2634a23063369e7eb1cac97b\stdole.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\ecc5750e8d62675bf59eb202eeeeacbe\PresentationFontCache.ni.exe
+ 2012-05-16 07:34 . 2012-05-16 07:34 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\cc29df25d166ceed89d259b00e2bba9e\PresentationCFFRasterizer.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\dd71ed714dc374e3d85824c17795e706\Microsoft.WSMan.Runtime.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\b8dac004fdabbb2dc12830dcd22fed29\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 70144 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\6b86a80d8cb8fb51252e0cd8fe697f9f\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\64c811070a4d05e238e27d2a6e9bed25\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\4eaff8355f942bb1a95300aeb2882602\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\3453bb2216048726659887ecaf5cce4a\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\12abdc966e63bcb3077c71c6483762c3\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-05-16 07:33 . 2012-05-16 07:33 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\e0e2b0cdfa700bc21e09ddac3a9b46cc\Microsoft.VisualC.ni.dll
+ 2012-05-16 07:40 . 2012-05-16 07:40 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\c341c5df5ab35bb87765f39688c1e7ec\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\62299472064bb88c63cdfa740cc34f1d\LoadMxf.ni.exe
+ 2012-05-16 07:40 . 2012-05-16 07:40 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\4ba55ae7274a85c8ae32a36aa8bcbfc5\ehiUPnP.ni.dll
+ 2012-05-16 07:40 . 2012-05-16 07:40 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\f9bd420501d5877ff7dd7fe308663935\ehiTVMSMusic.ni.dll
+ 2012-05-16 07:39 . 2012-05-16 07:39 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\c1ba413fc8eb57b417a2de4cf678e4f6\dfsvc.ni.exe
+ 2012-05-16 07:34 . 2012-05-16 07:34 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\0bc383bf9841cca7654fe938399b3a07\Accessibility.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\727ca1f963e5ccc727c30f2985f8069f\WindowsLiveWriter.ni.exe
+ 2012-05-16 07:45 . 2012-05-16 07:45 81408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dfe1496c2a27c01b1e24cd9bae3ccf8c\WindowsLive.Writer.Passport.ni.dll
+ 2012-05-16 07:31 . 2012-05-16 07:31 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\68b5806af0df6ce86027bacb7dc37233\UIAutomationProvider.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\b0b664ed5c18ac51259abb7902671370\System.Windows.Presentation.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4171538a927bfd6882f7d5a21619e2a1\System.Web.DynamicData.Design.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\bdf3aabfa0a15d557aec32505a5eaaee\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-16 07:37 . 2012-05-16 07:37 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\99bb6d93ce5daed24761530fa32ed5f4\System.AddIn.Contract.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\5357cca887f53e1007fc9cf4c0c9a412\stdole.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\b0cdc419b6f2b0ddf0cda5f157e67516\PresentationFontCache.ni.exe
+ 2012-05-16 07:31 . 2012-05-16 07:31 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\8ac4be1ad8f1aae0c23366c9ce0724e0\PresentationCFFRasterizer.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\1af767233028c3165de880775391c53f\napcrypt.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\b9935982ad038d7a02f7931a8ee2977b\Microsoft.WSMan.Runtime.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\ea54c98d0fa82cdb0bf5ec9b50463d75\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\ddf3add57c84af5d63b3a2398ed5e1a4\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\bd26bb6b78c6c02df886f26342b5e76a\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\6a491bf821cc13223f288eb72176ffc7\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 86016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\6a1cb87d9cb795b53eab2c57e2d7db48\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\62e634be25913db13e84a26296cee020\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\5c234eea7e7d54a466ad00d9ac238e6a\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\dc44431123bc3e6b39dbea49ac1f1963\Microsoft.Vsa.ni.dll
+ 2012-05-16 07:31 . 2012-05-16 07:31 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\b69ac98f94e80b659eac618c6142ea9b\Microsoft.VisualC.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\6ddfa12f22ada63da088e98223858b69\Microsoft.Build.Framework.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\2f7754efa196f832b12b4133f0eae060\Microsoft.Build.Framework.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\094c7076aed91bda969c01f72d4bb63a\ehiUserXp.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 73728 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\737921759b25c001f0ecfe67e0ea2dcf\DriversHQ.DriverDetective.ExceptionLogging.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\3c44431071abcaba099902fb72392688\dfsvc.ni.exe
+ 2012-05-16 07:31 . 2012-05-16 07:31 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\34f340b0c113f7216a55dd7c82a69cc2\Accessibility.ni.dll
+ 2010-01-11 00:54 . 2012-05-16 13:26 7198 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1933807018-2255335940-2543778444-1000_UserData.bin
- 2012-05-16 04:04 . 2012-05-16 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-16 13:24 . 2012-05-16 13:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-16 04:04 . 2012-05-16 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-16 13:24 . 2012-05-16 13:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-16 07:21 . 2012-05-16 07:21 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\4b540b784465ca3f0742990e5af444e3\System.Xml.Serialization.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\fd866b4158c3bd2a26c875f2896c5573\dfsvc.ni.exe
+ 2010-01-11 00:02 . 2012-05-16 13:06 274402 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-05-16 07:08 624162 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-16 03:21 624162 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-16 03:21 106538 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-05-16 07:08 106538 c:\windows\system32\perfc009.dat
- 2009-07-14 04:45 . 2012-03-15 07:19 436624 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-05-16 07:30 436624 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:01 . 2012-05-16 13:24 399624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-16 04:03 399624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-15 18:01 . 2011-12-15 18:01 226600 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationHost_v0400.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 156440 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.AddIn.dll
- 2011-11-22 03:57 . 2011-11-22 03:57 598784 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll
+ 2011-12-15 18:01 . 2011-12-15 18:01 598784 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll
+ 2012-05-15 19:45 . 2012-04-06 00:45 172128 c:\windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationHostDLL.dll
+ 2012-05-15 19:45 . 2012-01-04 02:48 486144 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 182056 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 156440 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll
- 2011-11-22 02:31 . 2011-11-22 02:31 518400 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 518400 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
- 2011-11-22 02:31 . 2011-11-22 02:31 957200 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 957200 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 386824 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2012-05-15 19:45 . 2012-04-06 00:49 131168 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2012-05-15 19:45 . 2012-01-04 02:51 389888 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2012-05-12 17:06 . 2012-01-04 02:51 364816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2012-05-15 19:45 . 2012-01-04 02:51 996112 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 616216 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 616216 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-05-16 07:08 . 2012-05-16 07:08 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-05-16 07:08 . 2012-05-16 07:08 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2010-01-26 00:00 . 2012-04-12 07:04 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-01-26 00:00 . 2012-05-16 07:12 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-01-26 00:00 . 2012-04-12 07:04 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-01-26 00:00 . 2012-05-16 07:12 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2010-01-26 00:00 . 2012-04-12 07:04 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2010-01-26 00:00 . 2012-05-16 07:12 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2010-01-26 00:00 . 2012-05-16 07:12 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2010-01-26 00:00 . 2012-04-12 07:04 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-01-26 00:29 . 2012-05-16 07:12 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-01-26 00:29 . 2012-04-12 07:05 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-01-26 00:29 . 2012-05-16 07:12 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2010-01-26 00:29 . 2012-04-12 07:05 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-01-26 00:29 . 2012-05-16 07:12 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2010-01-26 00:29 . 2012-04-12 07:05 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2010-01-26 00:29 . 2012-04-12 07:05 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-01-26 00:29 . 2012-05-16 07:12 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-01-26 00:29 . 2012-05-16 07:12 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2010-01-26 00:29 . 2012-04-12 07:05 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 181096 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationHostDLL_X86.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 225640 c:\windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationHostDLL_AMD64.dll
+ 2011-09-16 00:41 . 2011-09-16 00:41 408936 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\WINWORD.EXE
+ 2012-05-16 07:18 . 2012-05-16 07:18 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\65f25960625d91ca79a40f9067adc021\WindowsFormsIntegration.ni.dll
+ 2012-05-16 07:14 . 2012-05-16 07:14 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\fb43d84bc59b21e8a7f3e36d616eea90\UIAutomationTypes.ni.dll
+ 2012-05-16 07:14 . 2012-05-16 07:14 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\26f12a0a3baed2a227cf30aaeae03913\UIAutomationProvider.ni.dll
+ 2012-05-16 07:18 . 2012-05-16 07:18 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\1c3c298326e9ac14796516ac1da09a16\UIAutomationClient.ni.dll
+ 2012-05-16 07:14 . 2012-05-16 07:14 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\307eea660f877dc40ae90882ce554757\System.Xml.Linq.ni.dll
+ 2012-05-16 07:14 . 2012-05-16 07:14 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\b4afa252d0f0e27b0b5e8fcb2cc5b3a7\System.Windows.Input.Manipulations.ni.dll
+ 2012-05-16 07:14 . 2012-05-16 07:14 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\8c0ee7b970cc4e8c2986c7898af71661\System.Transactions.ni.dll
+ 2012-05-16 07:18 . 2012-05-16 07:18 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\85810fe277a718273eb946a460ae8010\System.ServiceProcess.ni.dll
+ 2012-05-16 07:17 . 2012-05-16 07:17 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\eb4fb369926faaffede7aaf317fd6532\System.ServiceModel.Channels.ni.dll
+ 2012-05-16 07:18 . 2012-05-16 07:18 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\e5ab3c37897bb578bdbfe6b7e0558ad8\System.ServiceModel.Routing.ni.dll
+ 2012-05-16 07:12 . 2012-05-16 07:12 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\e48b6a8c491a96d1bc601795532af605\System.Security.ni.dll
+ 2012-05-16 07:14 . 2012-05-16 07:14 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\7590828d50338d512b11a4d3f87d69a2\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-05-16 07:14 . 2012-05-16 07:14 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\21d5b44ef01ccfa69e79674a51707de0\System.Runtime.Remoting.ni.dll
+ 2012-05-16 07:12 . 2012-05-16 07:12 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\5f2bfb0585061dc256ee9587d430959f\System.Numerics.ni.dll
+ 2012-05-16 07:17 . 2012-05-16 07:17 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\6996a415485a84fef2d2556b0462336f\System.Net.ni.dll
+ 2012-05-16 07:17 . 2012-05-16 07:17 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\a3849a373beeb3509d8c22d5751dfad3\System.Messaging.ni.dll
+ 2012-05-16 07:17 . 2012-05-16 07:17 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\92d266f677605e5475b7f39c063c4a9d\System.Management.Instrumentation.ni.dll
+ 2012-05-16 07:17 . 2012-05-16 07:17 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\07a0e1efc063042be3e8faf62b413a12\System.IO.Log.ni.dll
+ 2012-05-16 07:17 . 2012-05-16 07:17 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\7fd39b9a208214e6e5eba4e9396409f1\System.IdentityModel.Selectors.ni.dll
+ 2012-05-16 07:14 . 2012-05-16 07:14 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\8e10d4f2a408dc5a9740f8d0df5cebac\System.EnterpriseServices.Wrapper.dll
+ 2012-05-16 07:12 . 2012-05-16 07:12 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\521f5bccf74318a4777597b0c01fda1e\System.Dynamic.ni.dll
+ 2012-05-16 07:17 . 2012-05-16 07:17 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\6a8bd7d373c988a585e90bb61c5ec8cc\System.DirectoryServices.Protocols.ni.dll
+ 2012-05-16 07:16 . 2012-05-16 07:16 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\78dd02d104bb15bc3820c06bd2876239\System.Device.ni.dll
+ 2012-05-16 07:16 . 2012-05-16 07:16 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\97d1aaf3733b107ecdbecb9d21050ff4\System.Data.DataSetExtensions.ni.dll
+ 2012-05-16 07:15 . 2012-05-16 07:15 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\c3d7a7ff58ff502887d8f1b77e61adbc\System.Configuration.Install.ni.dll
+ 2012-05-16 07:15 . 2012-05-16 07:15 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\a4f91f2dfd1656ef2e42917963f6bf50\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-16 07:15 . 2012-05-16 07:15 871936 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\b1c67ee2e0e6e78c31985069fbc82596\System.AddIn.ni.dll
+ 2012-05-16 07:15 . 2012-05-16 07:15 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\c69fb0f955adc7ca80cd5f2fd730edea\System.Activities.DurableInstancing.ni.dll
+ 2012-05-16 07:11 . 2012-05-16 07:11 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\11fc863fa4f5092fca4f2ce25a9ac361\SMSvcHost.ni.exe
+ 2012-05-16 07:14 . 2012-05-16 07:14 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\50e8e826488639e549589ba34666933e\SMDiagnostics.ni.dll
+ 2012-05-16 07:14 . 2012-05-16 07:14 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\722c0236432dd5ccc047481d3ebbd49e\PresentationFramework.Royale.ni.dll
+ 2012-05-16 07:14 . 2012-05-16 07:14 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\6739c3715c9e38dbdfbfd57b424a3094\PresentationFramework.Aero.ni.dll
+ 2012-05-16 07:14 . 2012-05-16 07:14 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\3e7359f5f0fb68565314f88f6ec2d67a\PresentationFramework.Luna.ni.dll
+ 2012-05-16 07:14 . 2012-05-16 07:14 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\263748f3d18955b9e467710da1e8546f\PresentationFramework.Classic.ni.dll
+ 2012-05-16 07:12 . 2012-05-16 07:12 422912 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\6493bbb60833072904ad141a5a4d08ac\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-05-16 07:12 . 2012-05-16 07:12 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\6480551111832c83ee88bcf756a72533\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-16 07:11 . 2012-05-16 07:11 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\0e81a3996f7cbff23fc01bea4185a918\CustomMarshalers.ni.dll
+ 2012-05-16 07:21 . 2012-05-16 07:21 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ede3b9144bc31da0eaaf86c7b6a9eaaa\WindowsFormsIntegration.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\0a80fd3af7e48eb9cc9099fee5814dff\UIAutomationTypes.ni.dll
+ 2012-05-16 07:21 . 2012-05-16 07:21 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\7a9f70fa774076a7ec19bc03e7064d0d\UIAutomationClient.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\c477bbff1e4662263255a1bf17bd9c2a\System.Windows.Input.Manipulations.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\67a386434938003bceb0752e979dabb3\System.Transactions.ni.dll
+ 2012-05-16 07:21 . 2012-05-16 07:21 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\35da2da22db8fde344d9e17b20a91816\System.ServiceProcess.ni.dll
+ 2012-05-16 07:21 . 2012-05-16 07:21 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\dc86fe1c7a6e3a7ce9e9c1f13d9b1e8e\System.ServiceModel.Routing.ni.dll
+ 2012-05-16 07:07 . 2012-05-16 07:07 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\5a3beae8b211b91bfc620c029cf4c2d4\System.Security.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\5a4d233916a69d48fa12a9f7f103d893\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\65f0d70169a0e73b45307dddbd86f92b\System.Runtime.Remoting.ni.dll
+ 2012-05-16 07:07 . 2012-05-16 07:07 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\7b7719d46a4da2e91e8c501347e48ab9\System.Numerics.ni.dll
+ 2012-05-16 07:20 . 2012-05-16 07:20 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\dd25ddcfa0417d40e3f1385e30abcd6f\System.Net.ni.dll
+ 2012-05-16 07:20 . 2012-05-16 07:20 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\87f2fdf92547c337644f4db30caa63e3\System.Messaging.ni.dll
+ 2012-05-16 07:20 . 2012-05-16 07:20 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\08397796343d5730a29f42e61c7f6ee7\System.Management.Instrumentation.ni.dll
+ 2012-05-16 07:20 . 2012-05-16 07:20 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\ff1250d2409bd16283c423650d6fd3f6\System.IO.Log.ni.dll
+ 2012-05-16 07:20 . 2012-05-16 07:20 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\e60675d3ba7fa94924489dc8466ebff5\System.IdentityModel.Selectors.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.Wrapper.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.ni.dll
+ 2012-05-16 07:07 . 2012-05-16 07:07 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\a9b1e597aaa263dea2cf8754440bd271\System.Dynamic.ni.dll
+ 2012-05-16 07:20 . 2012-05-16 07:20 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\e41e86da56bb60523251e0e08210a77b\System.DirectoryServices.Protocols.ni.dll
+ 2012-05-16 07:20 . 2012-05-16 07:20 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\94d45f7f28d81304d7fa83bcea849141\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-16 07:20 . 2012-05-16 07:20 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\4c50d8a951546d6dffdc8bcb23f47a7b\System.Device.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\7803f4398a527a87d5cace8023e93e8b\System.Data.DataSetExtensions.ni.dll
+ 2012-05-16 07:07 . 2012-05-16 07:07 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\977c7c2badf6a9059ba8371a0f645fc8\System.Configuration.Install.ni.dll
+ 2012-05-16 07:07 . 2012-05-16 07:07 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\877ef74350e6d374ca8f80b489a8cc8e\System.ComponentModel.Composition.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\4330e93f9d0ef85f1a972e11c2ac5156\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 624128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\0c67d9fc14856eb7d8b4e405aef79960\System.AddIn.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\2b046f2d5f056b906d7b25b75ca23575\System.Activities.DurableInstancing.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\4847f66153121ec4ed532909f7c152be\SMSvcHost.ni.exe
+ 2012-05-16 07:19 . 2012-05-16 07:19 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ef6e3eb351fe12a5766be7c956c35d95\PresentationFramework.Classic.ni.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e49a124fdad0f1db135f03a49f18fb48\PresentationFramework.Royale.ni.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\141f0a8fbfb83604fa3dd43dbe8fa0f4\PresentationFramework.Luna.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\a604989c1d4b14505e020b7d015cacbd\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\01c5ff7a1ea0463414736df5d449e0a9\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\f11d5fea7ded12068e8cdb8b2f1bdbd9\CustomMarshalers.ni.dll
+ 2012-05-16 07:38 . 2012-05-16 07:38 208384 c:\windows\assembly\NativeImages_v2.0.50727_64\XPBurnComponent\0567f133d666a20118567fae9e638e85\XPBurnComponent.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\3fbaee209e13d65183d2d802cf053f10\WsatConfig.ni.exe
+ 2012-05-16 07:44 . 2012-05-16 07:44 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\886c50212ca6df7af595db7a064dcf5f\WindowsFormsIntegration.ni.dll
+ 2012-05-16 07:34 . 2012-05-16 07:34 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\f0e602dd94327e6eea126e72cb24c4a3\UIAutomationTypes.ni.dll
+ 2012-05-16 07:34 . 2012-05-16 07:34 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\ef1cc397129c81ecb60431633b7d6f94\UIAutomationProvider.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 653312 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\2adb36011c54ef24dff70bef5e31a71a\UIAutomationClient.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\c7f75a753decf48756decba7a49bb76c\TaskScheduler.ni.dll
+ 2012-05-16 07:43 . 2012-05-16 07:43 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\b0bc5a1ed5648bbe61d4ceb1b4bde03d\System.Xml.Linq.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\589c5c722cae4122c8643c9b028d3212\System.Web.Routing.ni.dll
+ 2012-05-16 07:36 . 2012-05-16 07:36 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\9a541383d78143dc386512b092cb58a9\System.Web.RegularExpressions.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\0db8a7c8fae88d5e8d3fae1787f01c43\System.Web.Entity.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\793107042814869ffcf96bb21af5a5c1\System.Web.Entity.Design.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\a40d32e42e3aab08e4bc2fc2cddcee24\System.Web.DynamicData.ni.dll
+ 2012-05-16 07:43 . 2012-05-16 07:43 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\74564af483830e4898d9acf98b14aaa1\System.Web.Abstractions.ni.dll
+ 2012-05-16 07:35 . 2012-05-16 07:35 921600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\348482b8eb60eb9595a313ed706fa074\System.Transactions.ni.dll
+ 2012-05-16 07:36 . 2012-05-16 07:36 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\71f666396537e860a5ebccc6923b99cd\System.ServiceProcess.ni.dll
+ 2012-05-16 07:33 . 2012-05-16 07:33 928768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\3fbac653667adb06ac98561f57049751\System.Security.ni.dll
+ 2012-05-16 07:34 . 2012-05-16 07:34 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\3805923cd6a0d7c9c4c872c1ede4619d\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-05-16 07:43 . 2012-05-16 07:43 916480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\c944f6d1355c8e02be1b6adb9022efd8\System.Net.ni.dll
+ 2012-05-16 07:39 . 2012-05-16 07:39 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\d52b2623571f82c20cc8c6fe8e162a4a\System.Messaging.ni.dll
+ 2012-05-16 07:43 . 2012-05-16 07:43 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\27bb4472bb5e4fe714126010e7c615ca\System.Management.Instrumentation.ni.dll
+ 2012-05-16 07:43 . 2012-05-16 07:43 569344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\beb72e4d0964165386096323e4494003\System.IO.Log.ni.dll
+ 2012-05-16 07:39 . 2012-05-16 07:39 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\0e83d3c8f7e6295055548caa2a1a3743\System.IdentityModel.Selectors.ni.dll
+ 2012-05-16 07:35 . 2012-05-16 07:35 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\b48bd4bfbc25e5fb2b6bbc0627bb7aad\System.EnterpriseServices.Wrapper.dll
+ 2012-05-16 07:36 . 2012-05-16 07:36 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\b7b3b4681359f5ced9d65e88d09a81f6\System.Drawing.Design.ni.dll
+ 2012-05-16 07:36 . 2012-05-16 07:36 649728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\3d2da45f50b57ab5871ff32fa9a0fa71\System.DirectoryServices.Protocols.ni.dll
+ 2012-05-16 07:43 . 2012-05-16 07:43 493056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\c1999d1e18a7c62be8765f97398c1b7c\System.Data.Services.Design.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\2e18ba464979573aa3dcf04e07e79d87\System.Data.DataSetExtensions.ni.dll
+ 2012-05-16 07:36 . 2012-05-16 07:36 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\58d7e28f550aa89ebc5046b960525b46\System.Configuration.Install.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\3de11837ee6fc7bda6f50bdc8eed68ce\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-16 07:37 . 2012-05-16 07:37 890880 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\eb850c90fad10f90fa495be2efa5d8ec\System.AddIn.ni.dll
+ 2012-05-16 07:37 . 2012-05-16 07:37 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\236fe667af3ca016ae66a5b08fb94bd8\System.AddIn.Contract.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\9cf7f4430b8c379ca9bfe4428932af5e\sysglobl.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\510283052ba3df05080787d71eb6fa31\SMSvcHost.ni.exe
+ 2012-05-16 07:39 . 2012-05-16 07:39 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\97ef3ca694f50f101c0b369e3c3528cc\SMDiagnostics.ni.dll
+ 2012-05-16 07:36 . 2012-05-16 07:36 279040 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\dc82ea5f368056cb5340c270bb75becb\PresentationFramework.Classic.ni.dll
+ 2012-05-16 07:36 . 2012-05-16 07:36 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\76933856fb4dd9f9cf17136aac2ca38c\PresentationFramework.Luna.ni.dll
+ 2012-05-16 07:36 . 2012-05-16 07:36 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\5a95213214431ffa96c6e4dbfa36345e\PresentationFramework.Aero.ni.dll
+ 2012-05-16 07:36 . 2012-05-16 07:36 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\57138d0d992b152869c9bb250e9d3735\PresentationFramework.Royale.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\7a6aa6677bc211e2099940c2e7efb750\napsnap.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\9f0fd74c37ad79dc7d5cd30026223c97\napinit.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 175104 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\4a034fcf374482db0b2cb8a7f661608c\naphlpr.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 127488 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\41854d8487d49fad7f177425b6c781f7\napcrypt.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\02fa94543dd6ba737d98562e9a42e519\MSBuild.ni.exe
+ 2012-05-16 07:41 . 2012-05-16 07:41 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\85e4c8805347480c7a1b97f3fba54293\MMCFxCommon.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 681472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\d4a321be6b1775b27e878d5866ac9b6d\Microsoft.WSMan.Management.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\bdfc36a270290eeff2dfa72949ff20ca\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-05-16 07:38 . 2012-05-16 07:38 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\915c41bb932618c4abf94b123df9ceae\Microsoft.Vsa.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\b90d3fa08fb2f482ec06283b20bf4525\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-16 07:38 . 2012-05-16 07:38 226304 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Practices#\e6bacf3c841c4df3f2dc52b9e4214d08\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll
+ 2012-05-16 07:38 . 2012-05-16 07:38 451584 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Practices#\55d9c740edfed67152f67663380d824f\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll
+ 2012-05-16 07:38 . 2012-05-16 07:38 436736 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Practices#\1a0324ab09d0224e7532448f669b1f58\Microsoft.Practices.ObjectBuilder.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 237056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\f50a903783750e4c093cbf105f334ead\Microsoft.PowerShell.Security.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\65d6ad0aa6d85a25d2840ab5f7d7405c\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\3acefb890be23403069123754db8a8d1\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\2708d6ea3f3db7891db1a609018064d8\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-05-16 07:40 . 2012-05-16 07:40 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\fe529847ae6fd62b1ef4e0ce5ab14569\Microsoft.MediaCenter.Sports.ni.dll
+ 2012-05-16 07:40 . 2012-05-16 07:40 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\62e3cbb17abebaf9ea084cffb9fab0b7\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-05-16 07:40 . 2012-05-16 07:40 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\4817b5f63709e4dbf02cfa2f1fbf68dd\Microsoft.MediaCenter.Interop.ni.dll
+ 2012-05-16 07:40 . 2012-05-16 07:40 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\29c42a85dce9c813e64c8c7e7c1a713c\Microsoft.MediaCenter.Playback.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\14b89978817f3f74a7f5964f21d78ef0\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\10492ed390f72165b7701b0b209f41b1\Microsoft.MediaCenter.Mheg.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\0e7cbd0361f32288ba6d9010608fffb9\Microsoft.MediaCenter.iTv.Media.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 797696 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\982b45a798752360cc28a6bd40b439fa\Microsoft.ManagementConsole.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\6f1c7692333bbe4aba03d4c68cd56210\Microsoft.Build.Utilities.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 244224 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\05ab0f916af911347d5b7fda20fab3e3\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\a92742de12c5358a722d9b81f4c93f8b\Microsoft.Build.Framework.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\4d843288146d5c6ddcd942e1d68b510b\Microsoft.Build.Framework.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\9435c4788924ed688417b3087ff5cdd2\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-05-16 07:38 . 2012-05-16 07:38 331776 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\16d01862bde8b0bec27af9e3346f8209\Microsoft.ApplicationBlocks.Updater.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 107520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\1302272bd95a6d5bbeaf3e1a832f2552\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\d0c9c13cbeb5e9d29c3300c7dc6ad18f\Mcx2Dvcs.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\b65913a9eb492b4ec40363f59badb1cb\mcupdate.ni.exe
+ 2012-05-16 07:40 . 2012-05-16 07:40 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\6de88da68ff92581d1bce3deaa25d9c0\mcstoredb.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\d77784d57cde949b3d0314f70b724120\mcplayerinterop.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\c35cda7fc41b48607b9c85a956fc39d6\mcGlidHostObj.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\07d8613ab03648bcfed976e469523541\MCESidebarCtrl.ni.dll
+ 2012-05-16 07:38 . 2012-05-16 07:38 660992 c:\windows\assembly\NativeImages_v2.0.50727_64\Interop.WUApiLib\19b52fcc63d4525c601109defcfff247\Interop.WUApiLib.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\6ac6c70eca79dc3d803241ae6b8c4911\EventViewer.ni.dll
+ 2012-05-16 07:40 . 2012-05-16 07:40 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\80ae3deb3ce5b39e8134838689f5e616\ehRecObj.ni.dll
+ 2012-05-16 07:40 . 2012-05-16 07:40 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\81a510ea5fd14aa30ff41d4fc7f74161\ehiWUapi.ni.dll
+ 2012-05-16 07:40 . 2012-05-16 07:40 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\608233581ceee7892045ebae25b48248\ehiwmp.ni.dll
+ 2012-05-16 07:40 . 2012-05-16 07:40 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\0ff5bc978a9279d484cdf59d919e60df\ehiUserXp.ni.dll
+ 2012-05-16 07:40 . 2012-05-16 07:40 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\75957f1e4c465eb8053fb9f235c5c696\ehiiTv.ni.dll
+ 2012-05-16 07:40 . 2012-05-16 07:40 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\165c31078ab64ffe338512b778f3a645\ehiExtens.ni.dll
+ 2012-05-16 07:40 . 2012-05-16 07:40 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\097208918b41f71a55e52cf2e8a14b9e\ehiBmlDataCarousel.ni.dll
+ 2012-05-16 07:40 . 2012-05-16 07:40 126976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\e59e98a748cfb940f1ec7032d0d634c9\ehiActivScp.ni.dll
+ 2012-05-16 07:39 . 2012-05-16 07:39 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\31d694b6e7f85c1ef3548b8b8e643dfd\ehExtHost.ni.exe
+ 2012-05-16 07:39 . 2012-05-16 07:39 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\f5cd36f9696a44997ffb61cc38067006\ehCIR.ni.dll
+ 2012-05-16 07:38 . 2012-05-16 07:38 453632 c:\windows\assembly\NativeImages_v2.0.50727_64\DriversHQ.DriverDet#\b2676e4534f60dd475744708e01f0a4b\DriversHQ.DriverDetective.Common.ni.dll
+ 2012-05-16 07:38 . 2012-05-16 07:38 537600 c:\windows\assembly\NativeImages_v2.0.50727_64\DriversHQ.DriverDet#\7b45c988dc6db1164d517836f1a0cdda\DriversHQ.DriverDetective.Client.Communication.ni.dll
+ 2012-05-16 07:38 . 2012-05-16 07:38 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\DriversHQ.DriverDet#\685e637e65d79f9a87e3322a1591c7de\DriversHQ.DriverDetective.ExceptionLogging.ni.dll
+ 2012-05-16 07:39 . 2012-05-16 07:39 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\e7e8991e9dfce879c22b2647edb72287\CustomMarshalers.ni.dll
+ 2012-05-16 07:38 . 2012-05-16 07:38 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\bad60d21de09740f3c2a498fa4aaa7b0\ComSvcConfig.ni.exe
+ 2012-05-16 07:38 . 2012-05-16 07:38 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\a7fd2038556fca7f411cf6f0a62c1671\BDATunePIA.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\7147f05323513c402a48573eecb8cac7\XPBurnComponent.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2aac794e7890acc1a1430e065e16b31a\WsatConfig.ni.exe
+ 2012-05-16 07:45 . 2012-05-16 07:45 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\b9dc7a6e382fd0d26176c58ecce0ba09\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fa2f3625c3b5ee3a8d448f0c670fcff3\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ee010540c4ed2ecc3f9cdd848d25afb1\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e040c9e32d2b6ec6aab2e0d55df8642a\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c7d1f7b40c3e926235de0b3a5b9c333a\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 374272 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b1f51c1ca821dc30de115903fa3ff89f\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 890880 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a8bb95de06e77c96568a217d737ed051\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9423cdd3034e4b9f28d15b8bb16b81f5\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\92e2ce445600ffad38256d36b3ee4b77\WindowsLive.Writer.Api.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\708342fbde17b6e9869d3ecf2520ebbd\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 156672 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\66d9e139e0f27e9b1e27158fd87ee00a\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4aa77cc1279580e3da0797a02ada88f1\WindowsLive.Writer.Interop.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 780288 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\44bfec6d459d794b7f0e8ddee22edb98\WindowsLive.Writer.Controls.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2aeadf3af88f0b1c4e7096415a15b529\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\26ba2702eaf0d1badfa87109c5a13ddc\WindowsLive.Writer.Instrumentation.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 223232 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\8f957e9088d35be4757139a607fbab89\WindowsLive.Client.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\38c7b1199d544eeec3e4df39e1b8125a\WindowsFormsIntegration.ni.dll
+ 2012-05-16 07:31 . 2012-05-16 07:31 185344 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\5e398c245811fe932ce6bcf68664e307\UIAutomationTypes.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\42378a09ba2a003848de7d2cfeb1c56a\UIAutomationClient.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\816210dd625e1f83fdc4c390c05eaa39\TaskScheduler.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\496033ebd93c3381e4ba09486bf23cc3\System.Xml.Linq.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\fd3d5330dcbb6008e561c8e08dda3f3b\System.Web.Routing.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\e6a25bb61babf2ad6d6fa3256a2ea41a\System.Web.RegularExpressions.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\521b21223611de894d88c24d70bfec1e\System.Web.Extensions.Design.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\11b452b0f0e9e6c5b84cbf4b9e0b2906\System.Web.Entity.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\287413c3a7948acc8b32770f738ac24d\System.Web.Entity.Design.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\c7b032f865f68d8ed7134d15f5f9ff18\System.Web.DynamicData.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\2f6d1381e071c6d15efe6b33a762817a\System.Web.Abstractions.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\61fbbd8bc7d76972115b292b132ff2d1\System.Transactions.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\49ed832fa09c702258b6ed873c485428\System.ServiceProcess.ni.dll
+ 2012-05-16 07:31 . 2012-05-16 07:31 680960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\61af058c2bc079f28397a29ed145fbc7\System.Security.ni.dll
+ 2012-05-16 07:31 . 2012-05-16 07:31 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\35fcbda2532ece23d09a044aa2ef62a4\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\cd8ad97063680071342f13d12376fd17\System.Net.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\44cdbda89fda50d3ae4ef0062d871d7e\System.Messaging.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 997888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\c9986072b91eb63728d4843ae798e121\System.Management.Instrumentation.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\870427539c6829f750490719470bfa22\System.IO.Log.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\f93d41cf41160cc660aea5eb8be181d6\System.IdentityModel.Selectors.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\558fa6c6131f14af258f94291a5d19d6\System.EnterpriseServices.Wrapper.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\558fa6c6131f14af258f94291a5d19d6\System.EnterpriseServices.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aad1941e0b3bd9cf27abd9a5c6aa4e43\System.Drawing.Design.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 887808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\bbede691e8386ac49379edad37eb7e3c\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\77fb2ee5038b95bb20353a305918df9e\System.DirectoryServices.Protocols.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 946176 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\4c7d1e5492f79ac7217577e45a06f559\System.Data.Services.Client.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 356864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\35dfab6426c2a64cae53944e19623dca\System.Data.Services.Design.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 762880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\71d6318c39c6ee8abb7c3ae61cf2fd4f\System.Data.Entity.Design.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4f1cef2fd7b12da72654f2522f169d2e\System.Data.DataSetExtensions.ni.dll
+ 2012-05-16 07:31 . 2012-05-16 07:31 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f96bc91c85c7aafc6cc0f04742359564\System.Configuration.Install.ni.dll
+ 2012-05-16 07:37 . 2012-05-16 07:37 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\db477bc003958f524c72bc30040f0899\System.AddIn.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\51f227c6d989cd851b46ac157df263a3\sysglobl.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4bc345ee664ca736a30a7fafd8c5a16c\SMSvcHost.ni.exe
+ 2012-05-16 07:45 . 2012-05-16 07:45 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\26a852935ab27c328a148effb43a76bf\SMDiagnostics.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fcdfda3443709bbe8d0a44cf2e0e1660\PresentationFramework.Classic.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d85fc1508cff1e635f87b4afb4f4cc9a\PresentationFramework.Luna.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\056f7ed4e914569f97b47631c0ade534\PresentationFramework.Royale.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\c06cabe7cc72d1f18bb454f6f4e1c124\napsnap.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\7ca76665c67d005c42b36ee5fa780eee\napinit.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\5de0fa9a3f84bad3c0827c3f77387c25\naphlpr.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\b31fec98f29b3530a72c044d36c88cfa\MSBuild.ni.exe
+ 2012-05-16 07:45 . 2012-05-16 07:45 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\2c915521c7e4dbe76780d123d1f8d259\MMCFxCommon.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 531456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\530aebd2f4fb78e463e4622b53fa1d29\Microsoft.WSMan.Management.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\0329bf8cfafd687cee2b2d682d182ce9\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 148992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\ffb263e957668c76fdb88e1ba034230d\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 308736 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\e97a98b287bb786ed935e9ad38813d67\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 303616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\5192a980fe0979f9fd6c03640664e0c2\Microsoft.Practices.ObjectBuilder.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ec25dcf853949dc1b1055f0a8d3d3817\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d664a2c965541177d610a2deffd28a29\Microsoft.PowerShell.Security.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 785920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d3719732987a18c70428002240fa0271\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\83032d78b29cd09caf0ef69d05d33cd3\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6140e4423431468afff328b69276bd43\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\56c4103033df8fc653ada2246689cecc\Microsoft.ManagementConsole.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a3163f28829b22e3ae962dbaa9216028\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4e130bab9541f548007f649552225772\Microsoft.Build.Utilities.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c617adec91d29b55d0690ace389d1b46\Microsoft.Build.Engine.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\aa7fe29b3123fc147df14c38b18aed9d\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 230400 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\732a31d2913e0652eca4888cf1790398\Microsoft.ApplicationBlocks.Updater.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\6b3830a6c3f619389a49d05164a9306f\mcstoredb.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WUApiLib\947b3df1a43bff9b6c6ffc2526a172c2\Interop.WUApiLib.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\30b555c6b4d92466e6b08b3f23044af1\EventViewer.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\44cb15eb402bd0ca508daca85020225a\ehRecObj.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 875520 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\ae72fa5ad8bbb6651ebe2c56dabbd193\ehiVidCtl.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 442880 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\f627a0274101e3dae80ddcde40885795\ehiProxy.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\b052b90444da59b2ebd1d6485cf49605\ehiExtens.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\237b3740b5aa69cf33124f3d7623b706\ehExtHost32.ni.exe
+ 2012-05-16 07:44 . 2012-05-16 07:44 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\7f39bb27fd8db92f9b3b7d18c50cb782\DriversHQ.DriverDetective.Common.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 378368 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\0b52292a3388b2f80283a142def3ebe0\DriversHQ.DriverDetective.Client.Communication.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\1435db5dea878f59191dc112a40e2185\CustomMarshalers.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\1d948af5bf966ad1277936a6e30f91e3\ComSvcConfig.ni.exe
+ 2012-05-16 07:44 . 2012-05-16 07:44 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\7ac2fa31914eca722b63ebd994550211\BDATunePIA.ni.dll
+ 2012-05-15 19:45 . 2012-04-06 00:49 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2009-07-13 21:10 . 2009-06-10 21:14 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-05-15 19:46 . 2012-04-06 00:49 532480 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2009-07-14 00:35 . 2009-06-10 21:14 532480 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2009-07-14 01:01 . 2009-06-10 20:30 357376 c:\windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-15 19:46 . 2012-04-06 00:45 357376 c:\windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2009-07-14 00:35 . 2009-06-10 21:14 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-15 19:46 . 2012-04-06 00:49 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2009-07-14 00:03 . 2009-07-14 01:41 1402880 c:\windows\system32\spool\drivers\x64\3\JNWDRV.dll
+ 2012-05-15 19:44 . 2012-04-02 05:24 1402880 c:\windows\system32\spool\drivers\x64\3\JNWDRV.dll
- 2009-07-14 04:45 . 2012-05-15 19:39 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-05-16 07:33 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-12-20 16:03 . 2012-05-16 07:29 1184568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1933807018-2255335940-2543778444-1009-8192.dat
- 2011-12-20 16:03 . 2012-05-16 02:26 1184568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1933807018-2255335940-2543778444-1009-8192.dat
+ 2010-01-10 21:56 . 2012-05-16 13:24 1848528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1933807018-2255335940-2543778444-1000-8192.dat
+ 2012-01-19 17:08 . 2012-01-19 17:08 1369872 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsBase.dll
+ 2012-01-19 17:08 . 2012-01-19 17:08 6429992 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.dll
+ 2012-01-19 17:52 . 2012-01-19 17:52 3825952 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationCore.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 5029160 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll
- 2011-11-22 02:31 . 2011-11-22 02:31 3512072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 3512072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
+ 2011-12-15 18:01 . 2011-12-15 18:01 4970768 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
- 2011-11-22 03:57 . 2011-11-22 03:57 4970768 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
+ 2011-12-15 18:01 . 2011-12-15 18:01 1455376 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll
- 2011-11-22 03:57 . 2011-11-22 03:57 1455376 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll
- 2011-11-22 03:57 . 2011-11-22 03:57 1515792 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll
+ 2011-12-15 18:01 . 2011-12-15 18:01 1515792 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll
+ 2011-12-15 18:01 . 2011-12-15 18:01 1512712 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
+ 2011-12-15 18:01 . 2011-12-15 18:01 9793280 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
- 2011-11-22 03:57 . 2011-11-22 03:57 9793280 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
+ 2012-05-15 19:45 . 2012-04-06 00:45 2255952 c:\windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll
+ 2012-05-12 17:06 . 2012-03-21 22:28 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
- 2011-06-29 18:23 . 2011-03-29 22:26 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
- 2012-02-15 05:14 . 2011-10-31 23:16 3182592 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2012-05-12 17:05 . 2012-01-04 02:48 3182592 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2012-05-15 19:45 . 2012-01-04 02:48 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
- 2011-10-13 04:19 . 2011-07-08 22:32 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
+ 2012-05-15 19:45 . 2012-01-04 02:48 1577744 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
+ 2012-05-15 19:45 . 2012-01-04 02:48 1765136 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll
+ 2012-01-19 17:08 . 2012-01-19 17:08 1369872 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll
+ 2012-01-19 17:08 . 2012-01-19 17:08 6429992 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll
+ 2012-01-19 17:08 . 2012-01-19 17:08 3790112 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 5029160 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 3512072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
- 2011-11-22 02:31 . 2011-11-22 02:31 3512072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
- 2011-11-22 02:31 . 2011-11-22 02:31 5201168 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 5201168 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 1143568 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
- 2011-11-22 02:31 . 2011-11-22 02:31 1143568 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-12-15 17:08 . 2011-12-15 17:08 6727424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
- 2011-11-22 02:31 . 2011-11-22 02:31 6727424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2012-05-15 19:45 . 2012-04-06 00:49 1737296 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
- 2011-06-29 18:23 . 2011-03-29 22:31 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-05-15 19:45 . 2012-03-21 22:29 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-05-15 19:45 . 2012-01-04 02:51 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2012-02-15 05:14 . 2011-10-31 23:17 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-05-15 19:45 . 2012-01-04 02:51 5917456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2012-05-15 19:45 . 2012-01-04 02:51 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2011-10-13 04:19 . 2011-07-08 22:35 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 5029160 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-04-12 07:07 . 2012-04-12 07:07 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 3825952 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-05-16 07:08 . 2012-05-16 07:08 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-04-12 07:06 . 2012-04-12 07:06 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-04-05 02:38 . 2012-04-05 02:38 2831360 c:\windows\Installer\a23717.msp
+ 2012-04-29 01:44 . 2012-04-29 01:44 9101824 c:\windows\Installer\a236fc.msp
+ 2012-04-29 01:44 . 2012-04-29 01:44 9586176 c:\windows\Installer\a236d5.msp
+ 2012-04-30 18:38 . 2012-04-30 18:38 5011456 c:\windows\Installer\a236b5.msp
+ 2012-04-05 02:38 . 2012-04-05 02:38 3620864 c:\windows\Installer\a23656.msp
+ 2012-03-15 06:24 . 2012-03-15 06:24 1795584 c:\windows\Installer\a2363b.msp
+ 2012-04-29 01:43 . 2012-04-29 01:43 8459264 c:\windows\Installer\a23607.msp
+ 2012-02-17 12:45 . 2012-02-17 12:45 2299392 c:\windows\Installer\a235ec.msp
+ 2010-01-26 00:00 . 2012-05-16 07:12 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-01-26 00:00 . 2012-04-12 07:04 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-01-26 00:29 . 2012-04-12 07:05 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-01-26 00:29 . 2012-05-16 07:12 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-01-26 00:29 . 2012-05-16 07:12 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2010-01-26 00:29 . 2012-04-12 07:05 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-05-16 07:12 . 2012-05-16 07:12 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\e41f5739292f4771c64a55940369efd2\WindowsBase.ni.dll
+ 2012-05-16 07:18 . 2012-05-16 07:18 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\6ee9d76d9f1e618cd6fb94b13355bcc9\UIAutomationClientsideProviders.ni.dll
+ 2012-05-16 07:12 . 2012-05-16 07:12 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\28ca4f076264ab07f1d00a6c9623dc49\System.Xml.ni.dll
+ 2012-05-16 07:14 . 2012-05-16 07:14 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\df013cbfec0defc7e9997cdaa90b89bc\System.Xaml.ni.dll
+ 2012-05-16 07:18 . 2012-05-16 07:18 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\9e50e3bca6cb19f9acab815d46f5e7e5\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-05-16 07:18 . 2012-05-16 07:18 2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\bc6df78c506c89659ab7be738179b2ba\System.Web.Services.ni.dll
+ 2012-05-16 07:18 . 2012-05-16 07:18 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\cd7c3aed4408c3554c30a8f0236b90e1\System.Speech.ni.dll
+ 2012-05-16 07:17 . 2012-05-16 07:17 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\94289b88c5b494f572cd7114fa995487\System.ServiceModel.Activities.ni.dll
+ 2012-05-16 07:18 . 2012-05-16 07:18 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\2dbc7aabd92cc0d470acb455c498d919\System.ServiceModel.Discovery.ni.dll
+ 2012-05-16 07:14 . 2012-05-16 07:14 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\affb28e2d9cc3c19de0758e7e8c68e8f\System.Runtime.Serialization.ni.dll
+ 2012-05-16 07:14 . 2012-05-16 07:14 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\b37e6f4b1d742031f328504eb99d0f6c\System.Runtime.DurableInstancing.ni.dll
+ 2012-05-16 07:15 . 2012-05-16 07:15 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\682ea473b36fc9043d982c4f5a667568\System.Printing.ni.dll
+ 2012-05-16 07:17 . 2012-05-16 07:17 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\b83f2453b4538b2e80fe09cfd94dce00\System.Management.ni.dll
+ 2012-05-16 07:17 . 2012-05-16 07:17 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\60bf6251873ef465abcebeb9a24b7932\System.IdentityModel.ni.dll
+ 2012-05-16 07:14 . 2012-05-16 07:14 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\8e10d4f2a408dc5a9740f8d0df5cebac\System.EnterpriseServices.ni.dll
+ 2012-05-16 07:14 . 2012-05-16 07:14 2303488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\dadeee26c90fecbf3196eba10dc077b4\System.Drawing.ni.dll
+ 2012-05-16 07:16 . 2012-05-16 07:16 1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\a68116468a194678fd04167067134712\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-16 07:14 . 2012-05-16 07:14 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\3a737af86a6a819af97a6d1a04c0e944\System.DirectoryServices.ni.dll
+ 2012-05-16 07:14 . 2012-05-16 07:14 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\f20144fba069563333d0f6be2e0b6e06\System.Deployment.ni.dll
+ 2012-05-16 07:14 . 2012-05-16 07:14 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\0ec8effb7b9d03ae69d37922813bc880\System.Data.ni.dll
+ 2012-05-16 07:12 . 2012-05-16 07:12 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\0eb72df497fad5c273ff16f88b0fb950\System.Data.SqlXml.ni.dll
+ 2012-05-16 07:16 . 2012-05-16 07:16 1799168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\536e12016ad3adc78e0708b77e6b9219\System.Data.Services.Client.ni.dll
+ 2012-05-16 07:16 . 2012-05-16 07:16 3386368 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\86553c1d7f3e66c17fc3e0274de7a2de\System.Data.Linq.ni.dll
+ 2012-05-16 07:12 . 2012-05-16 07:12 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\6aea67f24827961ce1d48356715389d8\System.Configuration.ni.dll
+ 2012-05-16 07:15 . 2012-05-16 07:15 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\eac19ca5a18a6d08cd247e68b618ba68\System.ComponentModel.Composition.ni.dll
+ 2012-05-16 07:15 . 2012-05-16 07:15 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\3869077874ba987242c791b3a18b2f8b\System.Activities.ni.dll
+ 2012-05-16 07:15 . 2012-05-16 07:15 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\a7c19841c70fbce3b17ad3a46ee410d8\System.Activities.Presentation.ni.dll
+ 2012-05-16 07:15 . 2012-05-16 07:15 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\96083298999a677341c98fc2bf01b248\System.Activities.Core.Presentation.ni.dll
+ 2012-05-16 07:15 . 2012-05-16 07:15 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\fe1704ff12348776e6b70dd4a2c69163\ReachFramework.ni.dll
+ 2012-05-16 07:14 . 2012-05-16 07:14 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\b0b05b1ecbfb813474f685de13027585\PresentationUI.ni.dll
+ 2012-05-16 07:12 . 2012-05-16 07:12 1843712 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\a36cd27bd492b55a5f443a4b4029f569\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-05-16 07:12 . 2012-05-16 07:12 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\93536d93a44ce7d5a60faf1aeb55f49e\Microsoft.VisualBasic.ni.dll
+ 2012-05-16 07:12 . 2012-05-16 07:12 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\16425c121db8083cbaa51f619c9e51e7\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-05-16 07:12 . 2012-05-16 07:12 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\5284682fcf04815a86233bcaf696da66\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-16 07:17 . 2012-05-16 07:17 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\4b1d24a96b3882f9e77445e48a7c59ee\Microsoft.JScript.ni.dll
+ 2012-05-16 07:12 . 2012-05-16 07:12 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\1ff62486cdefbfc2dab41b686a9aa4e2\Microsoft.CSharp.ni.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\4b7adff986a085bb562222d0c5fdf5aa\WindowsBase.ni.dll
+ 2012-05-16 07:21 . 2012-05-16 07:21 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\24ed0e1df6a605cdb2088f87ae2ab8ff\UIAutomationClientsideProviders.ni.dll
+ 2012-05-16 07:07 . 2012-05-16 07:07 9091584 c:\windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
+ 2012-05-16 07:07 . 2012-05-16 07:07 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
+ 2012-05-16 07:21 . 2012-05-16 07:21 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\8ca12588b9ef54dbd02e607699fea6ae\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-05-16 07:21 . 2012-05-16 07:21 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b37cc0aa41e7feaba9f290da4da91d71\System.Web.Services.ni.dll
+ 2012-05-16 07:21 . 2012-05-16 07:21 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\f368c85283c4e6c9650dd1c8d369dcc5\System.Speech.ni.dll
+ 2012-05-16 07:21 . 2012-05-16 07:21 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ec057796972ce41b751eaa3a8306fbcb\System.ServiceModel.Discovery.ni.dll
+ 2012-05-16 07:21 . 2012-05-16 07:21 1393152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5055b60e339143bbace5871f5fe4b114\System.ServiceModel.Activities.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\bd371863e99082fa48cd630a73259448\System.Printing.ni.dll
+ 2012-05-16 07:20 . 2012-05-16 07:20 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll
+ 2012-05-16 07:20 . 2012-05-16 07:20 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\bd28f26b18b8ffeee1a0fbaa98f5810e\System.IdentityModel.ni.dll
+ 2012-05-16 07:07 . 2012-05-16 07:07 1665536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\0fe1e56d17858b6156a3a46330f75f27\System.DirectoryServices.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\75b4d98f7c7a434aff4e18cb724deae4\System.Deployment.ni.dll
+ 2012-05-16 07:07 . 2012-05-16 07:07 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll
+ 2012-05-16 07:07 . 2012-05-16 07:07 2550272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\fdb98c6d783fe167c1dc0022f27b7cd6\System.Data.SqlXml.ni.dll
+ 2012-05-16 07:20 . 2012-05-16 07:20 1343488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\b894a1df3e6d58ada8f1aa303465ca23\System.Data.Services.Client.ni.dll
+ 2012-05-16 07:07 . 2012-05-16 07:07 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\82c0c56ff8259e1440cfd0d5727a26d8\System.Data.Linq.ni.dll
+ 2012-05-16 07:07 . 2012-05-16 07:07 7069184 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 4129280 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\51025a1c89f6fd752a5396a059d608b2\System.Activities.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\ebdd265de5f0300069da5f64983eca82\System.Activities.Presentation.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 1546752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\66893548d2b2cad29cabf3b3578f356f\System.Activities.Core.Presentation.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\4b6c6c090a1bcfe70c056f6c7116e8a9\ReachFramework.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\ea5933189eb5f066028b6e7d27d1d797\PresentationUI.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 1139712 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\ebae0a4b7d3ae616b70417e6c778f48c\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\92694d06b9da1bff8e1722913a1d62bc\Microsoft.VisualBasic.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\42a7f127f3fda82fb12c6a6e144d08c1\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-05-16 07:19 . 2012-05-16 07:19 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\9a37f4e64ce5b856ac3892fef064c7de\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-16 07:20 . 2012-05-16 07:20 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\cfcc92c125ddfaabad24abe61cfc0471\Microsoft.JScript.ni.dll
+ 2012-05-16 07:07 . 2012-05-16 07:07 1616896 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\9912b6d76c1017b5af6ef24730f550ca\Microsoft.CSharp.ni.dll
+ 2012-05-16 07:33 . 2012-05-16 07:33 4927488 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\7cdb4f5d0ff25c672e52a333ee394bb8\WindowsBase.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 1458688 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\916d509de3e37ffe61381dc35ee84575\UIAutomationClientsideProviders.ni.dll
+ 2012-05-16 07:33 . 2012-05-16 07:33 6948864 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\c40cbbdf7af03daedb16f4d9ef1b6f5f\System.Xml.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 1817600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\40fce8294696001d3173082a7ed926cb\System.WorkflowServices.ni.dll
+ 2012-05-16 07:37 . 2012-05-16 07:37 2707456 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\47b1ab994a04ce5c86ebce127aee0cdc\System.Workflow.Runtime.ni.dll
+ 2012-05-16 07:37 . 2012-05-16 07:37 5955072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\3e5e0f85dbb392338bfbccdf1a422a81\System.Workflow.ComponentModel.ni.dll
+ 2012-05-16 07:36 . 2012-05-16 07:36 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\478bf65037218ac93aeabfe9be3618a8\System.Workflow.Activities.ni.dll
+ 2012-05-16 07:36 . 2012-05-16 07:36 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\fedfcde924e0675f0d54fdc9c99a384c\System.Web.Services.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\4f53b7366ae3155567199e9c5dafb3fa\System.Web.Mobile.ni.dll
+ 2012-05-16 07:43 . 2012-05-16 07:43 3043840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\dc09d79b9edef19b18625c52e043a33c\System.Web.Extensions.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\bd9d4f497a28d1b42339ec9794878619\System.Web.Extensions.Design.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\070cd8d59ce62cb6dc5d38b9fecd3858\System.Speech.ni.dll
+ 2012-05-16 07:43 . 2012-05-16 07:43 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\f486134488aa17c44b14af6038a5c8cf\System.ServiceModel.Web.ni.dll
+ 2012-05-16 07:39 . 2012-05-16 07:39 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\f37d2ca916cafdabe1c4f6f9c6b2c518\System.Runtime.Serialization.ni.dll
+ 2012-05-16 07:36 . 2012-05-16 07:36 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\17bf0932e5c6cb8ba59046456f13328d\System.Runtime.Remoting.ni.dll
+ 2012-05-16 07:35 . 2012-05-16 07:35 1453568 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\0723e51c552c452678f29554d765cdd1\System.Printing.ni.dll
+ 2012-05-16 07:38 . 2012-05-16 07:38 1408512 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\bc4eb71543857d07a7401eab3a93d412\System.Management.ni.dll
+ 2012-05-16 07:39 . 2012-05-16 07:39 1433088 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\8310af7cfed169c2e806347dfd31ed03\System.IdentityModel.ni.dll
+ 2012-05-16 07:35 . 2012-05-16 07:35 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\b48bd4bfbc25e5fb2b6bbc0627bb7aad\System.EnterpriseServices.ni.dll
+ 2012-05-16 07:34 . 2012-05-16 07:34 2317312 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\8636d00875c34d840f00ff2374042802\System.Drawing.ni.dll
+ 2012-05-16 07:43 . 2012-05-16 07:43 1229824 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\d0f7e6fad3bf0b055fa9b1d0e5d43305\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-16 07:35 . 2012-05-16 07:35 1640448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\09fa848feffe98e25571f12ba6533b71\System.DirectoryServices.ni.dll
+ 2012-05-16 07:34 . 2012-05-16 07:34 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\f78e7943cc7e0f345d12019c4301f618\System.Deployment.ni.dll
+ 2012-05-16 07:35 . 2012-05-16 07:35 8692736 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\d223792883556acb200a74d695a1c2c5\System.Data.ni.dll
+ 2012-05-16 07:33 . 2012-05-16 07:33 3461632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\e2bf05478288e42b7d5b3953303b43ea\System.Data.SqlXml.ni.dll
+ 2012-05-16 07:43 . 2012-05-16 07:43 1846272 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\027818d739a4d16c6c6a6d3a3f97d5ed\System.Data.Services.ni.dll
+ 2012-05-16 07:43 . 2012-05-16 07:43 1289728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\ce4bbe0a9167e14e22e97c188649ef95\System.Data.Services.Client.ni.dll
+ 2012-05-16 07:36 . 2012-05-16 07:36 1506816 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\a3f0cb65205bc8101de152a3049efa53\System.Data.OracleClient.ni.dll
+ 2012-05-16 07:43 . 2012-05-16 07:43 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\611d21d7fb315802ca1880a6f1c0b8b4\System.Data.Linq.ni.dll
+ 2012-05-16 07:43 . 2012-05-16 07:43 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\4aeeafaf88950db2b1412aa9c1dfc542\System.Data.Entity.Design.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\fb0a7c597f43ec6c1fa7eb5c1404cac3\System.Core.ni.dll
+ 2012-05-16 07:33 . 2012-05-16 07:33 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\dcadcfb938ccdd3f70859fdcdd329ec5\System.Configuration.ni.dll
+ 2012-05-16 07:35 . 2012-05-16 07:35 3101696 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\22acde7b46a9cad4b0436385c6b9903e\ReachFramework.ni.dll
+ 2012-05-16 07:35 . 2012-05-16 07:35 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\054482b553b27984bda24a4459d6b369\PresentationUI.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 1881088 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\42dad1fa286c2dfef840436e0117f195\PresentationBuildTasks.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\a740600cbaefec4afd8de70c1c75f572\Narrator.ni.exe
+ 2012-05-16 07:42 . 2012-05-16 07:42 2327040 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\3eb1397829aeb2408ff898acb33904fd\MMCEx.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 7966208 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\8b6194eeff2834f8f657a6ad70ced7f7\MIGUIControls.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\398a7f3447fe798b5d7a470748866c54\Microsoft.VisualBasic.ni.dll
+ 2012-05-16 07:39 . 2012-05-16 07:39 1598464 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\f0d782756caeea9306a63de672c6da6e\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 2175488 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\fc0dc8cdb3ee38e9a9eda92522ab1e3d\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\f99d492441caaf40f1825b2fb1bb018d\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b2a90c6f1e99fd284159c30dfe2f34e8\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 5351424 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\3f5c64a4319c2a6b34c47a37acbfc0e5\Microsoft.PowerShell.Editor.ni.dll
+ 2012-05-16 07:40 . 2012-05-16 07:40 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\cc1a3125cc25ececf6bdd96313e1b43d\Microsoft.MediaCenter.Shell.ni.dll
+ 2012-05-16 07:40 . 2012-05-16 07:40 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5940bb2af41ce045c35a68977ce3d1f6\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
+ 2012-05-16 07:39 . 2012-05-16 07:39 1516032 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\412abec4a101fce0b9e37d09b3829ddf\Microsoft.MediaCenter.ni.dll
+ 2012-05-16 07:40 . 2012-05-16 07:40 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\3b2137602ecc3ad77f6f1cb9fec8d935\Microsoft.MediaCenter.UI.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\0542d171e88a5d01c6f465d4d7cb2608\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-05-16 07:38 . 2012-05-16 07:38 3208192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\729baa115f5b270a3b161e72ef7f5351\Microsoft.JScript.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\725cc0ffc106eee638d854e0e6d841a2\Microsoft.Ink.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\e9c66f026559f5907afb717a7f419542\Microsoft.Build.Tasks.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 2677760 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\26582383c3f3fab9f2f302acfe9db979\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\dc5d8b624b01a2a1db10e4ed5be18b93\Microsoft.Build.Engine.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\3a40ad58fa2e38681f57c1f1e641e329\Microsoft.Build.Engine.ni.dll
+ 2012-05-16 07:40 . 2012-05-16 07:40 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\269c4d2e1d81702c829589ee2616f152\mcstore.ni.dll
+ 2012-05-16 07:40 . 2012-05-16 07:40 4086784 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\c83d93208a390e05a61e34216be32d35\mcepg.ni.dll
+ 2012-05-16 07:40 . 2012-05-16 07:40 2184192 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\5d36ff5947a27bcb6028b1341799f15d\ehiVidCtl.ni.dll
+ 2012-05-16 07:39 . 2012-05-16 07:39 1201664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\2260f0ed059f4db1564c6015bb1a591d\ehiProxy.ni.dll
+ 2012-05-16 07:38 . 2012-05-16 07:38 5633024 c:\windows\assembly\NativeImages_v2.0.50727_64\DriversHQ.DriverDet#\aa81a07ab8599e7f859724c75ddc4b20\DriversHQ.DriverDetective.Client.ni.exe
+ 2012-05-16 07:38 . 2012-05-16 07:38 1581056 c:\windows\assembly\NativeImages_v2.0.50727_64\DriversHQ.Common\a596111e971e177f3f7996a83e77cc61\DriversHQ.Common.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8484d523c38a7efd276ee3338e060963\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 7024640 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5b941ab52aa2ecc39b80098019dcb795\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 1284608 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3efc59e0040331857fa90ea4c785271e\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\319031a2ce550bba3eb041ead3d99791\WindowsLive.Writer.Localization.ni.dll
+ 2012-05-16 07:31 . 2012-05-16 07:31 3325952 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\7f102c92f212048da706c724d5809f12\UIAutomationClientsideProviders.ni.dll
+ 2012-05-16 07:31 . 2012-05-16 07:31 7952384 c:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
+ 2012-05-16 07:31 . 2012-05-16 07:31 5453312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\13796de8a54987bb81962fc88ebc5589\System.WorkflowServices.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 1914880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5200c29898fe3425993ac296aa658b46\System.Workflow.Runtime.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\7dcb5b6841443367e63641a90497efa0\System.Workflow.ComponentModel.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 2994688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\a0e8a6d93aeafe497170c27addc916e4\System.Workflow.Activities.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\d22418c5321007d35bb4fd24b45b1193\System.Web.Services.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5032e48a0c8aa274e94c7ffb4758ed41\System.Web.Mobile.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 2403840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\353f1fed8b73483d8701369165a801dd\System.Web.Extensions.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\f68d50b9cfb466c62939548433943b3f\System.Speech.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 1705984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\b744ac6047519b7b186db4d77a78ca0c\System.ServiceModel.Web.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3848d7865bda88a9e94e03480b5ada2f\System.Runtime.Serialization.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\7a14d8a3491b651ee388e888a86c3eee\System.Printing.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 8871936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\c9b40cfc4764cf4f9585897f6d2d6110\System.Management.Automation.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 1072128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\f77eb3dd20db5f2277636d4e700a2a2a\System.IdentityModel.ni.dll
+ 2012-05-16 07:31 . 2012-05-16 07:31 1590784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e65dbd1b68789fc21b9fb3c605b699a7\System.Drawing.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\027d378a0f7111c18fb687d2948088a9\System.DirectoryServices.ni.dll
+ 2012-05-16 07:31 . 2012-05-16 07:31 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\309eebf17dd056ae1ca53e043ba5761e\System.Deployment.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 6618624 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll
+ 2012-05-16 07:31 . 2012-05-16 07:31 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e8dd334aba14a540d9ac95e372564310\System.Data.SqlXml.ni.dll
+ 2012-05-16 07:47 . 2012-05-16 07:47 1328640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\30664d5f93b99eb6e51900ec8137909d\System.Data.Services.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\e05825b235c398d3148bbac51abab75d\System.Data.OracleClient.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\98bbe3c24de8dfbbfa6faa685fac7632\System.Data.Linq.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 9921024 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\e7f8e31dd8f015e08388619be47e632c\System.Data.Entity.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c366ebd7f33816762268154efc68176d\System.Core.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 2147328 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\5da719affe4a2b197bcbba58c3a539db\ReachFramework.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\2452f24ad176da2f23b3818cbaf55f99\PresentationUI.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 1449984 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\178be2ae406d87f35b4f22458af0d448\PresentationBuildTasks.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\dcdc552cdee180749bced4cccdb67ae8\Narrator.ni.exe
+ 2012-05-16 07:46 . 2012-05-16 07:46 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\abaeeaab7cef7f99e98de64782bb4429\MMCEx.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 6434304 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\593745afe5a5c7b6e23d0d91561fe1d1\MIGUIControls.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\0b49f79d0cc797b403f61bee47f078c5\Microsoft.VisualBasic.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 1092608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7f5335e134e48d154c8cc8aa5d1d9cce\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 1705472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6a81878ac094031e85d9b01001dee716\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\45e18183af9d6ffc68aade1906a693c2\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-05-16 07:46 . 2012-05-16 07:46 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3e9faf43d0c02f801560382ed3d74c40\Microsoft.PowerShell.Editor.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\8dde71da2dd70e02910501b55eba50b5\Microsoft.MediaCenter.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\60f6e71007b7619a8e8e924734a34112\Microsoft.MediaCenter.UI.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 2332672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\45c2fc4880b3ea85ee32d106553d5484\Microsoft.JScript.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\56430813a696f8928d5ef1e112b209a7\Microsoft.Ink.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\5360ec6a331552c16d419d384b4a333c\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\464cccd260644e399417fe52afadcd98\Microsoft.Build.Tasks.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\cf8b29164df493cae5121e9da162150a\Microsoft.Build.Engine.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\cf45e23d0b1d0df73a4f0c87b9f300d9\mcstore.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 3025920 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\9b8e2dfba66cb800d532e0f9596b336f\mcepg.ni.dll
+ 2012-05-16 07:44 . 2012-05-16 07:44 4675584 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\15eacc5453fcee5e5368e249c6683c01\DriversHQ.DriverDetective.Client.ni.exe
+ 2012-05-16 07:44 . 2012-05-16 07:44 1132032 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.Common\4dd1d86248bf710d1757dec1f4ef2d78\DriversHQ.Common.ni.dll
+ 2012-05-15 19:45 . 2012-04-06 00:49 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2010-06-23 19:43 . 2010-03-02 23:24 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-02-15 05:14 . 2011-10-31 23:17 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-05-15 19:45 . 2012-01-04 02:51 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-06-29 18:23 . 2011-03-29 22:31 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-05-15 19:45 . 2012-03-21 22:29 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-06-23 19:43 . 2010-03-02 23:24 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-05-15 19:45 . 2012-04-06 00:49 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-05-15 19:45 . 2012-04-06 00:45 2255952 c:\windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
+ 2012-05-15 19:45 . 2012-04-06 00:45 3997696 c:\windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-10-13 04:19 . 2011-07-08 22:32 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-05-15 19:45 . 2012-01-04 02:48 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-05-15 19:45 . 2012-04-06 00:49 1737296 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
- 2010-06-23 19:43 . 2010-03-02 23:24 4214784 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-05-15 19:45 . 2012-04-06 00:49 4214784 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-05-15 19:45 . 2012-01-04 02:51 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-13 04:19 . 2011-07-08 22:35 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-07-14 02:34 . 2012-05-16 03:30 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-05-16 07:44 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-01-11 00:33 . 2012-05-16 07:12 57848688 c:\windows\system32\MRT.exe
+ 2012-05-15 19:45 . 2012-01-04 02:48 10005264 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
+ 2012-01-19 18:20 . 2012-01-19 18:20 11997696 c:\windows\Installer\a236c3.msp
+ 2011-12-15 18:54 . 2011-12-15 18:54 39732736 c:\windows\Installer\a236a3.msp
+ 2012-05-16 07:01 . 2012-05-16 07:01 20343808 c:\windows\Installer\a235dc.msp
+ 2011-09-16 00:42 . 2011-09-16 00:42 18115432 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\WWLIB.DLL
+ 2012-05-16 07:06 . 2012-05-16 07:06 11880448 c:\windows\assembly\NativeImages_v4.0.30319_64\System\935aea6e7eae16674abdd96a68ec97af\System.ni.dll
+ 2012-05-16 07:15 . 2012-05-16 07:15 17353728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\401ebcc2dd54ce1e0d63a544f7ed7b8a\System.Windows.Forms.ni.dll
+ 2012-05-16 07:17 . 2012-05-16 07:17 24551936 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\c4cc7eb7733c4221c32caccfd66ae320\System.ServiceModel.ni.dll
+ 2012-05-16 07:16 . 2012-05-16 07:16 18479616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\9df4e7ae75baa7bbb1af30c8061a6e9b\System.Data.Entity.ni.dll
+ 2012-05-16 07:11 . 2012-05-16 07:11 10440192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\b64f213e823a591607c45fac4997801e\System.Core.ni.dll
+ 2012-05-16 07:14 . 2012-05-16 07:14 24407552 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\34c2013b5f730680bd610d6a98d2977f\PresentationFramework.ni.dll
+ 2012-05-16 07:13 . 2012-05-16 07:13 15908864 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\4464e9df7184e3393b4cbb0f6dc286ba\PresentationCore.ni.dll
+ 2012-05-16 07:06 . 2012-05-16 07:06 19353600 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\6087fce8f76d9af69af496cb10b7d1ee\mscorlib.ni.dll
+ 2012-05-16 07:07 . 2012-05-16 07:07 13197312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll
+ 2012-05-16 07:20 . 2012-05-16 07:20 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll
+ 2012-05-16 07:20 . 2012-05-16 07:20 13345792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\7aa839fb16503243d6ae454ab334bcf4\System.Data.Entity.ni.dll
+ 2012-05-16 07:10 . 2012-05-16 07:10 18000896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\041b1bcf6ae9ab58925791d8198c37e2\PresentationFramework.ni.dll
+ 2012-05-16 07:09 . 2012-05-16 07:09 11451904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a1de74c8d0dfd15e3246e5dd394013bf\PresentationCore.ni.dll
+ 2012-05-16 07:07 . 2012-05-16 07:07 14412800 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
+ 2012-05-16 07:33 . 2012-05-16 07:33 10605056 c:\windows\assembly\NativeImages_v2.0.50727_64\System\6ec488b702c100ad5d3e712db0e88554\System.ni.dll
+ 2012-05-16 07:34 . 2012-05-16 07:34 17382912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\25dda503f77f3786a3944794ece71d14\System.Windows.Forms.ni.dll
+ 2012-05-16 07:36 . 2012-05-16 07:36 15252992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\531db786f4ac5b7579d3628f641c34e4\System.Web.ni.dll
+ 2012-05-16 07:39 . 2012-05-16 07:39 23812096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\de361406af8223de5eaa109782ea8272\System.ServiceModel.ni.dll
+ 2012-05-16 07:42 . 2012-05-16 07:42 11898880 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\e8015a653e9913ada402b8361ced3d7e\System.Management.Automation.ni.dll
+ 2012-05-16 07:36 . 2012-05-16 07:36 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\f69aad54f3b9482d7ebf99b4f875e31c\System.Design.ni.dll
+ 2012-05-16 07:43 . 2012-05-16 07:43 13757952 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\b0920f4fb4f89400b383e2db88209bf5\System.Data.Entity.ni.dll
+ 2012-05-16 07:35 . 2012-05-16 07:35 19173376 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\a07c96ec1f80a7fc6707630e06a41a5b\PresentationFramework.ni.dll
+ 2012-05-16 07:34 . 2012-05-16 07:34 16517120 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\d996fe58d9df5844dc92c35c919ece21\PresentationCore.ni.dll
+ 2012-05-16 07:33 . 2012-05-16 07:33 15568896 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9a7b48ad2929bc93362ec42cd4573f87\mscorlib.ni.dll
+ 2012-05-16 07:41 . 2012-05-16 07:41 25462272 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\2c5f869682d8433bfb7d4852cef560a5\ehshell.ni.dll
+ 2012-05-16 07:31 . 2012-05-16 07:31 12433920 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90d42781d5b19478870e412f7b7c71eb\System.Windows.Forms.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 11824128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\82a4878fa9c3f8b634ad38909c99db7c\System.Web.ni.dll
+ 2012-05-16 07:45 . 2012-05-16 07:45 17400320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7900b4e8c860d8b4a3c1f98047c3c1a3\System.ServiceModel.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 10578432 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\4f666ac122e3aad29ca6f0a3703f18c6\System.Design.ni.dll
+ 2012-05-16 07:32 . 2012-05-16 07:32 14325760 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\06623b3ab0c6af2ebba43aa2fa0e211f\PresentationFramework.ni.dll
+ 2012-05-16 07:31 . 2012-05-16 07:31 12218880 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\43c26b0f01acc4b15423a49af278e1df\PresentationCore.ni.dll
+ 2012-05-16 07:31 . 2012-05-16 07:31 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files (x86)\Family Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
2010-02-18 07:37 221184 ----a-w- c:\program files (x86)\Family Toolbar\mhxpcomi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files (x86)\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-30 1689144]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-04 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe [2010-09-02 176408]
S2 X5XS64Ex;X5XS64Ex;c:\program files (x86)\Free Ride Games\X5XS64Ex.Sys [2009-08-19 51744]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 04:39]
.
2012-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 04:39]
.
2012-05-15 c:\windows\Tasks\HPCeeScheduleFordavid.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]
.
2012-05-15 c:\windows\Tasks\HPCeeScheduleForlynne.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]
.
2012-05-12 c:\windows\Tasks\Norton Security Scan for LYNNE.job
- c:\progra~2\NORTON~2\Engine\311~1.6\Nss.exe [2011-04-22 10:23]
.
2012-04-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1380584]
"combofix"="c:\combofix\CF16818.3XE" [2009-07-14 344576]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.myheritage.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files (x86)\Family Toolbar\mhxpcomi.dll
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} -
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-05-16 09:31:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-16 13:31
ComboFix2.txt 2012-05-16 04:11
.
Pre-Run: 86,202,249,216 bytes free
Post-Run: 86,016,061,440 bytes free
.
- - End Of File - - 9370F26EBDFEC0E1C512A46C0E9D0384


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-16 10:25:54
-----------------------------
10:25:54.569 OS Version: Windows x64 6.1.7600
10:25:54.569 Number of processors: 2 586 0x602
10:25:54.569 ComputerName: DAVID-PC UserName: david
10:25:56.503 Initialize success
10:26:10.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000051
10:26:10.046 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
10:26:10.046 Disk 0 MBR read successfully
10:26:10.046 Disk 0 MBR scan
10:26:10.061 Disk 0 unknown MBR code
10:26:10.061 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:26:10.077 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464611 MB offset 206848
10:26:10.108 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12227 MB offset 951730176
10:26:10.155 Disk 0 scanning C:\Windows\system32\drivers
10:26:16.457 Service scanning
10:26:28.298 Modules scanning
10:26:28.298 Disk 0 trace - called modules:
10:26:28.313 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
10:26:28.313 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bf3060]
10:26:28.828 3 CLASSPNP.SYS[fffff8800194c43f] -> nt!IofCallDriver -> [0xfffffa8003c8fc90]
10:26:28.828 5 ACPI.sys[fffff88000f4a781] -> nt!IofCallDriver -> \Device\00000051[0xfffffa80046b16c0]
10:26:28.828 Scan finished successfully
10:26:56.971 Disk 0 MBR has been saved successfully to "C:\Users\david\Desktop\MBR.dat"
10:26:56.971 The log file has been saved successfully to "C:\Users\david\Desktop\aswMBR.txt"



OTL logfile created on: 5/16/2012 10:29:00 AM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\david\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 61.82% Memory free
7.75 Gb Paging File | 6.08 Gb Available in Paging File | 78.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.72 Gb Total Space | 80.95 Gb Free Space | 17.84% Space Free | Partition Type: NTFS
Drive D: | 11.94 Gb Total Space | 2.17 Gb Free Space | 18.20% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: david | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/16 10:27:26 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\david\Downloads\OTL.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/16 03:44:55 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll
MOD - [2012/05/16 03:32:35 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll
MOD - [2012/05/16 03:32:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/16 03:32:19 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll
MOD - [2012/05/16 03:32:11 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\06623b3ab0c6af2ebba43aa2fa0e211f\PresentationFramework.ni.dll
MOD - [2012/05/16 03:31:51 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e65dbd1b68789fc21b9fb3c605b699a7\System.Drawing.ni.dll
MOD - [2012/05/16 03:31:49 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\5e398c245811fe932ce6bcf68664e307\UIAutomationTypes.ni.dll
MOD - [2012/05/16 03:31:48 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\43c26b0f01acc4b15423a49af278e1df\PresentationCore.ni.dll
MOD - [2012/05/16 03:31:39 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/05/16 03:31:34 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/16 03:31:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/16 03:31:30 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/16 03:31:23 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/04/04 20:52:24 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010/06/30 00:12:54 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/06/30 00:12:52 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/06/30 00:12:42 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/06/30 00:12:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/06/30 00:12:40 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/06/30 00:12:40 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/06/30 00:12:36 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/06/30 00:12:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/06/10 17:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/02 18:42:36 | 000,017,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/03/27 14:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/08 16:32:52 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/08/13 16:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/31 01:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{5BA5F6EE-0B24-4C4E-B239-9258741550EF}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{5BA5F6EE-0B24-4C4E-B239-9258741550EF}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheri...q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1933807018-2255335940-2543778444-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1933807018-2255335940-2543778444-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKU\S-1-5-21-1933807018-2255335940-2543778444-1000\..\SearchScopes,DefaultScope = {379290B3-8C7E-4127-921C-5C3C3371BE62}
IE - HKU\S-1-5-21-1933807018-2255335940-2543778444-1000\..\SearchScopes\{379290B3-8C7E-4127-921C-5C3C3371BE62}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKU\S-1-5-21-1933807018-2255335940-2543778444-1000\..\SearchScopes\{55CD823B-57C9-4386-AE62-23A6B673BE66}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKU\S-1-5-21-1933807018-2255335940-2543778444-1000\..\SearchScopes\{5BA5F6EE-0B24-4C4E-B239-9258741550EF}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1933807018-2255335940-2543778444-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7RNTM_en
IE - HKU\S-1-5-21-1933807018-2255335940-2543778444-1000\..\SearchScopes\{DDE0AF19-47DE-4867-86C6-D9F9B135E684}: "URL" = http://delicious.com...p={searchTerms}
IE - HKU\S-1-5-21-1933807018-2255335940-2543778444-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2012/05/16 09:25:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files (x86)\Family Toolbar\tbcore3.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (CMySite Class) - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files (x86)\Family Toolbar\mhxpcomi.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files (x86)\Family Toolbar\tbcore3.dll ()
O3:64bit: - HKU\S-1-5-21-1933807018-2255335940-2543778444-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1933807018-2255335940-2543778444-1000\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKU\S-1-5-21-1933807018-2255335940-2543778444-1000\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files (x86)\Family Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1933807018-2255335940-2543778444-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1933807018-2255335940-2543778444-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF4B6D31-8A27-4C04-9896-4C32350A8C15}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\inbox - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\mhtb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\rebinfo - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files (x86)\Family Toolbar\mhxpcomi.dll ()
O18 - Protocol\Handler\rebinfo {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebateI.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/16 10:21:07 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2012/05/16 09:31:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/16 09:25:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/05/16 00:14:36 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\david\Desktop\tdsskiller.exe
[2012/05/15 23:20:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/15 23:20:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/15 23:20:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/15 23:20:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/15 23:20:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/15 23:18:45 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{B823F57A-8728-4139-9B59-C1CCCB2C5637}
[2012/05/15 23:18:33 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{E9A022C1-0C03-4948-8D2E-32800815D8BB}
[2012/05/15 23:01:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/15 22:53:55 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{7D930604-4214-4433-BCCF-ABFEA9EBEF77}
[2012/05/15 22:53:43 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{786FE559-27DE-4AA3-BDDE-5CCFF7E8D4C2}
[2012/05/15 22:48:45 | 000,000,000 | ---D | C] -- C:\Users\david\Desktop\RK_Quarantine
[2012/05/15 22:34:08 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{DB300E95-2532-4EAF-B024-C2C0D3963B14}
[2012/05/15 22:33:46 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{12DD2567-29DC-4925-BCD8-6B313C4BD99F}
[2012/05/15 21:25:45 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{A8893EB1-4557-403A-8E89-D7A878877380}
[2012/05/15 21:25:33 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{B764E62B-D643-498D-844B-8E4C52790142}
[2012/05/15 20:06:42 | 000,000,000 | ---D | C] -- C:\Users\david\Desktop\virus fixing
[2012/05/15 19:54:11 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{3143E9B7-A263-4BC6-BC9F-6B91B4143C42}
[2012/05/15 19:53:59 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{23161939-FC30-452C-9C68-E0B3A32C18A8}
[2012/05/15 18:56:13 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{E5032266-DFDE-4B50-9212-5DCAE13414F1}
[2012/05/15 18:56:00 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{F7F3B2EC-C3B8-405C-8219-0F5E6C29CB0B}
[2012/05/15 18:05:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2012/05/15 17:28:40 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{3F7968D4-D306-4DA2-9821-ABDB071BCED7}
[2012/05/15 17:28:28 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{9B07421D-766A-4F9E-B29D-161A386ABF32}
[2012/05/15 17:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/05/15 16:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/05/15 16:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/05/15 16:55:28 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Roaming\TestApp
[2012/05/15 16:49:54 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{240206B3-680E-4D81-854A-CC8CFA464F0D}
[2012/05/15 16:49:41 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{EF491E3D-3F3F-407A-9E05-9B90D0253CD2}
[2012/05/15 16:31:41 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{F32AF9D6-7C47-4076-853C-DE2EC7ACE665}
[2012/05/15 16:31:25 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{0B102CE1-EB1B-4761-B012-F3E856FB4834}
[2012/05/15 16:05:17 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{CA285B2F-4909-4C0E-AEE8-E191DD9E1718}
[2012/05/15 16:05:02 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{76C5FE3C-0073-4853-8017-37FB97FE4F91}
[2012/05/15 15:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2012/05/15 15:50:20 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{10BAFA4E-D63D-4ED9-B164-0412A80FDEBD}
[2012/05/15 15:49:56 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{0429431D-C820-43DF-8FA4-46849C753B6E}
[2012/05/15 12:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/05/15 12:29:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/05/15 12:18:58 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{A421E472-05D8-40BA-A062-79FCF6E0D831}
[2012/05/15 12:18:42 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Roaming\Apple Computer

========== Files - Modified Within 30 Days ==========

[2012/05/16 10:30:12 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 10:30:12 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 10:26:56 | 000,000,512 | ---- | M] () -- C:\Users\david\Desktop\MBR.dat
[2012/05/16 10:23:57 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/16 10:22:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/16 10:22:40 | 3119,374,336 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/16 10:21:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/16 09:25:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/16 09:13:08 | 000,001,154 | ---- | M] () -- C:\Users\david\Desktop\ComboFix - Shortcut.lnk
[2012/05/16 03:30:42 | 000,436,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/16 03:08:57 | 000,740,322 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/16 03:08:57 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/16 03:08:57 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/16 00:14:38 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\david\Desktop\tdsskiller.exe
[2012/05/15 18:54:44 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFordavid.job
[2012/05/15 15:57:27 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2012/05/15 15:37:11 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForlynne.job
[2012/04/30 10:00:00 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job

========== Files Created - No Company Name ==========

[2012/05/16 10:26:56 | 000,000,512 | ---- | C] () -- C:\Users\david\Desktop\MBR.dat
[2012/05/16 09:13:08 | 000,001,154 | ---- | C] () -- C:\Users\david\Desktop\ComboFix - Shortcut.lnk
[2012/05/15 23:20:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/15 23:20:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/15 23:20:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/15 23:20:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/15 23:20:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/15 17:37:33 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleFordavid.job
[2012/05/15 15:57:27 | 000,001,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/15 15:57:27 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL

========== LOP Check ==========

[2011/12/17 18:25:27 | 000,000,000 | ---D | M] -- C:\Users\dad.david-PC\AppData\Roaming\PCMM2009
[2010/02/02 21:11:06 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\iWin
[2012/05/15 21:28:50 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\licenses
[2010/02/17 23:39:22 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\PCMM2009
[2010/02/17 23:38:19 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\PCMM2010
[2012/05/15 16:55:28 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\TestApp
[2010/01/31 16:48:48 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\W Photo Studio
[2010/01/31 14:19:30 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Walgreens
[2010/01/20 17:55:38 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\WildTangent
[2012/05/11 17:45:40 | 000,000,000 | ---D | M] -- C:\Users\face book\AppData\Roaming\PCMM2009
[2011/05/01 19:44:34 | 000,000,000 | ---D | M] -- C:\Users\Lynne.david-PC\AppData\Roaming\PCMM2009
[2011/10/20 20:40:31 | 000,000,000 | ---D | M] -- C:\Users\Lynne.david-PC\AppData\Roaming\WildTangent
[2011/09/17 23:36:56 | 000,000,000 | ---D | M] -- C:\Users\Lynne.david-PC\AppData\Roaming\WinBatch
[2011/12/17 13:59:07 | 000,000,000 | ---D | M] -- C:\Users\lynne.david-PC.000\AppData\Roaming\PCMM2009
[2012/04/04 20:50:17 | 000,000,000 | ---D | M] -- C:\Users\lynne.david-PC.000\AppData\Roaming\WinBatch
[2012/01/12 15:39:24 | 000,000,000 | ---D | M] -- C:\Users\qw\AppData\Roaming\PCMM2009
[2012/04/30 10:00:00 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/05/16 10:22:47 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/10/06 02:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/06 02:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/06 02:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/06 01:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{DF4B6D31-8A27-4C04-9896-4C32350A8C15}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 01 01 00 01 03 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 3
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/06/12 12:51:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/06/12 12:51:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/06/12 12:51:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/06/12 12:51:45 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/06/12 12:51:45 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/06/12 12:51:44 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/06/12 12:51:44 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/06/12 12:51:44 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/06/12 12:51:45 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/06/12 12:51:45 | 000,748,336 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7600
Copyright © 1999-2008 Microsoft Corporation.
On computer: DAVID-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 SYSTEM NTFS Partition 100 MB Healthy System
Volume 2 C HP NTFS Partition 453 GB Healthy Boot
Volume 3 D FACTORY_IMA NTFS Partition 11 GB Healthy
Volume 4 F Removable 0 B No Media
Volume 5 G Removable 0 B No Media
Volume 6 H Removable 0 B No Media
Volume 7 I Removable 0 B No Media

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:E81E58FA
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:6DA18708
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:67F0F865
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:AA857467

< End of report >
  • 0

#6
rotccapt

rotccapt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
i let them visit some of the sites they usualy go to such as "pogo" and a few others and they said that the computer is running much better. befor i started it too several minets to load a page and now it is almost instant. they seem to be happy so far.

from my observations the computer appers to be loading faster from a restart. also the internet opens faster than it was. i have not had anymore of the popups from the unknown antivirus program. also the computer will now switch between users without freezing, befor we started i could not switch users without having to restart the computer.

Edited by rotccapt, 16 May 2012 - 08:59 AM.

  • 0

#7
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Make sure you reenable Microsoft security essentials before they go for a test drive! :thumbsup:
  • 0

#8
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Is the firewall still throwing the error code 0x80070424?
  • 0

#9
rotccapt

rotccapt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
the firewall is back up and running. i re enabled microsoft secerity esentials should i let it run a scan?
  • 0

#10
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
It is OK to scan we have some other scans to run also:

Step 1.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    [2012/05/15 23:18:45 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{B823F57A-8728-4139-9B59-C1CCCB2C5637}
    [2012/05/15 23:18:33 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{E9A022C1-0C03-4948-8D2E-32800815D8BB}
    [2012/05/15 22:53:55 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{7D930604-4214-4433-BCCF-ABFEA9EBEF77}
    [2012/05/15 22:53:43 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{786FE559-27DE-4AA3-BDDE-5CCFF7E8D4C2}
    [2012/05/15 22:34:08 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{DB300E95-2532-4EAF-B024-C2C0D3963B14}
    [2012/05/15 22:33:46 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{12DD2567-29DC-4925-BCD8-6B313C4BD99F}
    [2012/05/15 21:25:45 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{A8893EB1-4557-403A-8E89-D7A878877380}
    [2012/05/15 21:25:33 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{B764E62B-D643-498D-844B-8E4C52790142}
    [2012/05/15 19:54:11 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{3143E9B7-A263-4BC6-BC9F-6B91B4143C42}
    [2012/05/15 19:53:59 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{23161939-FC30-452C-9C68-E0B3A32C18A8}
    [2012/05/15 18:56:13 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{E5032266-DFDE-4B50-9212-5DCAE13414F1}
    [2012/05/15 18:56:00 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{F7F3B2EC-C3B8-405C-8219-0F5E6C29CB0B}
    [2012/05/15 17:28:40 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{3F7968D4-D306-4DA2-9821-ABDB071BCED7}
    [2012/05/15 17:28:28 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{9B07421D-766A-4F9E-B29D-161A386ABF32}
    [2012/05/15 16:49:54 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{240206B3-680E-4D81-854A-CC8CFA464F0D}
    [2012/05/15 16:49:41 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{EF491E3D-3F3F-407A-9E05-9B90D0253CD2}
    [2012/05/15 16:31:41 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{F32AF9D6-7C47-4076-853C-DE2EC7ACE665}
    [2012/05/15 16:31:25 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{0B102CE1-EB1B-4761-B012-F3E856FB4834}
    [2012/05/15 16:05:17 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{CA285B2F-4909-4C0E-AEE8-E191DD9E1718}
    [2012/05/15 16:05:02 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{76C5FE3C-0073-4853-8017-37FB97FE4F91}
    [2012/05/15 15:50:20 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{10BAFA4E-D63D-4ED9-B164-0412A80FDEBD}
    [2012/05/15 15:49:56 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{0429431D-C820-43DF-8FA4-46849C753B6E}
    [2012/05/15 12:18:58 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\{A421E472-05D8-40BA-A062-79FCF6E0D831}
    [2010/02/02 21:11:06 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\iWin
    
    
    :files
    ipconfig /flushdns /c
    
    
    :reg
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.



Step 2.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application. Please do not accept the trial right now. We just want to run it on demand.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Step 3.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 4.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 5.

Please post:

OTL fix log
mbam log
eset log
security check log


Please give me an update on how your computer is doing!
  • 0

Advertisements


#11
rotccapt

rotccapt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
here are the logs. after talking to them the computer is running much better now and the are happy with the performance.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
C:\Users\david\AppData\Local\{B823F57A-8728-4139-9B59-C1CCCB2C5637} folder moved successfully.
C:\Users\david\AppData\Local\{E9A022C1-0C03-4948-8D2E-32800815D8BB} folder moved successfully.
C:\Users\david\AppData\Local\{7D930604-4214-4433-BCCF-ABFEA9EBEF77} folder moved successfully.
C:\Users\david\AppData\Local\{786FE559-27DE-4AA3-BDDE-5CCFF7E8D4C2} folder moved successfully.
C:\Users\david\AppData\Local\{DB300E95-2532-4EAF-B024-C2C0D3963B14} folder moved successfully.
C:\Users\david\AppData\Local\{12DD2567-29DC-4925-BCD8-6B313C4BD99F} folder moved successfully.
C:\Users\david\AppData\Local\{A8893EB1-4557-403A-8E89-D7A878877380} folder moved successfully.
C:\Users\david\AppData\Local\{B764E62B-D643-498D-844B-8E4C52790142} folder moved successfully.
C:\Users\david\AppData\Local\{3143E9B7-A263-4BC6-BC9F-6B91B4143C42} folder moved successfully.
C:\Users\david\AppData\Local\{23161939-FC30-452C-9C68-E0B3A32C18A8} folder moved successfully.
C:\Users\david\AppData\Local\{E5032266-DFDE-4B50-9212-5DCAE13414F1} folder moved successfully.
C:\Users\david\AppData\Local\{F7F3B2EC-C3B8-405C-8219-0F5E6C29CB0B} folder moved successfully.
C:\Users\david\AppData\Local\{3F7968D4-D306-4DA2-9821-ABDB071BCED7} folder moved successfully.
C:\Users\david\AppData\Local\{9B07421D-766A-4F9E-B29D-161A386ABF32} folder moved successfully.
C:\Users\david\AppData\Local\{240206B3-680E-4D81-854A-CC8CFA464F0D} folder moved successfully.
C:\Users\david\AppData\Local\{EF491E3D-3F3F-407A-9E05-9B90D0253CD2} folder moved successfully.
C:\Users\david\AppData\Local\{F32AF9D6-7C47-4076-853C-DE2EC7ACE665} folder moved successfully.
C:\Users\david\AppData\Local\{0B102CE1-EB1B-4761-B012-F3E856FB4834} folder moved successfully.
C:\Users\david\AppData\Local\{CA285B2F-4909-4C0E-AEE8-E191DD9E1718} folder moved successfully.
C:\Users\david\AppData\Local\{76C5FE3C-0073-4853-8017-37FB97FE4F91} folder moved successfully.
C:\Users\david\AppData\Local\{10BAFA4E-D63D-4ED9-B164-0412A80FDEBD} folder moved successfully.
C:\Users\david\AppData\Local\{0429431D-C820-43DF-8FA4-46849C753B6E} folder moved successfully.
C:\Users\david\AppData\Local\{A421E472-05D8-40BA-A062-79FCF6E0D831} folder moved successfully.
C:\Users\david\AppData\Roaming\iWin\FamilyFeud folder moved successfully.
C:\Users\david\AppData\Roaming\iWin folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\david\Downloads\cmd.bat deleted successfully.
C:\Users\david\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: amanda
->Temp folder emptied: 0 bytes

User: AppData
->Temp folder emptied: 0 bytes

User: dad
->Temp folder emptied: 0 bytes

User: dad.david-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: david
->Temp folder emptied: 27207463 bytes
->Temporary Internet Files folder emptied: 50540346 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1389 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: face book
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: lynne
->Temp folder emptied: 0 bytes

User: Lynne.david-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: lynne.david-PC.000
->Temp folder emptied: 18713885 bytes
->Temporary Internet Files folder emptied: 51993776 bytes
->Java cache emptied: 3913984 bytes
->Flash cache emptied: 1218 bytes

User: Public
->Temp folder emptied: 0 bytes

User: qw
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 62205662 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 134 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 205.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.43.0 log created on 05162012_143504

Files\Folders moved on Reboot...
C:\Users\david\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\david\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\david\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E4KRP2IB\fastbutton[2].htm moved successfully.

Registry entries deleted on Reboot...


Malwarebytes' Anti-Malware 1.44
Database version: 3610
Windows 6.1.7600
Internet Explorer 9.0.8112.16421

5/16/2012 2:47:14 PM
mbam-log-2012-05-16 (14-47-14).txt

Scan type: Quick Scan
Objects scanned: 160520
Time elapsed: 4 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK


Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 24
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````
  • 0

#12
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Three things help prevent infection the most:

  • Having and using a good antivirus and keeping the firewall on and running.
  • Keeping your software up to date, especially Windows.
  • Wise use of the internet and vigilant opening of emails.

Let's focus on updates now:


Step 1.

Windows Update (Win 7)


Click Start >> Control Panel >> System and Security >> Under Windows Update click Check for updates >> Check for updates

Install any updates you have, especially SP1 first. then the rest a few at a time.


Go here to learn how to setup automatic updates.



Step 2.

Update Java

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


Step 3.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

Uninstall all previous versions.
Download the latest version from: http://www.adobe.com.../readstep2.html

If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.


Step 4.


Please let me know when these steps are complete and if there are any computer issues left to deal with before we finish up
  • 0

#13
rotccapt

rotccapt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
well the computer seems to be working well and i will work on the updates as i get time. thank you for your help i was about to the point of reformatting the computer. hopfully i can set up the computer so this does not happen agian.
  • 0

#14
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Just a few observations:

This computer had a very large number of toolbars,"game" things, and Search engines, when they get an update they need to check the install to make sure they uncheck or decline these things.

Once you complete the updates I will have some closing steps for cleanup so please let me know when they are complete (They will not take too long)

Regards,

CompCav
  • 0

#15
rotccapt

rotccapt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
updates are done whats next
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP