[penelopepony]

Hi,

I started noticing over the weekend things were getting REALLY sluggish, then ran Malwarebytes, after 3 objects, 2 min. screen locked up. Malwarebytes gets to a file showing, TRILLIAN (Chat crap for job that never ended after 6hrs) and it locks up. Screen will turn whitish, & had to manually turn off pc.

When I attempted to go through programs to uninstall a few programs, ADWARES, NORTON, one or two others, it wouldn't do it.

I've been working on this since Monday.

TY

Penny

Edited by penelopepony, 13 June 2012 - 09:56 AM.

[Advertisements]

WED. JUNE 13th.

I'm still having problems, I've read & read, tried ComboFix, Hitman, re-installed & re-installed Malwarebytes, still it stops @ TRILLIAN. When I ran hitman, I noticed what I feared, that the one biz I worked for, had issues with, & later found out on RIPOFF report that she had been let go from a biz 4 taking $, and that the people that make her site, & the site she came from take credit card info from customers & later use it when biz is slow.

Please help. My pc is REALLY sluggish, I am on WiFi @ the motel I live @, and since my biz plan for my biz is ??? I'm doing phone work that also involves needing to use the pc to log in, meetings, etc...

At times, I'll b holding the mouse still, but it'll be going ALL OVER MY SCREEN.

Hijack detected and I think got rid of a bunch of tracking stuff, BUT theres that notorious ONE, then Malwarebytes say's two, but DAY 3 & I have managed to have some service, but I'm on a wing & a prayer.

TY

PC

[penelopepony]

WED. JUNE 13th.

I'm still having problems, I've read & read, tried ComboFix, Hitman, re-installed & re-installed Malwarebytes, still it stops @ TRILLIAN. When I ran hitman, I noticed what I feared, that the one biz I worked for, had issues with, & later found out on RIPOFF report that she had been let go from a biz 4 taking $, and that the people that make her site, & the site she came from take credit card info from customers & later use it when biz is slow.

Please help. My pc is REALLY sluggish, I am on WiFi @ the motel I live @, and since my biz plan for my biz is ??? I'm doing phone work that also involves needing to use the pc to log in, meetings, etc...

At times, I'll b holding the mouse still, but it'll be going ALL OVER MY SCREEN.

Hijack detected and I think got rid of a bunch of tracking stuff, BUT theres that notorious ONE, then Malwarebytes say's two, but DAY 3 & I have managed to have some service, but I'm on a wing & a prayer.

TY

PC

[Essexboy]

Hi Penny, sorry for the delay

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  consrv.dll
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  CREATERESTOREPOINT
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply

[penelopepony]

Thank you, and sorry about the impatience issue, I share a pc w/husband, & guess who get's repairs? Wasn't sure, but I did turn off my MicroSoft security during scan.

I only came up w/ONE report doing a quick scan, now before in life, I a reg. scan I'd always been able to get 2 notebook pages. So after 5th time, I let it give me one, & I saved one renamed Extra. PT2 worked great, it offed to do more, but I did as u said to do.


OTL logfile created on: 6/13/2012 2:27:37 PM - Run 5
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Penny Grizzard\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 59.48% Memory free
7.60 Gb Paging File | 5.80 Gb Available in Paging File | 76.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.10 Gb Total Space | 192.58 Gb Free Space | 87.10% Space Free | Partition Type: NTFS
Drive E: | 14.92 Gb Total Space | 12.12 Gb Free Space | 81.29% Space Free | Partition Type: FAT32

Computer Name: PENNYGRIZZARD | User Name: Penny Grizzard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/13 14:15:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Penny Grizzard\Desktop\OTL.exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/28 19:34:01 | 000,103,792 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/04/06 14:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/23 19:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 00:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/14 12:48:51 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012/05/09 16:58:05 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/20 20:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 19:34:01 | 000,103,792 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/07 20:32:06 | 000,845,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (rtl8192Ce)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/03 04:05:34 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/31 01:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/24 15:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/22 20:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/20 10:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/10 17:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 23:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 15:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/05/14 12:49:05 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4F2D95C5-85D0-459B-B521-8514377FFE53}
IE:64bit: - HKLM\..\SearchScopes\{4F2D95C5-85D0-459B-B521-8514377FFE53}: "URL" = http://www.google.co...ng}&rlz=1I7TSND
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSND&bmod=TSND
IE - HKLM\..\SearchScopes,DefaultScope = {BA78A7B7-4DDF-4B71-BD25-42CAA02A81FB}
IE - HKLM\..\SearchScopes\{BA78A7B7-4DDF-4B71-BD25-42CAA02A81FB}: "URL" = http://www.google.co...ng}&rlz=1I7TSND

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.hotmail.com/
IE - HKCU\..\SearchScopes,DefaultScope = {949601FF-31A2-4E2C-A9E9-3BD8D25E9899}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{949601FF-31A2-4E2C-A9E9-3BD8D25E9899}: "URL" = http://www.google.co...1I7TSND_enUS483
IE - HKCU\..\SearchScopes\{BA78A7B7-4DDF-4B71-BD25-42CAA02A81FB}: "URL" = http://www.google.co...ng}&rlz=1I7TSND
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/13 22:58:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/06/04 00:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Penny Grizzard\AppData\Roaming\mozilla\Extensions
[2012/06/10 17:58:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Penny Grizzard\AppData\Roaming\mozilla\Firefox\Profiles\rydbsrb1.default\extensions
[2012/06/10 17:41:54 | 000,000,000 | ---D | M] (ReImage Helper) -- C:\Users\Penny Grizzard\AppData\Roaming\mozilla\Firefox\Profiles\rydbsrb1.default\extensions\[email protected]
[2012/06/04 00:40:08 | 000,002,519 | ---- | M] () -- C:\Users\Penny Grizzard\AppData\Roaming\Mozilla\Firefox\Profiles\rydbsrb1.default\searchplugins\Search_Results.xml
[2012/06/04 00:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/20 20:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/04 00:40:08 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Penny Grizzard\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Penny Grizzard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Penny Grizzard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Penny Grizzard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/11 16:26:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B233200A-9385-40BE-A0D5-DC7719C662A7}: DhcpNameServer = 24.116.2.50 24.116.2.34 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/14 12:32:30 | 000,000,016 | -H-- | M] () - E:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/13 14:14:58 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Penny Grizzard\Desktop\OTL.exe
[2012/06/13 14:01:22 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Penny Grizzard\Desktop\aswMBR.exe
[2012/06/12 21:42:13 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/06/12 21:32:10 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/06/11 18:41:05 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\Desktop\xxx
[2012/06/11 18:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/11 18:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/11 18:01:58 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/06/11 17:58:13 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2012/06/11 17:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/06/11 16:26:28 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/11 16:20:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/06/11 16:20:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/06/11 16:20:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/06/11 16:04:24 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/06/11 15:57:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/10 22:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/10 22:06:48 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\Documents\tdsskiller
[2012/06/10 18:38:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/10 18:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/10 16:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/10 16:02:53 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2012/06/10 04:30:10 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/10 04:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/10 03:05:29 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\Avira
[2012/06/10 03:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/06/05 13:10:11 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\Yahoo!
[2012/06/05 03:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/06/05 03:18:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/06/04 00:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/06/02 19:21:52 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\Documents\Scanned Documents
[2012/06/02 19:21:52 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\Documents\Fax
[2012/06/02 18:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro
[2012/06/02 18:35:28 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\AI_RecycleBin
[2012/06/02 18:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2012/05/30 18:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/05/30 18:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/05/30 18:29:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/05/30 18:02:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/05/30 17:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/05/24 23:21:30 | 000,000,000 | ---D | C] -- C:\Free Download Manager
[2012/05/24 15:03:27 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\webex
[2012/05/23 13:49:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/05/23 13:49:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/05/23 11:52:58 | 000,000,000 | ---D | C] -- C:\windows\SysNative\kodak
[2012/05/23 11:51:49 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Local\Eastman_Kodak_Company
[2012/05/23 11:50:13 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Local\Eastman Kodak Company
[2012/05/23 11:48:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kodak
[2012/05/23 11:47:07 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\Temp
[2012/05/23 11:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2012/05/23 10:14:48 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\Documents\Remote Assistance Logs
[2012/05/23 09:58:22 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Local\ElevatedDiagnostics
[2012/05/22 22:17:36 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\gtk-2.0
[2012/05/22 12:46:49 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\Trillian
[2012/05/22 10:47:02 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\.purple
[2012/05/22 10:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pidgin
[2012/05/21 16:40:50 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Penny Grizzard\Desktop\TDSSKiller.exe
[2012/05/15 18:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Timer
[2012/05/15 18:52:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cool Timer
[2012/05/15 18:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/05/15 18:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012/05/15 18:52:11 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Local\searchcom_001
[2012/05/15 18:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
[2012/05/15 18:28:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2012/05/15 17:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/05/15 17:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/05/15 17:48:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/05/15 17:48:06 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Local\Microsoft Help
[2012/05/15 17:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/05/15 17:47:52 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012/05/15 13:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/14 19:02:40 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2012/05/14 19:02:39 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2012/05/14 16:21:30 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Local\Tific
[2012/05/14 16:21:23 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\Tific

========== Files - Modified Within 30 Days ==========

[2012/06/13 14:15:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Penny Grizzard\Desktop\OTL.exe
[2012/06/13 14:01:22 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Penny Grizzard\Desktop\aswMBR.exe
[2012/06/13 13:57:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/06/13 13:52:01 | 000,729,688 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/06/13 13:52:01 | 000,626,278 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/06/13 13:52:01 | 000,107,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/06/13 13:22:13 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/13 10:31:08 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 10:31:08 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 10:23:36 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/11 18:02:05 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/11 17:58:13 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2012/06/11 16:26:26 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/06/11 15:41:15 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Penny Grizzard\Desktop\TDSSKiller.exe
[2012/06/10 22:24:26 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAnti.lnk
[2012/06/10 18:39:08 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/06/10 18:38:50 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/06/10 17:42:47 | 000,000,286 | ---- | M] () -- C:\windows\reimage.ini
[2012/06/02 17:36:25 | 000,000,064 | ---- | M] () -- C:\windows\SysWow64\rp_stats.dat
[2012/06/02 17:36:25 | 000,000,044 | ---- | M] () -- C:\windows\SysWow64\rp_rules.dat
[2012/05/27 20:17:19 | 000,000,017 | ---- | M] () -- C:\Users\Penny Grizzard\AppData\Local\resmon.resmoncfg
[2012/05/27 02:37:10 | 000,417,488 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/05/17 06:50:41 | 000,001,252 | ---- | M] () -- C:\Users\Penny Grizzard\Desktop\Disk Cleanup.lnk
[2012/05/15 18:28:42 | 000,000,376 | ---- | M] () -- C:\windows\ODBC.INI
[2012/05/15 18:28:13 | 000,001,970 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/05/14 21:29:36 | 000,001,408 | ---- | M] () -- C:\Users\Penny Grizzard\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/14 21:23:50 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2012/05/14 21:23:49 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf

========== Files Created - No Company Name ==========

[2012/06/11 18:02:05 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/11 16:20:28 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/06/11 16:20:28 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/06/11 16:20:28 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/06/11 16:20:28 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/06/11 16:20:28 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/06/10 22:24:25 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAnti.lnk
[2012/06/10 18:39:08 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2012/06/10 18:39:00 | 000,001,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/10 17:42:32 | 000,000,286 | ---- | C] () -- C:\windows\reimage.ini
[2012/05/27 20:17:19 | 000,000,017 | ---- | C] () -- C:\Users\Penny Grizzard\AppData\Local\resmon.resmoncfg
[2012/05/23 13:49:15 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/05/22 10:46:36 | 000,000,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
[2012/05/17 06:50:41 | 000,001,252 | ---- | C] () -- C:\Users\Penny Grizzard\Desktop\Disk Cleanup.lnk
[2012/05/15 18:28:42 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2012/05/15 18:28:13 | 000,002,657 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
[2012/05/15 18:28:13 | 000,002,655 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2012/05/15 18:28:13 | 000,002,591 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Publisher.lnk
[2012/05/15 18:28:13 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/05/14 21:29:36 | 000,001,420 | ---- | C] () -- C:\Users\Penny Grizzard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/05/14 21:23:50 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2012/05/14 21:23:49 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2012/05/14 12:49:27 | 000,000,064 | ---- | C] () -- C:\windows\SysWow64\rp_stats.dat
[2012/05/14 12:49:27 | 000,000,044 | ---- | C] () -- C:\windows\SysWow64\rp_rules.dat
[2012/05/11 14:28:26 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2012/05/30 22:55:13 | 000,000,000 | ---D | M] -- C:\Users\Penny Grizzard\AppData\Roaming\.purple
[2012/05/22 22:17:36 | 000,000,000 | ---D | M] -- C:\Users\Penny Grizzard\AppData\Roaming\gtk-2.0
[2012/05/13 16:12:00 | 000,000,000 | ---D | M] -- C:\Users\Penny Grizzard\AppData\Roaming\OpenCandy
[2012/05/27 12:57:20 | 000,000,000 | ---D | M] -- C:\Users\Penny Grizzard\AppData\Roaming\SoftGrid Client
[2012/05/23 11:47:07 | 000,000,000 | ---D | M] -- C:\Users\Penny Grizzard\AppData\Roaming\Temp
[2012/05/14 16:21:23 | 000,000,000 | ---D | M] -- C:\Users\Penny Grizzard\AppData\Roaming\Tific
[2012/05/08 14:01:05 | 000,000,000 | ---D | M] -- C:\Users\Penny Grizzard\AppData\Roaming\Toshiba
[2012/05/11 14:29:32 | 000,000,000 | ---D | M] -- C:\Users\Penny Grizzard\AppData\Roaming\TP
[2012/05/22 12:49:58 | 000,000,000 | ---D | M] -- C:\Users\Penny Grizzard\AppData\Roaming\Trillian
[2012/05/24 15:03:27 | 000,000,000 | ---D | M] -- C:\Users\Penny Grizzard\AppData\Roaming\webex
[2012/05/08 10:12:21 | 000,000,000 | ---D | M] -- C:\Users\Penny Grizzard\AppData\Roaming\WinBatch
[2012/06/13 09:42:54 | 000,032,564 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< End of report >


OTL logfile created on: 6/13/2012 2:27:37 PM - Run 5
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Penny Grizzard\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 59.48% Memory free
7.60 Gb Paging File | 5.80 Gb Available in Paging File | 76.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.10 Gb Total Space | 192.58 Gb Free Space | 87.10% Space Free | Partition Type: NTFS
Drive E: | 14.92 Gb Total Space | 12.12 Gb Free Space | 81.29% Space Free | Partition Type: FAT32

Computer Name: PENNYGRIZZARD | User Name: Penny Grizzard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/13 14:15:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Penny Grizzard\Desktop\OTL.exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/28 19:34:01 | 000,103,792 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/04/06 14:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/23 19:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 00:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/14 12:48:51 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012/05/09 16:58:05 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/20 20:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 19:34:01 | 000,103,792 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/07 20:32:06 | 000,845,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (rtl8192Ce)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/03 04:05:34 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/31 01:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/24 15:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/22 20:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/20 10:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/10 17:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 23:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 15:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/05/14 12:49:05 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4F2D95C5-85D0-459B-B521-8514377FFE53}
IE:64bit: - HKLM\..\SearchScopes\{4F2D95C5-85D0-459B-B521-8514377FFE53}: "URL" = http://www.google.co...ng}&rlz=1I7TSND
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSND&bmod=TSND
IE - HKLM\..\SearchScopes,DefaultScope = {BA78A7B7-4DDF-4B71-BD25-42CAA02A81FB}
IE - HKLM\..\SearchScopes\{BA78A7B7-4DDF-4B71-BD25-42CAA02A81FB}: "URL" = http://www.google.co...ng}&rlz=1I7TSND

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.hotmail.com/
IE - HKCU\..\SearchScopes,DefaultScope = {949601FF-31A2-4E2C-A9E9-3BD8D25E9899}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{949601FF-31A2-4E2C-A9E9-3BD8D25E9899}: "URL" = http://www.google.co...1I7TSND_enUS483
IE - HKCU\..\SearchScopes\{BA78A7B7-4DDF-4B71-BD25-42CAA02A81FB}: "URL" = http://www.google.co...ng}&rlz=1I7TSND
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/13 22:58:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/06/04 00:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Penny Grizzard\AppData\Roaming\mozilla\Extensions
[2012/06/10 17:58:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Penny Grizzard\AppData\Roaming\mozilla\Firefox\Profiles\rydbsrb1.default\extensions
[2012/06/10 17:41:54 | 000,000,000 | ---D | M] (ReImage Helper) -- C:\Users\Penny Grizzard\AppData\Roaming\mozilla\Firefox\Profiles\rydbsrb1.default\extensions\[email protected]
[2012/06/04 00:40:08 | 000,002,519 | ---- | M] () -- C:\Users\Penny Grizzard\AppData\Roaming\Mozilla\Firefox\Profiles\rydbsrb1.default\searchplugins\Search_Results.xml
[2012/06/04 00:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/20 20:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/04 00:40:08 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Penny Grizzard\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Penny Grizzard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Penny Grizzard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Penny Grizzard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/11 16:26:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B233200A-9385-40BE-A0D5-DC7719C662A7}: DhcpNameServer = 24.116.2.50 24.116.2.34 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/14 12:32:30 | 000,000,016 | -H-- | M] () - E:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/13 14:14:58 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Penny Grizzard\Desktop\OTL.exe
[2012/06/13 14:01:22 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Penny Grizzard\Desktop\aswMBR.exe
[2012/06/12 21:42:13 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/06/12 21:32:10 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/06/11 18:41:05 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\Desktop\xxx
[2012/06/11 18:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/11 18:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/11 18:01:58 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/06/11 17:58:13 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2012/06/11 17:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/06/11 16:26:28 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/11 16:20:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/06/11 16:20:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/06/11 16:20:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/06/11 16:04:24 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/06/11 15:57:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/10 22:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/10 22:06:48 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\Documents\tdsskiller
[2012/06/10 18:38:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/10 18:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/10 16:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/10 16:02:53 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2012/06/10 04:30:10 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/10 04:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/10 03:05:29 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\Avira
[2012/06/10 03:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/06/05 13:10:11 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\Yahoo!
[2012/06/05 03:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/06/05 03:18:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/06/04 00:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/06/02 19:21:52 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\Documents\Scanned Documents
[2012/06/02 19:21:52 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\Documents\Fax
[2012/06/02 18:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro
[2012/06/02 18:35:28 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\AI_RecycleBin
[2012/06/02 18:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2012/05/30 18:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/05/30 18:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/05/30 18:29:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/05/30 18:02:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/05/30 17:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/05/24 23:21:30 | 000,000,000 | ---D | C] -- C:\Free Download Manager
[2012/05/24 15:03:27 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\webex
[2012/05/23 13:49:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/05/23 13:49:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/05/23 11:52:58 | 000,000,000 | ---D | C] -- C:\windows\SysNative\kodak
[2012/05/23 11:51:49 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Local\Eastman_Kodak_Company
[2012/05/23 11:50:13 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Local\Eastman Kodak Company
[2012/05/23 11:48:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kodak
[2012/05/23 11:47:07 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\Temp
[2012/05/23 11:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2012/05/23 10:14:48 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\Documents\Remote Assistance Logs
[2012/05/23 09:58:22 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Local\ElevatedDiagnostics
[2012/05/22 22:17:36 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\gtk-2.0
[2012/05/22 12:46:49 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\Trillian
[2012/05/22 10:47:02 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\.purple
[2012/05/22 10:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pidgin
[2012/05/21 16:40:50 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Penny Grizzard\Desktop\TDSSKiller.exe
[2012/05/15 18:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Timer
[2012/05/15 18:52:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cool Timer
[2012/05/15 18:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/05/15 18:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012/05/15 18:52:11 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Local\searchcom_001
[2012/05/15 18:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
[2012/05/15 18:28:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2012/05/15 17:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/05/15 17:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/05/15 17:48:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/05/15 17:48:06 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Local\Microsoft Help
[2012/05/15 17:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/05/15 17:47:52 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012/05/15 13:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/14 19:02:40 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2012/05/14 19:02:39 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2012/05/14 16:21:30 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Local\Tific
[2012/05/14 16:21:23 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\Tific

========== Files - Modified Within 30 Days ==========

[2012/06/13 14:15:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Penny Grizzard\Desktop\OTL.exe
[2012/06/13 14:01:22 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Penny Grizzard\Desktop\aswMBR.exe
[2012/06/13 13:57:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/06/13 13:52:01 | 000,729,688 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/06/13 13:52:01 | 000,626,278 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/06/13 13:52:01 | 000,107,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/06/13 13:22:13 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/13 10:31:08 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 10:31:08 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 10:23:36 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/11 18:02:05 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/11 17:58:13 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2012/06/11 16:26:26 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/06/11 15:41:15 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Penny Grizzard\Desktop\TDSSKiller.exe
[2012/06/10 22:24:26 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAnti.lnk
[2012/06/10 18:39:08 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/06/10 18:38:50 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/06/10 17:42:47 | 000,000,286 | ---- | M] () -- C:\windows\reimage.ini
[2012/06/02 17:36:25 | 000,000,064 | ---- | M] () -- C:\windows\SysWow64\rp_stats.dat
[2012/06/02 17:36:25 | 000,000,044 | ---- | M] () -- C:\windows\SysWow64\rp_rules.dat
[2012/05/27 20:17:19 | 000,000,017 | ---- | M] () -- C:\Users\Penny Grizzard\AppData\Local\resmon.resmoncfg
[2012/05/27 02:37:10 | 000,417,488 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/05/17 06:50:41 | 000,001,252 | ---- | M] () -- C:\Users\Penny Grizzard\Desktop\Disk Cleanup.lnk
[2012/05/15 18:28:42 | 000,000,376 | ---- | M] () -- C:\windows\ODBC.INI
[2012/05/15 18:28:13 | 000,001,970 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/05/14 21:29:36 | 000,001,408 | ---- | M] () -- C:\Users\Penny Grizzard\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/14 21:23:50 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2012/05/14 21:23:49 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf

========== Files Created - No Company Name ==========

[2012/06/11 18:02:05 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/11 16:20:28 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/06/11 16:20:28 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/06/11 16:20:28 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/06/11 16:20:28 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/06/11 16:20:28 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/06/10 22:24:25 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAnti.lnk
[2012/06/10 18:39:08 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2012/06/10 18:39:00 | 000,001,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/10 17:42:32 | 000,000,286 | ---- | C] () -- C:\windows\reimage.ini
[2012/05/27 20:17:19 | 000,000,017 | ---- | C] () -- C:\Users\Penny Grizzard\AppData\Local\resmon.resmoncfg
[2012/05/23 13:49:15 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/05/22 10:46:36 | 000,000,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
[2012/05/17 06:50:41 | 000,001,252 | ---- | C] () -- C:\Users\Penny Grizzard\Desktop\Disk Cleanup.lnk
[2012/05/15 18:28:42 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2012/05/15 18:28:13 | 000,002,657 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
[2012/05/15 18:28:13 | 000,002,655 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2012/05/15 18:28:13 | 000,002,591 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Publisher.lnk
[2012/05/15 18:28:13 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/05/14 21:29:36 | 000,001,420 | ---- | C] () -- C:\Users\Penny Grizzard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/05/14 21:23:50 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2012/05/14 21:23:49 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2012/05/14 12:49:27 | 000,000,064 | ---- | C] () -- C:\windows\SysWow64\rp_stats.dat
[2012/05/14 12:49:27 | 000,000,044 | ---- | C] () -- C:\windows\SysWow64\rp_rules.dat
[2012/05/11 14:28:26 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2012/05/30 22:55:13 | 000,000,000 | ---D | M] -- C:\Users\Penny Grizzard\AppData\Roaming\.purple
[2012/05/22 22:17:36 | 000,000,000 | ---D | M] -- C:\Users\Penny Grizzard\AppData\Roaming\gtk-2.0
[2012/05/13 16:12:00 | 000,000,000 | ---D | M] -- C:\Users\Penny Grizzard\AppData\Roaming\OpenCandy
[2012/05/27 12:57:20 | 000,000,000 | ---D | M] -- C:\Users\Penny Grizzard\AppData\Roaming\SoftGrid Client
[2012/05/23 11:47:07 | 000,000,000 | ---D | M] -- C:\Users\Penny Grizzard\AppData\Roaming\Temp
[2012/05/14 16:21:23 | 000,000,000 | ---D | M] -- C:\Users\Penny Grizzard\AppData\Roaming\Tific
[2012/05/08 14:01:05 | 000,000,000 | ---D | M] -- C:\Users\Penny Grizzard\AppData\Roaming\Toshiba
[2012/05/11 14:29:32 | 000,000,000 | ---D | M] -- C:\Users\Penny Grizzard\AppData\Roaming\TP
[2012/05/22 12:49:58 | 000,000,000 | ---D | M] -- C:\Users\Penny Grizzard\AppData\Roaming\Trillian
[2012/05/24 15:03:27 | 000,000,000 | ---D | M] -- C:\Users\Penny Grizzard\AppData\Roaming\webex
[2012/05/08 10:12:21 | 000,000,000 | ---D | M] -- C:\Users\Penny Grizzard\AppData\Roaming\WinBatch
[2012/06/13 09:42:54 | 000,032,564 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< End of report >

---------------------------------->


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-13 14:31:43
-----------------------------
14:31:43.895 OS Version: Windows x64 6.1.7601 Service Pack 1
14:31:43.895 Number of processors: 4 586 0x2505
14:31:43.895 ComputerName: PENNYGRIZZARD UserName:
14:31:44.566 Initialize success
14:31:48.841 AVAST engine defs: 12061300
14:32:02.959 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:32:02.974 Disk 0 Vendor: TOSHIBA_ GB00 Size: 238475MB BusType: 3
14:32:02.990 Disk 0 MBR read successfully
14:32:02.990 Disk 0 MBR scan
14:32:03.006 Disk 0 Windows VISTA default MBR code
14:32:03.021 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:32:03.037 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 226407 MB offset 3074048
14:32:03.084 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10567 MB offset 466755584
14:32:03.130 Disk 0 scanning C:\windows\system32\drivers
14:32:13.395 Service scanning
14:32:49.166 Modules scanning
14:32:49.182 Disk 0 trace - called modules:
14:32:49.213 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:32:49.228 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cb8060]
14:32:49.228 3 CLASSPNP.SYS[fffff88001db843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049d2050]
14:32:49.930 AVAST engine scan C:\windows
14:32:52.894 AVAST engine scan C:\windows\system32
14:35:26.789 AVAST engine scan C:\windows\system32\drivers
14:35:37.880 AVAST engine scan C:\Users\Penny Grizzard
14:36:28.643 AVAST engine scan C:\ProgramData
14:36:55.459 Scan finished successfully
14:38:05.347 Disk 0 MBR has been saved successfully to "C:\Users\Penny Grizzard\Desktop\MBR.dat"
14:38:05.347 The log file has been saved successfully to "C:\Users\Penny Grizzard\Desktop\aswMBR.txt"

THANK YOU!!!

[Essexboy]

Ok then Penny - at the moment there is nothing that jumps out at me, so could you post the combofix log please. Also have you tried uninstalling Trillian ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL


Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[penelopepony]

Will try this AGAIN... PC still locking up. I uninstalled Malwarebytes, Anti..., I haven't had a chance to re install the programs like Malwarebytes that I installed @ library today.

I have a few programs that even when I try to install & uninstall will NOT cooperate. Lavasoft Adware, Trillian,and when I look around see a couple of others.

I remembered that after I had a bad attempt working for this one company online, they had me download Trillian, but mainly I suddenly started noticing on GOOGLE CHROME, & I uninstalled GOOGLE CHROME because of it, but one of the BIG PROBLEMS was it kept redirecting my homepage to " SEARCHNU.COM/407 " Soon after that programs wouldn't completally uninstall, Malwarebytes started acting up, etc... Thru the forumns I did learn to uninstall NORTON, & that was a nightmare for a while.

Scan keeps locking up on OTL.

Will try again.

TY

[penelopepony]

All processes killed
Error: Unable to interpret <All processes killed> in the current context!
Error: Unable to interpret <========== OTL ==========> in the current context!
Error: Unable to interpret <64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.> in the current context!
Error: Unable to interpret <64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.> in the current context!
Error: Unable to interpret <Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.> in the current context!
Error: Unable to interpret <Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.> in the current context!
Error: Unable to interpret <Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.> in the current context!
Error: Unable to interpret <Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.> in the current context!
Error: Unable to interpret <Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.> in the current context!
Error: Unable to interpret <========== FILES ==========> in the current context!
Error: Unable to interpret << ipconfig /flushdns /c >> in the current context!
Error: Unable to interpret <Windows IP Configuration> in the current context!
Error: Unable to interpret <Successfully flushed the DNS Resolver Cache.> in the current context!
Error: Unable to interpret <C:\Users\Penny Grizzard\Desktop\cmd.bat deleted successfully.> in the current context!
Error: Unable to interpret <C:\Users\Penny Grizzard\Desktop\cmd.txt deleted successfully.> in the current context!
Error: Unable to interpret <========== COMMANDS ==========> in the current context!
Error: Unable to interpret <C:\windows\System32\drivers\etc\Hosts moved successfully.> in the current context!
Error: Unable to interpret <HOSTS file reset successfully> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[EMPTYTEMP]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: Administrator> in the current context!
Error: Unable to interpret <->Temp folder emptied: 0 bytes> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: All Users> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: Default> in the current context!
Error: Unable to interpret <->Temp folder emptied: 0 bytes> in the current context!
Error: Unable to interpret <->Temporary Internet Files folder emptied: 0 bytes> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: Default User> in the current context!
Error: Unable to interpret <->Temp folder emptied: 0 bytes> in the current context!
Error: Unable to interpret <->Temporary Internet Files folder emptied: 0 bytes> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: Guest> in the current context!
Error: Unable to interpret <->Temp folder emptied: 0 bytes> in the current context!
Error: Unable to interpret <->Temporary Internet Files folder emptied: 0 bytes> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: Penny Grizzard> in the current context!
Error: Unable to interpret <->Temp folder emptied: 35566 bytes> in the current context!
Error: Unable to interpret <->Temporary Internet Files folder emptied: 2590623 bytes> in the current context!
Error: Unable to interpret <->Java cache emptied: 0 bytes> in the current context!
Error: Unable to interpret <->FireFox cache emptied: 27061507 bytes> in the current context!
Error: Unable to interpret <->Flash cache emptied: 470 bytes> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <User: Public> in the current context!
Error: Unable to interpret <->Temp folder emptied: 0 bytes> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <%systemdrive% .tmp files removed: 0 bytes> in the current context!
Error: Unable to interpret <%systemroot% .tmp files removed: 0 bytes> in the current context!
Error: Unable to interpret <%systemroot%\System32 .tmp files removed: 0 bytes> in the current context!
Error: Unable to interpret <%systemroot%\System32 (64bit) .tmp files removed: 0 bytes> in the current context!
Error: Unable to interpret <%systemroot%\System32\drivers .tmp files removed: 0 bytes> in the current context!
Error: Unable to interpret <Windows Temp folder emptied: 101466 bytes> in the current context!
Error: Unable to interpret <%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes> in the current context!
Error: Unable to interpret <RecycleBin emptied: 0 bytes> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Total Files Cleaned = 28.00 mb> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Restore point Set: OTL Restore Point> in the current context!
Error: Unable to interpret < > in the current context!
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Penny Grizzard\Desktop\cmd.bat deleted successfully.
C:\Users\Penny Grizzard\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Penny Grizzard
->Temp folder emptied: 1362 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2336 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 276380 bytes

Total Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.48.0 log created on 06132012_193654

Files\Folders moved on Reboot...
C:\Users\Penny Grizzard\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


_______________________________________________________________________________________________________________________________________________________

OTL logfile created on: 6/13/2012 7:40:10 PM - Run 8
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Penny Grizzard\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.83 Gb Available Physical Memory | 74.29% Memory free
7.60 Gb Paging File | 6.52 Gb Available in Paging File | 85.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.10 Gb Total Space | 191.59 Gb Free Space | 86.65% Space Free | Partition Type: NTFS

Computer Name: PENNYGRIZZARD | User Name: Penny Grizzard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/13 14:15:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Penny Grizzard\Desktop\OTL.exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/28 19:34:01 | 000,103,792 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/04/06 14:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/23 19:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 00:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/14 12:48:51 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012/05/09 16:58:05 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/20 20:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 19:34:01 | 000,103,792 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/07 20:32:06 | 000,845,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (rtl8192Ce)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/03 04:05:34 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/31 01:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/24 15:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/22 20:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/20 10:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/10 17:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 23:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 15:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/05/14 12:49:05 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4F2D95C5-85D0-459B-B521-8514377FFE53}
IE:64bit: - HKLM\..\SearchScopes\{4F2D95C5-85D0-459B-B521-8514377FFE53}: "URL" = http://www.google.co...ng}&rlz=1I7TSND
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSND&bmod=TSND
IE - HKLM\..\SearchScopes,DefaultScope = {BA78A7B7-4DDF-4B71-BD25-42CAA02A81FB}
IE - HKLM\..\SearchScopes\{BA78A7B7-4DDF-4B71-BD25-42CAA02A81FB}: "URL" = http://www.google.co...ng}&rlz=1I7TSND

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.hotmail.com/
IE - HKCU\..\SearchScopes,DefaultScope = {949601FF-31A2-4E2C-A9E9-3BD8D25E9899}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{949601FF-31A2-4E2C-A9E9-3BD8D25E9899}: "URL" = http://www.google.co...1I7TSND_enUS483
IE - HKCU\..\SearchScopes\{BA78A7B7-4DDF-4B71-BD25-42CAA02A81FB}: "URL" = http://www.google.co...ng}&rlz=1I7TSND
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/13 22:58:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/06/04 00:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Penny Grizzard\AppData\Roaming\mozilla\Extensions
[2012/06/10 17:58:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Penny Grizzard\AppData\Roaming\mozilla\Firefox\Profiles\rydbsrb1.default\extensions
[2012/06/10 17:41:54 | 000,000,000 | ---D | M] (ReImage Helper) -- C:\Users\Penny Grizzard\AppData\Roaming\mozilla\Firefox\Profiles\rydbsrb1.default\extensions\[email protected]
[2012/06/04 00:40:08 | 000,002,519 | ---- | M] () -- C:\Users\Penny Grizzard\AppData\Roaming\Mozilla\Firefox\Profiles\rydbsrb1.default\searchplugins\Search_Results.xml
[2012/06/04 00:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/20 20:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/04 00:40:08 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/13 19:36:55 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B233200A-9385-40BE-A0D5-DC7719C662A7}: DhcpNameServer = 24.116.2.50 24.116.2.34 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/13 17:42:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/13 17:07:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/13 16:59:40 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/06/13 16:16:43 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\Ad-Aware Antivirus
[2012/06/13 15:45:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/06/13 15:45:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/06/13 15:45:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/06/13 15:45:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/06/13 15:45:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/06/13 15:45:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/06/13 15:45:13 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/06/13 15:45:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/06/13 15:45:12 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/06/13 15:45:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/06/13 15:45:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/06/13 15:45:12 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/06/13 15:45:12 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/06/13 14:14:58 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Penny Grizzard\Desktop\OTL.exe
[2012/06/13 14:01:22 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Penny Grizzard\Desktop\aswMBR.exe
[2012/06/13 05:08:20 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2012/06/13 05:08:19 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/06/13 05:08:19 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll
[2012/06/13 05:08:19 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe
[2012/06/13 05:08:18 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/06/13 05:08:17 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/06/13 05:08:16 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2012/06/13 05:08:11 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012/06/13 05:08:11 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2012/06/11 18:41:05 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\Desktop\xxx
[2012/06/11 18:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/11 17:58:13 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2012/06/11 17:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/06/11 16:20:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/06/11 16:20:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/06/11 16:20:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/06/11 16:04:24 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/06/11 15:57:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/10 22:06:48 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\Documents\tdsskiller
[2012/06/10 18:38:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/10 18:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/10 16:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/10 16:02:53 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2012/06/10 03:05:29 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\Avira
[2012/06/10 03:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/06/05 13:10:11 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\Yahoo!
[2012/06/05 03:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/06/05 03:18:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/06/04 00:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/06/02 19:21:52 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\Documents\Scanned Documents
[2012/06/02 19:21:52 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\Documents\Fax
[2012/06/02 18:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro
[2012/06/02 18:35:28 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\AI_RecycleBin
[2012/06/02 18:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2012/05/30 18:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/05/30 18:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/05/30 18:29:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/05/30 18:29:00 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2012/05/30 18:29:00 | 000,687,504 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2012/05/30 18:29:00 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2012/05/30 18:02:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/05/30 17:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/05/24 23:21:30 | 000,000,000 | ---D | C] -- C:\Free Download Manager
[2012/05/24 15:03:27 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\webex
[2012/05/23 13:49:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/05/23 13:49:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/05/23 11:52:58 | 000,000,000 | ---D | C] -- C:\windows\SysNative\kodak
[2012/05/23 11:51:49 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Local\Eastman_Kodak_Company
[2012/05/23 11:50:13 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Local\Eastman Kodak Company
[2012/05/23 11:48:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kodak
[2012/05/23 11:47:07 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\Temp
[2012/05/23 11:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2012/05/23 11:24:52 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2012/05/23 10:14:48 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\Documents\Remote Assistance Logs
[2012/05/23 09:58:22 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Local\ElevatedDiagnostics
[2012/05/22 22:17:36 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\gtk-2.0
[2012/05/22 12:46:49 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\Trillian
[2012/05/22 10:47:02 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Roaming\.purple
[2012/05/22 10:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pidgin
[2012/05/15 18:52:24 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSCOMCT2.OCX
[2012/05/15 18:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Timer
[2012/05/15 18:52:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cool Timer
[2012/05/15 18:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/05/15 18:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012/05/15 18:52:11 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Local\searchcom_001
[2012/05/15 18:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
[2012/05/15 18:28:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2012/05/15 17:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/05/15 17:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/05/15 17:48:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/05/15 17:48:06 | 000,000,000 | ---D | C] -- C:\Users\Penny Grizzard\AppData\Local\Microsoft Help
[2012/05/15 17:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/05/15 17:47:52 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012/05/15 13:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/14 21:23:50 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2012/05/14 21:23:50 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2012/05/14 21:23:50 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2012/05/14 21:23:50 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieaksie.dll
[2012/05/14 21:23:50 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieakui.dll
[2012/05/14 21:23:50 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2012/05/14 21:23:50 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2012/05/14 21:23:50 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2012/05/14 21:23:50 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieakeng.dll
[2012/05/14 21:23:50 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2012/05/14 21:23:50 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2012/05/14 21:23:50 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2012/05/14 21:23:50 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\admparse.dll
[2012/05/14 21:23:50 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2012/05/14 21:23:50 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2012/05/14 21:23:50 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2012/05/14 21:23:50 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2012/05/14 21:23:50 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2012/05/14 21:23:50 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ie4uinit.exe
[2012/05/14 21:23:50 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2012/05/14 21:23:50 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2012/05/14 21:23:50 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2012/05/14 21:23:50 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2012/05/14 21:23:50 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2012/05/14 21:23:50 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2012/05/14 21:23:50 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2012/05/14 21:23:49 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2012/05/14 21:23:49 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/05/14 21:23:49 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012/05/14 21:23:49 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2012/05/14 21:23:49 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2012/05/14 21:23:49 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2012/05/14 21:23:49 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2012/05/14 21:23:49 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieaksie.dll
[2012/05/14 21:23:49 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2012/05/14 21:23:49 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2012/05/14 21:23:49 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2012/05/14 21:23:49 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieakui.dll
[2012/05/14 21:23:49 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2012/05/14 21:23:49 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieakeng.dll
[2012/05/14 21:23:49 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2012/05/14 21:23:49 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2012/05/14 21:23:49 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2012/05/14 21:23:49 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\admparse.dll
[2012/05/14 21:23:49 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2012/05/14 21:23:49 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2012/05/14 21:23:49 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2012/05/14 21:23:49 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2012/05/14 21:23:49 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2012/05/14 21:23:49 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2012/05/14 21:23:49 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2012/05/14 21:23:49 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2012/05/14 21:23:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2012/05/14 21:23:49 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2012/05/14 21:23:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2012/05/14 21:23:49 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2012/05/14 21:23:49 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2012/05/14 21:23:49 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2012/05/14 21:23:49 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe

========== Files - Modified Within 30 Days ==========

[2012/06/13 19:46:46 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 19:46:46 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 19:38:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/13 19:38:06 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/13 19:36:55 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2012/06/13 19:35:22 | 000,729,688 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/06/13 19:35:22 | 000,626,278 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/06/13 19:35:22 | 000,107,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/06/13 18:57:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/06/13 15:59:26 | 000,417,488 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/06/13 14:15:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Penny Grizzard\Desktop\OTL.exe
[2012/06/13 14:01:22 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Penny Grizzard\Desktop\aswMBR.exe
[2012/06/11 17:58:13 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2012/06/10 18:39:08 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/06/10 18:38:50 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/06/10 17:42:47 | 000,000,286 | ---- | M] () -- C:\windows\reimage.ini
[2012/06/02 17:36:25 | 000,000,064 | ---- | M] () -- C:\windows\SysWow64\rp_stats.dat
[2012/06/02 17:36:25 | 000,000,044 | ---- | M] () -- C:\windows\SysWow64\rp_rules.dat
[2012/05/30 18:28:39 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2012/05/30 18:28:39 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2012/05/27 20:17:19 | 000,000,017 | ---- | M] () -- C:\Users\Penny Grizzard\AppData\Local\resmon.resmoncfg
[2012/05/17 21:06:48 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/05/17 20:58:39 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/05/17 20:58:15 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/05/17 20:55:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/05/17 20:55:06 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/05/17 20:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/05/17 20:47:42 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/05/17 17:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/05/17 17:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/05/17 17:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/05/17 17:29:30 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/05/17 17:25:17 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/05/17 17:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/05/15 18:28:42 | 000,000,376 | ---- | M] () -- C:\windows\ODBC.INI
[2012/05/15 18:28:13 | 000,001,970 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/05/14 21:29:36 | 000,001,408 | ---- | M] () -- C:\Users\Penny Grizzard\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/14 21:23:50 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2012/05/14 21:23:50 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2012/05/14 21:23:50 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2012/05/14 21:23:50 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieaksie.dll
[2012/05/14 21:23:50 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieakui.dll
[2012/05/14 21:23:50 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2012/05/14 21:23:50 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2012/05/14 21:23:50 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2012/05/14 21:23:50 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieakeng.dll
[2012/05/14 21:23:50 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2012/05/14 21:23:50 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2012/05/14 21:23:50 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2012/05/14 21:23:50 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\admparse.dll
[2012/05/14 21:23:50 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2012/05/14 21:23:50 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2012/05/14 21:23:50 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2012/05/14 21:23:50 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2012/05/14 21:23:50 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2012/05/14 21:23:50 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ie4uinit.exe
[2012/05/14 21:23:50 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2012/05/14 21:23:50 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2012/05/14 21:23:50 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2012/05/14 21:23:50 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2012/05/14 21:23:50 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2012/05/14 21:23:50 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2012/05/14 21:23:50 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2012/05/14 21:23:50 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2012/05/14 21:23:49 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2012/05/14 21:23:49 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/05/14 21:23:49 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012/05/14 21:23:49 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2012/05/14 21:23:49 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2012/05/14 21:23:49 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2012/05/14 21:23:49 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2012/05/14 21:23:49 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieaksie.dll
[2012/05/14 21:23:49 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2012/05/14 21:23:49 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2012/05/14 21:23:49 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2012/05/14 21:23:49 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieakui.dll
[2012/05/14 21:23:49 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2012/05/14 21:23:49 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieakeng.dll
[2012/05/14 21:23:49 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2012/05/14 21:23:49 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2012/05/14 21:23:49 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2012/05/14 21:23:49 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\admparse.dll
[2012/05/14 21:23:49 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2012/05/14 21:23:49 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2012/05/14 21:23:49 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2012/05/14 21:23:49 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2012/05/14 21:23:49 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2012/05/14 21:23:49 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2012/05/14 21:23:49 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2012/05/14 21:23:49 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2012/05/14 21:23:49 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2012/05/14 21:23:49 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2012/05/14 21:23:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2012/05/14 21:23:49 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2012/05/14 21:23:49 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2012/05/14 21:23:49 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2012/05/14 21:23:49 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2012/05/14 21:23:49 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe

========== Files Created - No Company Name ==========

[2012/06/11 16:20:28 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/06/11 16:20:28 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/06/11 16:20:28 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/06/11 16:20:28 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/06/11 16:20:28 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/06/10 18:39:08 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2012/06/10 18:39:00 | 000,001,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/10 17:42:32 | 000,000,286 | ---- | C] () -- C:\windows\reimage.ini
[2012/05/27 20:17:19 | 000,000,017 | ---- | C] () -- C:\Users\Penny Grizzard\AppData\Local\resmon.resmoncfg
[2012/05/23 13:49:15 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/05/22 10:46:36 | 000,000,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
[2012/05/15 18:28:42 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2012/05/15 18:28:13 | 000,002,657 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
[2012/05/15 18:28:13 | 000,002,655 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2012/05/15 18:28:13 | 000,002,591 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Publisher.lnk
[2012/05/15 18:28:13 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/05/14 21:29:36 | 000,001,420 | ---- | C] () -- C:\Users\Penny Grizzard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/05/14 21:23:50 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2012/05/14 21:23:49 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2012/05/14 12:49:27 | 000,000,064 | ---- | C] () -- C:\windows\SysWow64\rp_stats.dat
[2012/05/14 12:49:27 | 000,000,044 | ---- | C] () -- C:\windows\SysWow64\rp_rules.dat
[2012/05/11 14:28:26 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

< End of report >


I got a bit confused when it asked me to save settings, I opted to agree. Got this far fairly easy, quickly. My library download of Malwarebytes was a failed attempt, I will see how all goes when I try it again.

TY Penny

[penelopepony]

As far as Malawarebytes goes, it still won't run. I ran SuperAntiSpyware, it runs, WARNED me to REBOOT ASAP, & this is the 1st place I've went since OTL. Dern, something still not right. Should I just "START + 0" and reformat?

After I attempted all the re-ads & trying to DELETE, in my start up menu, this appeared: THREATWORK

"C:\Program Files (x86)\Lavasoft\Ad-Aware\threatwork.exe"

TY

Penny

Edited by penelopepony, 13 June 2012 - 07:59 PM.

[Essexboy]

Hi you still have Norton on the system so we will remove that first

Download and run the Norton removal tool

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[penelopepony]

Came home, SLOOOOWWW.... After about a 15-20 min. wait just to get to reply, I admitted defeat... Hit the "0" back to beginning, but before I add a camera, office, any pictures, etc... I'm going to double check that all is off to the right start.

I did the NORTON uninstall at the link provided, but OTL showed it. Again, admitted defeat, called Norton, it apears that according to NORTON guy that for systems that like mine, that came with it pre-installed, that you have to contact Norton, then they request permission, & then take over your pc to themselves remove Norton.

I'm still reading NORTON. On the UP's side, Malwarebytes works again.

Here is log.

TY 4 your patience


ComboFix 12-06-13.04 - grizzard 06/15/2012 3:02.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2952 [GMT -5:00]
Running from: c:\users\grizzard\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 08:05 . 2012-06-15 08:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-15 08:05 . 2012-06-15 08:05 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-15 06:27 . 2012-06-15 06:27 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-15 06:16 . 2012-06-15 06:16 -------- d-----w- c:\programdata\Malwarebytes
2012-06-15 06:16 . 2012-06-15 06:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-15 06:16 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-15 06:12 . 2012-06-15 06:12 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{221FCDAE-4CD4-4C56-9603-626590A34D86}\gapaengine.dll
2012-06-15 06:12 . 2012-01-31 12:44 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-06-15 06:08 . 2012-06-15 06:08 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-15 06:08 . 2012-06-15 06:08 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-15 06:07 . 2010-04-09 11:06 1898376 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-15 06:07 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-06-15 04:46 . 2012-06-15 04:46 -------- d-----w- c:\programdata\Blio
2012-06-15 04:46 . 2012-06-15 07:47 -------- d-----w- c:\programdata\Norton
2012-06-15 04:46 . 2012-06-15 04:46 -------- d-----w- c:\program files (x86)\Norton PC Checkup
2012-06-15 04:46 . 2012-06-15 04:46 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckupx64
2012-06-15 04:46 . 2012-06-15 03:56 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-06-15 04:46 . 2012-06-15 04:46 -------- d-----w- c:\program files (x86)\Toshiba Online Backup
2012-06-15 04:45 . 2012-06-15 03:18 -------- d-----w- c:\program files (x86)\TOSHIBA Corporation
2012-06-15 04:42 . 2012-06-15 03:24 -------- d-----w- c:\program files (x86)\TOSHIBA Games
2012-06-15 04:42 . 2012-06-15 03:24 -------- d-----w- c:\programdata\WildTangent
2012-06-15 04:41 . 2012-06-15 04:41 -------- d-----w- c:\program files (x86)\Common Files\Ulead Systems
2012-06-15 04:41 . 2012-06-15 04:41 -------- d-----w- c:\program files (x86)\Corel
2012-06-15 04:38 . 2009-06-23 00:06 35008 ----a-w- c:\windows\system32\drivers\PGEffect.sys
2012-06-15 04:34 . 1999-10-13 01:47 24576 ----a-w- c:\windows\SysWow64\TSCI.dll
2012-06-15 04:34 . 1999-10-13 01:45 24576 ----a-w- c:\windows\SysWow64\THCI.dll
2012-06-15 04:33 . 2010-02-12 22:49 877088 ----a-w- c:\windows\system32\drivers\rtl8192Ce.sys
2012-06-15 04:33 . 2012-06-15 04:33 -------- d-----w- c:\program files (x86)\Realtek WLAN Driver
2012-06-15 04:33 . 2012-06-15 04:33 -------- d-----w- c:\program files (x86)\Cisco
2012-06-15 04:32 . 2012-06-15 04:32 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2012-06-15 04:31 . 2012-06-15 04:31 -------- d-----w- c:\program files\Synaptics
2012-06-15 04:31 . 2010-02-09 02:19 8038944 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2012-06-15 04:31 . 2012-06-15 04:31 -------- d-----w- c:\program files (x86)\Realtek
2012-06-15 04:31 . 2010-02-09 04:57 239136 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2012-06-15 04:31 . 2010-02-09 02:19 8038944 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll
2012-06-15 04:31 . 2010-02-09 02:19 422432 ----a-w- c:\windows\system32\RtsUStor.dll
2012-06-15 04:29 . 2012-06-15 04:29 -------- d-----w- c:\program files\CONEXANT
2012-06-15 04:27 . 2010-03-24 20:55 540696 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-06-15 04:24 . 2012-06-15 04:24 -------- d-----w- C:\Intel
2012-06-15 04:23 . 2012-06-15 04:23 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2012-06-15 03:38 . 2012-06-15 03:38 -------- d-----w- c:\programdata\Panda Security
2012-06-15 03:38 . 2012-06-15 03:38 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2012-06-15 03:12 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-06-15 03:12 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-06-15 03:12 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-15 03:12 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-06-15 03:10 . 2012-06-15 03:10 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2012-06-15 03:09 . 2012-06-15 03:11 -------- d-----w- c:\users\grizzard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 01:44 . 2012-03-21 01:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 01:44 . 2012-03-21 01:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-15_07.11.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-06-15 08:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-15 07:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-15 08:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-15 07:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-15 07:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-15 08:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-02 01:45 . 2012-06-15 08:01 34204 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-15 08:01 32278 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-06-15 06:07 . 2012-06-15 08:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-15 06:07 . 2012-06-15 06:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-15 06:07 . 2012-06-15 06:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-15 06:07 . 2012-06-15 08:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-15 03:11 . 2012-06-15 08:01 3500 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2675067982-3295729358-1155118055-1000_UserData.bin
- 2012-06-15 07:11 . 2012-06-15 07:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-15 08:06 . 2012-06-15 08:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-06-15 06:53 617460 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-15 08:04 617460 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-15 06:53 104702 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-15 08:04 104702 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-06-15 06:41 234392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-15 07:32 234392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-06-15 06:41 . 2012-06-15 06:41 234392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2675067982-3295729358-1155118055-1000-8192.dat
+ 2012-06-15 06:41 . 2012-06-15 07:32 234392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2675067982-3295729358-1155118055-1000-8192.dat
- 2009-07-14 02:34 . 2012-06-15 07:01 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-06-15 07:50 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-06-03 3218792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-02 136176]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 fbdpinger;fbdpinger;c:\program files (x86)\TOSHIBA\ToshibaFB\fdbpinger.exe [2009-11-16 322416]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-01-29 103792]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-02 02:08]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-02 02:08]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675067982-3295729358-1155118055-1000Core.job
- c:\users\grizzard\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-15 06:22]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675067982-3295729358-1155118055-1000UA.job
- c:\users\grizzard\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-15 06:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-26 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-26 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-26 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.hotmail.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 24.116.2.50 24.116.2.34 192.168.1.1
FF - ProfilePath - c:\users\grizzard\AppData\Roaming\Mozilla\Firefox\Profiles\kqd3l37a.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Panda USB Vaccine\USBVaccine.exe
.
**************************************************************************
.
Completion time: 2012-06-15 03:09:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-15 08:09
ComboFix2.txt 2012-06-15 07:13
.
Pre-Run: 215,285,465,088 bytes free
Post-Run: 214,844,719,104 bytes free
.
- - End Of File - - 66D5AE6D8240450A596D33BD553DAC16

Edited by penelopepony, 15 June 2012 - 02:42 AM.

[Essexboy]

If you could run me a fresh OTL scan selecting all users I will remove Norton for you

I will also look at the drivers and loading points for any slow downs, I do not believe the problem to be malware related

[penelopepony]

This is my FRESH one, but I'll do another, because since, I've had to add Adobe Flash so hubby could feed his YouTube & FB addiction

TY once again for your patience.

[Essexboy]

Could you attach or post it please

[penelopepony]

Hi, thank you again...

I fear once again, somethings wrong, I type, and it's late on showing.



c:\windows\system32\GfxUI.exe
Cannot create shell notificateion icon

TY


ComboFix 12-06-13.04 - grizzard 06/15/2012 13:43:34.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2558 [GMT -5:00]
Running from: c:\users\grizzard\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 18:46 . 2012-06-15 18:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-15 18:46 . 2012-06-15 18:46 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-15 15:36 . 2012-06-15 15:36 -------- d-----w- c:\windows\SysWow64\Wat
2012-06-15 15:36 . 2012-06-15 15:36 -------- d-----w- c:\windows\system32\Wat
2012-06-15 14:43 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-06-15 14:43 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-06-15 14:43 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-06-15 14:43 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-06-15 14:43 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-06-15 14:43 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-06-15 14:43 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-06-15 14:43 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-06-15 14:43 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-06-15 14:43 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-06-15 14:34 . 2012-06-15 14:34 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-06-15 14:24 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-15 14:24 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-15 14:24 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-15 14:24 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-15 14:24 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-15 14:24 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-15 14:24 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-15 10:33 . 2012-06-15 10:42 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-15 10:33 . 2012-06-15 10:42 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-15 10:32 . 2012-06-15 10:32 -------- d-----w- c:\windows\system32\Macromed
2012-06-15 10:23 . 2012-06-15 10:38 -------- d-----w- c:\program files (x86)\Easy Media Player
2012-06-15 08:26 . 2010-11-02 05:18 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2012-06-15 08:25 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-15 08:24 . 2011-07-16 05:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-06-15 08:19 . 2012-05-08 15:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7378569A-CEB2-4EFF-ADB5-055BCC6E5B13}\mpengine.dll
2012-06-15 06:27 . 2012-06-15 06:27 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-15 06:16 . 2012-06-15 06:16 -------- d-----w- c:\programdata\Malwarebytes
2012-06-15 06:16 . 2012-06-15 06:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-15 06:16 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-15 06:12 . 2012-06-15 06:12 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{221FCDAE-4CD4-4C56-9603-626590A34D86}\gapaengine.dll
2012-06-15 06:12 . 2012-01-31 12:44 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-06-15 06:08 . 2012-06-15 06:08 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-15 06:08 . 2012-06-15 06:08 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-15 06:07 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-06-15 04:46 . 2012-06-15 04:46 -------- d-----w- c:\programdata\Blio
2012-06-15 04:46 . 2012-06-15 07:47 -------- d-----w- c:\programdata\Norton
2012-06-15 04:46 . 2012-06-15 04:46 -------- d-----w- c:\program files (x86)\Norton PC Checkup
2012-06-15 04:46 . 2012-06-15 04:46 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckupx64
2012-06-15 04:46 . 2012-06-15 03:56 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-06-15 04:46 . 2012-06-15 04:46 -------- d-----w- c:\program files (x86)\Toshiba Online Backup
2012-06-15 04:45 . 2012-06-15 03:18 -------- d-----w- c:\program files (x86)\TOSHIBA Corporation
2012-06-15 04:42 . 2012-06-15 03:24 -------- d-----w- c:\program files (x86)\TOSHIBA Games
2012-06-15 04:42 . 2012-06-15 03:24 -------- d-----w- c:\programdata\WildTangent
2012-06-15 04:41 . 2012-06-15 04:41 -------- d-----w- c:\program files (x86)\Common Files\Ulead Systems
2012-06-15 04:41 . 2012-06-15 04:41 -------- d-----w- c:\program files (x86)\Corel
2012-06-15 04:38 . 2009-06-23 00:06 35008 ----a-w- c:\windows\system32\drivers\PGEffect.sys
2012-06-15 04:34 . 1999-10-13 01:47 24576 ----a-w- c:\windows\SysWow64\TSCI.dll
2012-06-15 04:34 . 1999-10-13 01:45 24576 ----a-w- c:\windows\SysWow64\THCI.dll
2012-06-15 04:33 . 2010-02-12 22:49 877088 ----a-w- c:\windows\system32\drivers\rtl8192Ce.sys
2012-06-15 04:33 . 2012-06-15 04:33 -------- d-----w- c:\program files (x86)\Realtek WLAN Driver
2012-06-15 04:33 . 2012-06-15 04:33 -------- d-----w- c:\program files (x86)\Cisco
2012-06-15 04:32 . 2012-06-15 04:32 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2012-06-15 04:31 . 2012-06-15 04:31 -------- d-----w- c:\program files\Synaptics
2012-06-15 04:31 . 2010-02-09 02:19 8038944 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2012-06-15 04:31 . 2012-06-15 04:31 -------- d-----w- c:\program files (x86)\Realtek
2012-06-15 04:31 . 2010-02-09 04:57 239136 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2012-06-15 04:31 . 2010-02-09 02:19 8038944 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll
2012-06-15 04:31 . 2010-02-09 02:19 422432 ----a-w- c:\windows\system32\RtsUStor.dll
2012-06-15 04:29 . 2012-06-15 04:29 -------- d-----w- c:\program files\CONEXANT
2012-06-15 04:27 . 2010-03-24 20:55 540696 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-06-15 04:24 . 2012-06-15 04:24 -------- d-----w- C:\Intel
2012-06-15 04:23 . 2012-06-15 04:23 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2012-06-15 03:38 . 2012-06-15 03:38 -------- d-----w- c:\programdata\Panda Security
2012-06-15 03:38 . 2012-06-15 03:38 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2012-06-15 03:12 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-06-15 03:12 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-06-15 03:12 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-06-15 03:10 . 2012-06-15 03:10 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2012-06-15 03:09 . 2012-06-15 03:11 -------- d-----w- c:\users\grizzard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 01:44 . 2012-03-21 01:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 01:44 . 2012-03-21 01:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-15_07.11.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-08-02 01:54 . 2009-12-11 07:36 96768 c:\windows\SysWOW64\sspicli.dll
+ 2012-06-15 08:26 . 2011-11-17 05:35 96768 c:\windows\SysWOW64\sspicli.dll
- 2010-08-02 01:50 . 2009-12-22 08:23 25600 c:\windows\SysWOW64\setup16.exe
+ 2012-06-15 08:25 . 2011-07-16 04:31 25600 c:\windows\SysWOW64\setup16.exe
+ 2012-06-15 14:42 . 2012-06-15 14:42 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2012-06-15 08:26 . 2011-11-17 05:39 22016 c:\windows\SysWOW64\secur32.dll
- 2010-08-02 01:54 . 2009-12-11 07:39 22016 c:\windows\SysWOW64\secur32.dll
- 2009-07-13 23:54 . 2009-07-14 01:16 37376 c:\windows\SysWOW64\rtutils.dll
+ 2012-06-15 08:26 . 2010-06-19 06:23 37376 c:\windows\SysWOW64\rtutils.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2012-06-15 14:42 . 2012-06-15 14:42 54272 c:\windows\SysWOW64\pngfilt.dll
+ 2012-06-15 08:24 . 2011-11-19 14:06 67072 c:\windows\SysWOW64\packager.dll
+ 2012-06-15 08:27 . 2011-06-15 09:04 86016 c:\windows\SysWOW64\odbccu32.dll
- 2009-07-14 00:12 . 2009-07-14 01:16 86016 c:\windows\SysWOW64\odbccu32.dll
+ 2012-06-15 08:27 . 2011-06-15 09:04 81920 c:\windows\SysWOW64\odbccr32.dll
+ 2012-06-15 08:25 . 2011-07-16 04:36 14336 c:\windows\SysWOW64\ntvdm64.dll
- 2010-08-02 01:50 . 2009-12-22 08:24 14336 c:\windows\SysWOW64\ntvdm64.dll
+ 2012-06-15 14:43 . 2009-11-25 17:47 11600 c:\windows\SysWOW64\MUI\0409\mscorees.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 48640 c:\windows\SysWOW64\mshtmler.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 73216 c:\windows\SysWOW64\mshtmled.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 11776 c:\windows\SysWOW64\mshta.exe
+ 2012-06-15 14:42 . 2012-06-15 14:42 10752 c:\windows\SysWOW64\msfeedssync.exe
+ 2012-06-15 14:42 . 2012-06-15 14:42 41472 c:\windows\SysWOW64\msfeedsbs.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 23552 c:\windows\SysWOW64\licmgr10.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 78848 c:\windows\SysWOW64\inseng.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 35840 c:\windows\SysWOW64\imgutil.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 86528 c:\windows\SysWOW64\iesysprep.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 74752 c:\windows\SysWOW64\iesetup.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 31744 c:\windows\SysWOW64\iernonce.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 74240 c:\windows\SysWOW64\ie4uinit.exe
+ 2012-06-15 08:25 . 2010-07-29 06:30 82944 c:\windows\SysWOW64\iccvid.dll
- 2009-07-14 00:03 . 2009-07-14 01:15 82944 c:\windows\SysWOW64\iccvid.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 66048 c:\windows\SysWOW64\icardie.dll
- 2009-07-13 23:38 . 2009-07-14 01:14 28672 c:\windows\SysWOW64\dnscacheugc.exe
+ 2012-06-15 08:25 . 2011-03-03 05:27 28672 c:\windows\SysWOW64\dnscacheugc.exe
+ 2012-06-15 08:24 . 2011-05-24 10:34 44544 c:\windows\SysWOW64\devrtl.dll
- 2009-07-13 23:16 . 2009-07-14 01:15 44544 c:\windows\SysWOW64\devrtl.dll
- 2009-07-13 23:16 . 2009-07-14 01:15 64512 c:\windows\SysWOW64\devobj.dll
+ 2012-06-15 08:24 . 2011-05-24 10:34 64512 c:\windows\SysWOW64\devobj.dll
+ 2009-07-14 04:54 . 2012-06-15 18:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-15 07:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-15 07:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-15 18:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-15 18:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-15 07:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-15 08:25 . 2011-02-19 05:32 34304 c:\windows\SysWOW64\atmlib.dll
- 2010-08-02 01:52 . 2010-05-27 07:24 34304 c:\windows\SysWOW64\atmlib.dll
+ 2012-06-15 08:25 . 2011-07-16 05:26 13312 c:\windows\system32\wow64cpu.dll
- 2009-07-13 23:26 . 2009-07-14 01:41 13312 c:\windows\system32\wow64cpu.dll
+ 2012-06-15 11:49 . 2012-06-15 14:22 81478 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-08-02 01:45 . 2012-06-15 18:36 35280 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-15 18:36 32608 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-06-15 08:26 . 2011-11-17 07:11 28672 c:\windows\system32\sspisrv.dll
- 2009-07-13 23:20 . 2009-07-14 01:41 28672 c:\windows\system32\sspisrv.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 91648 c:\windows\system32\SetIEInstalledDate.exe
+ 2012-06-15 08:26 . 2011-11-17 07:11 28160 c:\windows\system32\secur32.dll
- 2009-07-13 23:50 . 2009-07-14 01:41 28160 c:\windows\system32\secur32.dll
+ 2012-06-15 08:26 . 2010-06-19 06:53 52224 c:\windows\system32\rtutils.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 89088 c:\windows\system32\RegisterIEPKEYs.exe
+ 2012-06-15 14:42 . 2012-06-15 14:42 65024 c:\windows\system32\pngfilt.dll
+ 2012-06-15 08:24 . 2011-11-19 15:07 77312 c:\windows\system32\packager.dll
- 2009-07-13 23:26 . 2009-07-14 01:41 16384 c:\windows\system32\ntvdm64.dll
+ 2012-06-15 08:25 . 2011-07-16 05:24 16384 c:\windows\system32\ntvdm64.dll
- 2009-07-13 20:37 . 2009-06-10 20:40 11600 c:\windows\system32\MUI\0409\mscorees.dll
+ 2012-06-15 14:43 . 2009-11-25 17:47 11600 c:\windows\system32\MUI\0409\mscorees.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 48640 c:\windows\system32\mshtmler.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 96768 c:\windows\system32\mshtmled.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 12288 c:\windows\system32\mshta.exe
+ 2012-06-15 14:42 . 2012-06-15 14:42 10752 c:\windows\system32\msfeedssync.exe
+ 2012-06-15 14:42 . 2012-06-15 14:42 55296 c:\windows\system32\msfeedsbs.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-06-15 08:26 . 2011-11-17 07:05 31232 c:\windows\system32\lsass.exe
- 2009-07-13 23:20 . 2009-07-14 01:39 31232 c:\windows\system32\lsass.exe
+ 2012-06-15 14:42 . 2012-06-15 14:42 30720 c:\windows\system32\licmgr10.dll
+ 2012-06-15 08:25 . 2011-02-05 12:41 20352 c:\windows\system32\kdusb.dll
+ 2012-06-15 08:25 . 2011-02-05 12:41 17792 c:\windows\system32\kdcom.dll
+ 2012-06-15 08:25 . 2011-02-05 12:41 19328 c:\windows\system32\kd1394.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 85504 c:\windows\system32\jsproxy.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 49664 c:\windows\system32\imgutil.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 85504 c:\windows\system32\iesetup.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 39936 c:\windows\system32\iernonce.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 89088 c:\windows\system32\ie4uinit.exe
+ 2012-06-15 14:42 . 2012-06-15 14:42 82432 c:\windows\system32\icardie.dll
+ 2012-06-15 08:25 . 2012-03-17 07:55 75632 c:\windows\system32\drivers\partmgr.sys
+ 2012-06-15 08:26 . 2011-11-17 07:17 95088 c:\windows\system32\drivers\ksecdd.sys
- 2009-07-13 23:23 . 2009-07-13 23:23 90624 c:\windows\system32\drivers\bowser.sys
+ 2012-06-15 08:24 . 2011-02-23 05:15 90624 c:\windows\system32\drivers\bowser.sys
- 2009-07-13 23:54 . 2009-07-14 01:39 30208 c:\windows\system32\dnscacheugc.exe
+ 2012-06-15 08:25 . 2011-03-03 06:14 30208 c:\windows\system32\dnscacheugc.exe
- 2009-07-13 23:19 . 2009-07-14 01:40 43520 c:\windows\system32\csrsrv.dll
+ 2012-06-15 08:26 . 2011-10-26 05:19 43520 c:\windows\system32\csrsrv.dll
+ 2012-06-15 05:06 . 2012-06-15 18:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-15 05:06 . 2012-06-15 07:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-15 07:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-15 18:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-15 08:25 . 2011-02-19 06:36 46080 c:\windows\system32\atmlib.dll
- 2010-08-02 01:52 . 2010-05-27 06:34 46080 c:\windows\system32\atmlib.dll
- 2010-08-02 01:50 . 2010-02-02 08:39 49664 c:\windows\servicing\GC64\tzupd.exe
+ 2012-06-15 08:24 . 2011-07-09 05:16 49664 c:\windows\servicing\GC64\tzupd.exe
+ 2009-07-14 04:46 . 2012-06-15 18:38 78512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-15 06:07 . 2012-06-15 14:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-15 06:07 . 2012-06-15 06:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-06-15 06:07 . 2012-06-15 14:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-06-15 06:07 . 2012-06-15 06:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-15 08:25 . 2011-12-26 19:08 43280 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
+ 2012-06-15 08:25 . 2011-12-26 19:13 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2012-06-15 09:13 . 2012-06-15 09:13 25600 c:\windows\Installer\3d987e.msi
+ 2012-06-15 14:23 . 2012-06-15 14:23 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-06-15 15:51 . 2012-06-15 15:51 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\ecc5750e8d62675bf59eb202eeeeacbe\PresentationFontCache.ni.exe
+ 2012-06-15 15:42 . 2012-06-15 15:42 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\cc29df25d166ceed89d259b00e2bba9e\PresentationCFFRasterizer.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\dd71ed714dc374e3d85824c17795e706\Microsoft.WSMan.Runtime.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\b8dac004fdabbb2dc12830dcd22fed29\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 70144 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\6b86a80d8cb8fb51252e0cd8fe697f9f\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\64c811070a4d05e238e27d2a6e9bed25\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\4eaff8355f942bb1a95300aeb2882602\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\3453bb2216048726659887ecaf5cce4a\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\12abdc966e63bcb3077c71c6483762c3\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-06-15 15:40 . 2012-06-15 15:40 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\e0e2b0cdfa700bc21e09ddac3a9b46cc\Microsoft.VisualC.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\c341c5df5ab35bb87765f39688c1e7ec\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\2f32c060184fa015fdcb1d04b641e86e\LoadMxf.ni.exe
+ 2012-06-15 15:46 . 2012-06-15 15:46 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\4ba55ae7274a85c8ae32a36aa8bcbfc5\ehiUPnP.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\f9bd420501d5877ff7dd7fe308663935\ehiTVMSMusic.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\c1ba413fc8eb57b417a2de4cf678e4f6\dfsvc.ni.exe
+ 2012-06-15 15:42 . 2012-06-15 15:42 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\0bc383bf9841cca7654fe938399b3a07\Accessibility.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\86b25cd3802c2b6b36ed86d5c0500505\WindowsLiveWriter.ni.exe
+ 2012-06-15 15:46 . 2012-06-15 15:46 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\febee1108905a882d857ac65c80d41f3\WindowsLive.Writer.Api.ni.dll
+ 2012-06-15 15:44 . 2012-06-15 15:44 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\68b5806af0df6ce86027bacb7dc37233\UIAutomationProvider.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\b0b664ed5c18ac51259abb7902671370\System.Windows.Presentation.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\f5c5517bf252bf6c4d8de833d2111309\System.Web.DynamicData.Design.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\bdf3aabfa0a15d557aec32505a5eaaee\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\99bb6d93ce5daed24761530fa32ed5f4\System.AddIn.Contract.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\b0cdc419b6f2b0ddf0cda5f157e67516\PresentationFontCache.ni.exe
+ 2012-06-15 15:44 . 2012-06-15 15:44 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\8ac4be1ad8f1aae0c23366c9ce0724e0\PresentationCFFRasterizer.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\1af767233028c3165de880775391c53f\napcrypt.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\b9935982ad038d7a02f7931a8ee2977b\Microsoft.WSMan.Runtime.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\ea54c98d0fa82cdb0bf5ec9b50463d75\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\ddf3add57c84af5d63b3a2398ed5e1a4\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\bd26bb6b78c6c02df886f26342b5e76a\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\6a491bf821cc13223f288eb72176ffc7\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 86016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\6a1cb87d9cb795b53eab2c57e2d7db48\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\62e634be25913db13e84a26296cee020\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\5c234eea7e7d54a466ad00d9ac238e6a\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\dc44431123bc3e6b39dbea49ac1f1963\Microsoft.Vsa.ni.dll
+ 2012-06-15 15:44 . 2012-06-15 15:44 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\b69ac98f94e80b659eac618c6142ea9b\Microsoft.VisualC.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\6ddfa12f22ada63da088e98223858b69\Microsoft.Build.Framework.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\2f7754efa196f832b12b4133f0eae060\Microsoft.Build.Framework.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\094c7076aed91bda969c01f72d4bb63a\ehiUserXp.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\3c44431071abcaba099902fb72392688\dfsvc.ni.exe
+ 2012-06-15 15:44 . 2012-06-15 15:44 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\34f340b0c113f7216a55dd7c82a69cc2\Accessibility.ni.dll
- 2010-08-02 01:50 . 2009-12-22 08:23 44032 c:\windows\AppPatch\acwow64.dll
+ 2012-06-15 08:25 . 2011-07-16 04:32 44032 c:\windows\AppPatch\acwow64.dll
+ 2012-06-15 08:25 . 2011-07-16 04:30 5120 c:\windows\SysWOW64\wow32.dll
- 2010-08-02 01:50 . 2009-12-22 08:22 5120 c:\windows\SysWOW64\wow32.dll
+ 2012-06-15 08:24 . 2011-07-16 02:26 2048 c:\windows\SysWOW64\user.exe
- 2010-08-02 01:50 . 2009-12-22 04:28 2048 c:\windows\SysWOW64\user.exe
+ 2012-06-15 08:24 . 2011-11-05 04:30 2048 c:\windows\SysWOW64\tzres.dll
- 2010-08-02 01:55 . 2010-04-23 07:13 2048 c:\windows\SysWOW64\tzres.dll
- 2009-07-13 23:37 . 2009-07-14 01:16 9728 c:\windows\SysWOW64\sscore.dll
+ 2012-06-15 08:24 . 2010-08-27 05:46 9728 c:\windows\SysWOW64\sscore.dll
- 2010-08-02 01:50 . 2009-12-22 04:28 7680 c:\windows\SysWOW64\instnm.exe
+ 2012-06-15 08:25 . 2011-07-16 02:26 7680 c:\windows\SysWOW64\instnm.exe
- 2009-07-13 23:10 . 2009-07-13 23:10 6144 c:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 02:21 6144 c:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 3584 c:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 02:21 3584 c:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 02:21 3072 c:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 3072 c:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 02:21 4608 c:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 4608 c:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
+ 2012-06-15 08:25 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
+ 2012-06-15 08:25 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
+ 2012-06-15 08:25 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
+ 2012-06-15 08:25 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 04:19 4608 c:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4608 c:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 04:19 4096 c:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
+ 2012-06-15 08:25 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
+ 2012-06-15 08:25 . 2011-07-16 04:19 3584 c:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
+ 2012-06-15 08:25 . 2011-07-16 04:19 5120 c:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 5120 c:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 04:19 3072 c:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
+ 2012-06-15 03:11 . 2012-06-15 18:36 4074 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2675067982-3295729358-1155118055-1000_UserData.bin
+ 2012-06-15 08:24 . 2011-11-05 05:17 2048 c:\windows\system32\tzres.dll
- 2010-08-02 01:55 . 2010-04-23 07:11 2048 c:\windows\system32\tzres.dll
+ 2012-06-15 08:25 . 2012-04-26 05:28 9216 c:\windows\system32\rdrmemptylst.exe
+ 2012-06-15 08:25 . 2011-07-16 05:04 6144 c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 6144 c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
+ 2012-06-15 08:25 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
+ 2012-06-15 08:25 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
+ 2012-06-15 08:25 . 2011-07-16 05:04 4608 c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4608 c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
+ 2012-06-15 08:25 . 2011-07-16 05:04 4096 c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
+ 2012-06-15 08:25 . 2011-07-16 05:04 4096 c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
+ 2012-06-15 08:25 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
+ 2012-06-15 08:25 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
+ 2012-06-15 08:25 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 05:04 4096 c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 05:04 4096 c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
+ 2012-06-15 08:25 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 05:04 3584 c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
+ 2012-06-15 08:25 . 2011-07-16 05:04 5120 c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 5120 c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
+ 2012-06-15 08:24 . 2011-07-16 05:04 3072 c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
- 2012-06-15 07:11 . 2012-06-15 07:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-15 18:47 . 2012-06-15 18:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-15 18:47 . 2012-06-15 18:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-15 07:11 . 2012-06-15 07:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-15 14:34 . 2012-06-15 14:34 135168 c:\windows\SysWOW64\XpsRasterService.dll
- 2009-07-14 00:15 . 2009-07-14 01:16 135168 c:\windows\SysWOW64\XpsRasterService.dll
+ 2012-06-15 14:34 . 2012-06-15 14:34 442880 c:\windows\SysWOW64\XpsPrint.dll
+ 2012-06-15 14:34 . 2012-06-15 14:34 283648 c:\windows\SysWOW64\XpsGdiConverter.dll
- 2009-07-14 00:04 . 2009-07-14 01:16 738816 c:\windows\SysWOW64\wmpmde.dll
+ 2012-06-15 08:25 . 2010-08-21 05:36 738816 c:\windows\SysWOW64\wmpmde.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 152064 c:\windows\SysWOW64\wextract.exe
+ 2012-06-15 08:26 . 2011-11-17 05:39 314368 c:\windows\SysWOW64\webio.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 203776 c:\windows\SysWOW64\webcheck.dll
+ 2012-06-15 15:36 . 2012-06-15 14:28 128424 c:\windows\SysWOW64\Wat\WatWeb.dll
+ 2012-06-15 15:36 . 2012-06-15 14:28 114600 c:\windows\SysWOW64\Wat\npWatWeb.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 420864 c:\windows\SysWOW64\vbscript.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 231936 c:\windows\SysWOW64\url.dll
- 2009-07-13 23:30 . 2009-07-14 01:16 496128 c:\windows\SysWOW64\taskschd.dll
+ 2012-06-15 08:26 . 2010-11-02 04:40 496128 c:\windows\SysWOW64\taskschd.dll
+ 2012-06-15 08:26 . 2010-11-02 04:34 192000 c:\windows\SysWOW64\taskeng.exe
+ 2012-06-15 08:26 . 2010-11-02 04:40 305152 c:\windows\SysWOW64\taskcomp.dll
+ 2012-06-15 08:27 . 2010-08-26 04:39 109056 c:\windows\SysWOW64\t2embed.dll
- 2009-07-14 00:12 . 2009-07-14 01:16 363520 c:\windows\SysWOW64\StructuredQuery.dll
+ 2012-06-15 08:26 . 2010-05-05 06:46 363520 c:\windows\SysWOW64\StructuredQuery.dll
+ 2012-06-15 08:26 . 2010-11-02 04:34 179712 c:\windows\SysWOW64\schtasks.exe
+ 2012-06-15 08:26 . 2011-11-17 05:39 224768 c:\windows\SysWOW64\schannel.dll
- 2009-07-14 00:06 . 2009-07-14 01:16 850432 c:\windows\SysWOW64\sbe.dll
+ 2012-06-15 08:27 . 2010-12-23 05:28 850432 c:\windows\SysWOW64\sbe.dll
+ 2012-06-15 08:27 . 2011-10-26 04:33 514560 c:\windows\SysWOW64\qdvd.dll
- 2010-08-02 01:46 . 2009-11-26 06:34 514560 c:\windows\SysWOW64\qdvd.dll
- 2010-08-02 01:49 . 2009-12-13 09:30 465408 c:\windows\SysWOW64\psisdecd.dll
+ 2012-06-15 08:25 . 2011-08-17 04:26 465408 c:\windows\SysWOW64\psisdecd.dll
+ 2012-06-15 08:27 . 2011-04-09 05:56 123904 c:\windows\SysWOW64\poqexec.exe
- 2009-07-13 23:22 . 2009-07-14 01:14 123904 c:\windows\SysWOW64\poqexec.exe
+ 2012-06-15 08:24 . 2011-08-27 04:43 571904 c:\windows\SysWOW64\oleaut32.dll
- 2009-07-13 23:44 . 2009-07-14 01:16 571904 c:\windows\SysWOW64\oleaut32.dll
- 2009-07-13 23:26 . 2009-07-14 01:16 233472 c:\windows\SysWOW64\oleacc.dll
+ 2012-06-15 08:24 . 2011-08-27 04:43 233472 c:\windows\SysWOW64\oleacc.dll
+ 2012-06-15 08:27 . 2011-06-15 09:04 163840 c:\windows\SysWOW64\odbctrac.dll
- 2009-07-14 00:11 . 2009-07-14 01:16 163840 c:\windows\SysWOW64\odbctrac.dll
+ 2012-06-15 08:27 . 2011-06-15 09:04 319488 c:\windows\SysWOW64\odbcjt32.dll
- 2009-07-14 00:12 . 2009-07-14 01:16 319488 c:\windows\SysWOW64\odbcjt32.dll
+ 2012-06-15 08:27 . 2011-06-15 09:04 122880 c:\windows\SysWOW64\odbccp32.dll
- 2009-07-14 00:12 . 2009-07-14 01:16 122880 c:\windows\SysWOW64\odbccp32.dll
+ 2012-06-15 08:24 . 2010-10-16 04:34 573440 c:\windows\SysWOW64\odbc32.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 123392 c:\windows\SysWOW64\occache.dll
+ 2012-06-15 08:24 . 2011-12-16 07:59 690688 c:\windows\SysWOW64\msvcrt.dll
- 2009-07-13 23:12 . 2009-07-14 01:15 690688 c:\windows\SysWOW64\msvcrt.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 162304 c:\windows\SysWOW64\msrating.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 161792 c:\windows\SysWOW64\msls31.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 580608 c:\windows\SysWOW64\msfeeds.dll
+ 2012-06-15 14:34 . 2012-06-15 14:34 196608 c:\windows\SysWOW64\mfreadwrite.dll
+ 2012-06-15 08:25 . 2010-08-31 04:32 954288 c:\windows\SysWOW64\mfc40u.dll
+ 2012-06-15 08:25 . 2010-08-31 04:32 954752 c:\windows\SysWOW64\mfc40.dll
+ 2012-06-15 10:33 . 2012-06-15 10:33 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
+ 2012-06-15 10:33 . 2012-06-15 10:33 465096 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.dll
+ 2012-06-15 10:42 . 2012-06-15 10:42 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-06-15 10:33 . 2012-06-15 10:42 257696 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-06-15 08:25 . 2011-07-16 04:30 272384 c:\windows\SysWOW64\KernelBase.dll
- 2009-07-13 23:35 . 2009-07-14 01:15 541184 c:\windows\SysWOW64\kerberos.dll
+ 2012-06-15 08:27 . 2010-12-18 05:29 541184 c:\windows\SysWOW64\kerberos.dll
- 2010-08-02 01:46 . 2009-12-02 08:17 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 716800 c:\windows\SysWOW64\jscript.dll
- 2010-08-02 01:50 . 2010-03-04 07:33 740864 c:\windows\SysWOW64\inetcomm.dll
+ 2012-06-15 08:24 . 2011-05-03 04:50 740864 c:\windows\SysWOW64\inetcomm.dll
+ 2012-06-15 08:26 . 2011-07-27 04:30 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL
- 2009-07-13 23:26 . 2009-07-14 01:15 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL
+ 2012-06-15 14:42 . 2012-06-15 14:42 150528 c:\windows\SysWOW64\iexpress.exe
+ 2012-06-15 14:42 . 2012-06-15 14:42 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-06-15 14:42 . 2012-06-15 14:42 176640 c:\windows\SysWOW64\ieui.dll
- 2009-07-13 23:26 . 2009-07-14 01:15 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 118784 c:\windows\SysWOW64\iepeers.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 353584 c:\windows\SysWOW64\iedkcs32.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 434176 c:\windows\SysWOW64\ieapfltr.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 163840 c:\windows\SysWOW64\ieakui.dll
- 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 227840 c:\windows\SysWOW64\ieaksie.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 130560 c:\windows\SysWOW64\ieakeng.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 110592 c:\windows\SysWOW64\IEAdvpack.dll
+ 2012-06-15 08:24 . 2011-10-15 05:48 534528 c:\windows\SysWOW64\EncDec.dll
- 2009-07-14 00:41 . 2009-07-14 01:16 534528 c:\windows\SysWOW64\EncDec.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 223232 c:\windows\SysWOW64\dxtrans.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 353792 c:\windows\SysWOW64\dxtmsft.dll
- 2009-07-13 23:16 . 2009-07-14 01:14 252928 c:\windows\SysWOW64\drvinst.exe
+ 2012-06-15 08:24 . 2011-05-24 10:32 252928 c:\windows\SysWOW64\drvinst.exe
- 2009-07-13 23:12 . 2009-07-14 01:15 269824 c:\windows\SysWOW64\dnsapi.dll
+ 2012-06-15 08:25 . 2011-03-03 05:29 269824 c:\windows\SysWOW64\dnsapi.dll
+ 2012-06-15 08:27 . 2012-03-03 05:40 218624 c:\windows\SysWOW64\d3d10_1core.dll
+ 2012-06-15 08:27 . 2012-03-03 05:40 161792 c:\windows\SysWOW64\d3d10_1.dll
- 2009-07-13 23:27 . 2009-07-14 01:15 161792 c:\windows\SysWOW64\d3d10_1.dll
+ 2012-06-15 08:27 . 2012-03-03 05:40 739840 c:\windows\SysWOW64\d2d1.dll
+ 2012-06-15 08:27 . 2010-12-23 05:28 642048 c:\windows\SysWOW64\CPFilters.dll
+ 2012-06-15 08:26 . 2010-08-21 05:33 530432 c:\windows\SysWOW64\comctl32.dll
- 2009-07-13 23:39 . 2009-07-14 01:15 530432 c:\windows\SysWOW64\comctl32.dll
+ 2012-06-15 08:24 . 2011-05-24 10:34 145920 c:\windows\SysWOW64\cfgmgr32.dll
- 2009-07-13 23:16 . 2009-07-14 01:15 145920 c:\windows\SysWOW64\cfgmgr32.dll
+ 2012-06-15 08:25 . 2011-02-19 03:37 294912 c:\windows\SysWOW64\atmfd.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 101888 c:\windows\SysWOW64\admparse.dll
+ 2012-06-15 14:34 . 2012-06-15 14:34 229888 c:\windows\system32\XpsRasterService.dll
- 2009-07-14 00:37 . 2009-07-14 01:41 229888 c:\windows\system32\XpsRasterService.dll
+ 2012-06-15 14:34 . 2012-06-15 14:34 662528 c:\windows\system32\XpsPrint.dll
+ 2012-06-15 14:34 . 2012-06-15 14:34 470016 c:\windows\system32\XpsGdiConverter.dll
+ 2012-06-15 08:25 . 2011-07-16 05:26 362496 c:\windows\system32\wow64win.dll
+ 2012-06-15 08:25 . 2011-07-16 05:26 243200 c:\windows\system32\wow64.dll
- 2010-08-02 01:50 . 2009-12-22 08:36 243200 c:\windows\system32\wow64.dll
+ 2012-06-15 08:25 . 2011-07-16 05:26 214528 c:\windows\system32\winsrv.dll
+ 2012-06-15 08:25 . 2011-02-05 12:39 518160 c:\windows\system32\winresume.exe
+ 2012-06-15 08:25 . 2011-02-05 12:39 603976 c:\windows\system32\winload.exe
+ 2012-06-15 14:42 . 2012-06-15 14:42 160256 c:\windows\system32\wextract.exe
+ 2012-06-15 08:26 . 2011-11-17 07:12 395776 c:\windows\system32\webio.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 249344 c:\windows\system32\webcheck.dll
+ 2012-06-15 15:36 . 2012-06-15 14:28 152888 c:\windows\system32\Wat\WatWeb.dll
+ 2012-06-15 15:36 . 2012-06-15 14:28 249656 c:\windows\system32\Wat\WatUX.exe
+ 2012-06-15 15:36 . 2012-06-15 14:28 138664 c:\windows\system32\Wat\npWatWeb.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 603648 c:\windows\system32\vbscript.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 237056 c:\windows\system32\url.dll
+ 2012-06-15 08:24 . 2011-05-24 11:21 404992 c:\windows\system32\umpnpmgr.dll
+ 2012-06-15 08:26 . 2010-11-02 05:10 464384 c:\windows\system32\taskeng.exe
+ 2012-06-15 08:26 . 2010-11-02 05:17 473600 c:\windows\system32\taskcomp.dll
- 2009-07-13 23:47 . 2009-07-14 01:41 473600 c:\windows\system32\taskcomp.dll
+ 2012-06-15 08:27 . 2010-08-26 05:27 148992 c:\windows\system32\t2embed.dll
- 2009-07-14 00:29 . 2009-07-14 01:41 483840 c:\windows\system32\StructuredQuery.dll
+ 2012-06-15 08:26 . 2010-05-05 07:37 483840 c:\windows\system32\StructuredQuery.dll
+ 2012-06-15 08:26 . 2011-11-17 07:11 136192 c:\windows\system32\sspicli.dll
- 2009-07-13 23:20 . 2009-07-14 01:41 136192 c:\windows\system32\sspicli.dll
+ 2012-06-15 08:24 . 2010-08-27 06:14 236032 c:\windows\system32\srvsvc.dll
+ 2012-06-15 08:25 . 2010-08-21 06:29 558592 c:\windows\system32\spoolsv.exe
+ 2012-06-15 08:26 . 2010-11-02 05:10 285696 c:\windows\system32\schtasks.exe
+ 2012-06-15 08:26 . 2011-11-17 07:10 340992 c:\windows\system32\schannel.dll
- 2009-07-14 00:17 . 2009-07-14 01:41 149504 c:\windows\system32\rdpcorekmts.dll
+ 2012-06-15 08:25 . 2012-04-26 05:34 149504 c:\windows\system32\rdpcorekmts.dll
- 2010-08-02 01:46 . 2009-11-27 01:57 366592 c:\windows\system32\qdvd.dll
+ 2012-06-15 08:27 . 2011-10-26 05:33 366592 c:\windows\system32\qdvd.dll
- 2010-08-02 01:49 . 2009-12-13 09:46 613888 c:\windows\system32\psisdecd.dll
+ 2012-06-15 08:25 . 2011-08-17 05:32 613888 c:\windows\system32\psisdecd.dll
- 2009-07-13 23:34 . 2009-07-14 01:39 142336 c:\windows\system32\poqexec.exe
+ 2012-06-15 08:27 . 2011-04-09 06:58 142336 c:\windows\system32\poqexec.exe
+ 2009-07-14 02:36 . 2012-06-15 18:39 617460 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-15 06:53 617460 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-15 06:53 104702 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-15 18:39 104702 c:\windows\system32\perfc009.dat
+ 2012-06-15 08:24 . 2011-08-27 05:40 861184 c:\windows\system32\oleaut32.dll
- 2009-07-13 23:59 . 2009-07-14 01:41 861184 c:\windows\system32\oleaut32.dll
+ 2012-06-15 08:24 . 2011-08-27 05:40 331776 c:\windows\system32\oleacc.dll
- 2009-07-13 23:39 . 2009-07-14 01:41 331776 c:\windows\system32\oleacc.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 212992 c:\windows\system32\odbctrac.dll
+ 2012-06-15 08:27 . 2011-06-15 09:58 212992 c:\windows\system32\odbctrac.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 106496 c:\windows\system32\odbccu32.dll
+ 2012-06-15 08:27 . 2011-06-15 09:58 106496 c:\windows\system32\odbccu32.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 106496 c:\windows\system32\odbccr32.dll
+ 2012-06-15 08:27 . 2011-06-15 09:58 106496 c:\windows\system32\odbccr32.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 163840 c:\windows\system32\odbccp32.dll
+ 2012-06-15 08:27 . 2011-06-15 09:58 163840 c:\windows\system32\odbccp32.dll
+ 2012-06-15 08:24 . 2010-10-16 05:17 720896 c:\windows\system32\odbc32.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 149504 c:\windows\system32\occache.dll
+ 2012-06-15 08:24 . 2011-12-16 08:42 634368 c:\windows\system32\msvcrt.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 197120 c:\windows\system32\msrating.dll
- 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 222208 c:\windows\system32\msls31.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 697344 c:\windows\system32\msfeeds.dll
+ 2012-06-15 14:34 . 2012-06-15 14:34 257024 c:\windows\system32\mfreadwrite.dll
+ 2012-06-15 14:34 . 2012-06-15 14:34 206848 c:\windows\system32\mfps.dll
- 2009-07-14 00:18 . 2009-07-14 01:41 206848 c:\windows\system32\mfps.dll
+ 2012-06-15 10:33 . 2012-06-15 10:33 417480 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.exe
+ 2012-06-15 10:33 . 2012-06-15 10:33 512200 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.dll
+ 2012-06-15 08:25 . 2011-07-16 05:21 422400 c:\windows\system32\KernelBase.dll
+ 2012-06-15 08:27 . 2010-12-18 06:11 714752 c:\windows\system32\kerberos.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 818688 c:\windows\system32\jscript.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 103936 c:\windows\system32\inseng.dll
+ 2012-06-15 08:24 . 2011-05-03 05:21 976896 c:\windows\system32\inetcomm.dll
- 2010-08-02 01:50 . 2010-03-04 07:57 976896 c:\windows\system32\inetcomm.dll
- 2009-07-13 23:40 . 2009-07-14 01:41 546304 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL
+ 2012-06-15 08:26 . 2011-07-27 05:31 546304 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL
+ 2012-06-15 14:42 . 2012-06-15 14:42 165888 c:\windows\system32\iexpress.exe
+ 2012-06-15 14:42 . 2012-06-15 14:42 173056 c:\windows\system32\ieUnatt.exe
+ 2012-06-15 14:42 . 2012-06-15 14:42 248320 c:\windows\system32\ieui.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 111616 c:\windows\system32\iesysprep.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 145920 c:\windows\system32\iepeers.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 403248 c:\windows\system32\iedkcs32.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 534528 c:\windows\system32\ieapfltr.dll
- 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 163840 c:\windows\system32\ieakui.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 267776 c:\windows\system32\ieaksie.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 160256 c:\windows\system32\ieakeng.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 135168 c:\windows\system32\IEAdvpack.dll
+ 2012-06-15 08:24 . 2011-02-12 06:14 267776 c:\windows\system32\FXSCOVER.exe
- 2009-07-14 04:45 . 2010-08-02 02:00 274320 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-06-15 15:38 274320 c:\windows\system32\FNTCACHE.DAT
+ 2012-06-15 08:24 . 2011-10-15 06:25 723456 c:\windows\system32\EncDec.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 282112 c:\windows\system32\dxtrans.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 452608 c:\windows\system32\dxtmsft.dll
+ 2012-06-15 08:25 . 2011-04-29 03:12 161792 c:\windows\system32\drivers\srvnet.sys
+ 2012-06-15 08:25 . 2011-04-29 03:12 399872 c:\windows\system32\drivers\srv2.sys
+ 2012-06-15 08:25 . 2011-04-29 03:13 461312 c:\windows\system32\drivers\srv.sys
+ 2012-06-15 08:25 . 2012-04-28 03:50 204800 c:\windows\system32\drivers\rdpwd.sys
- 2012-06-15 03:12 . 2012-02-15 04:47 204800 c:\windows\system32\drivers\rdpwd.sys
+ 2012-06-15 08:26 . 2011-05-04 02:51 126464 c:\windows\system32\drivers\mrxsmb20.sys
+ 2012-06-15 08:26 . 2011-07-09 02:44 287744 c:\windows\system32\drivers\mrxsmb10.sys
+ 2012-06-15 08:26 . 2011-05-04 02:51 157696 c:\windows\system32\drivers\mrxsmb.sys
- 2010-08-02 01:53 . 2010-02-27 07:52 157696 c:\windows\system32\drivers\mrxsmb.sys
+ 2012-06-15 08:26 . 2011-11-17 07:17 152432 c:\windows\system32\drivers\ksecpkg.sys
+ 2012-06-15 14:34 . 2012-06-15 14:34 265088 c:\windows\system32\drivers\dxgmms1.sys
+ 2012-06-15 08:27 . 2011-04-27 02:57 102400 c:\windows\system32\drivers\dfsc.sys
- 2009-07-13 23:23 . 2009-07-13 23:23 102400 c:\windows\system32\drivers\dfsc.sys
+ 2012-06-15 08:26 . 2011-11-17 07:15 460296 c:\windows\system32\drivers\cng.sys
+ 2012-06-15 08:25 . 2011-12-28 03:59 499200 c:\windows\system32\drivers\afd.sys
- 2009-07-13 23:21 . 2009-07-14 01:40 182272 c:\windows\system32\dnsrslvr.dll
+ 2012-06-15 08:25 . 2011-03-03 06:17 182272 c:\windows\system32\dnsrslvr.dll
- 2009-07-13 23:21 . 2009-07-14 01:40 356352 c:\windows\system32\dnsapi.dll
+ 2012-06-15 08:25 . 2011-03-03 06:17 356352 c:\windows\system32\dnsapi.dll
+ 2012-06-15 08:27 . 2012-03-03 06:29 320512 c:\windows\system32\d3d10_1core.dll
- 2009-07-13 23:41 . 2009-07-14 01:40 197120 c:\windows\system32\d3d10_1.dll
+ 2012-06-15 08:27 . 2012-03-03 06:29 197120 c:\windows\system32\d3d10_1.dll
+ 2012-06-15 08:27 . 2012-03-03 06:29 902656 c:\windows\system32\d2d1.dll
+ 2012-06-15 08:27 . 2010-12-23 06:07 961024 c:\windows\system32\CPFilters.dll
+ 2012-06-15 08:24 . 2010-10-16 05:23 112000 c:\windows\system32\consent.exe
+ 2012-06-15 08:25 . 2011-07-16 05:17 338432 c:\windows\system32\conhost.exe
- 2009-07-13 23:38 . 2009-07-14 01:39 338432 c:\windows\system32\conhost.exe
+ 2012-06-15 08:26 . 2010-08-21 06:31 633856 c:\windows\system32\comctl32.dll
- 2009-07-13 23:55 . 2009-07-14 01:40 633856 c:\windows\system32\comctl32.dll
+ 2012-06-15 14:34 . 2012-06-15 14:34 144384 c:\windows\system32\cdd.dll
+ 2012-06-15 08:25 . 2011-02-05 12:39 518160 c:\windows\system32\Boot\winresume.exe
+ 2012-06-15 08:25 . 2011-02-05 12:39 603976 c:\windows\system32\Boot\winload.exe
+ 2012-06-15 08:25 . 2011-02-19 04:13 367104 c:\windows\system32\atmfd.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 114176 c:\windows\system32\admparse.dll
+ 2012-06-15 18:33 . 2012-06-15 18:33 138664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-06-15 18:46 226136 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-15 08:27 . 2012-04-06 00:45 172128 c:\windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationHostDLL.dll
+ 2012-06-15 08:25 . 2011-12-26 19:08 745232 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll
+ 2012-06-15 08:27 . 2012-04-23 22:38 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
+ 2012-06-15 08:27 . 2012-01-04 02:48 486144 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
+ 2012-06-15 08:27 . 2012-04-06 00:49 131168 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2012-06-15 08:25 . 2011-12-26 19:13 437008 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2012-06-15 08:27 . 2012-04-23 22:37 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-06-15 08:27 . 2012-01-04 02:51 389888 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2012-06-15 08:27 . 2012-01-04 02:51 364816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2012-06-15 08:27 . 2012-01-04 02:51 996112 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-04-19 09:54 . 2011-04-19 09:54 227328 c:\windows\Installer\10682b6.msi
+ 2011-04-19 09:21 . 2011-04-19 09:21 235520 c:\windows\Installer\10682b0.msi
+ 2012-06-15 08:27 . 2011-10-29 05:24 465920 c:\windows\ehome\mstvcapn.dll
- 2009-07-14 00:22 . 2009-07-14 01:41 465920 c:\windows\ehome\mstvcapn.dll
- 2009-07-14 00:24 . 2009-07-14 01:51 315392 c:\windows\ehome\Microsoft.MediaCenter.Interop.dll
+ 2012-06-15 08:25 . 2011-08-17 05:35 315392 c:\windows\ehome\Microsoft.MediaCenter.Interop.dll
+ 2012-06-15 15:42 . 2012-06-15 15:42 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\f0e602dd94327e6eea126e72cb24c4a3\UIAutomationTypes.ni.dll
+ 2012-06-15 15:42 . 2012-06-15 15:42 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\ef1cc397129c81ecb60431633b7d6f94\UIAutomationProvider.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 653312 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\2adb36011c54ef24dff70bef5e31a71a\UIAutomationClient.ni.dll
+ 2012-06-15 15:42 . 2012-06-15 15:42 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\9a541383d78143dc386512b092cb58a9\System.Web.RegularExpressions.ni.dll
+ 2012-06-15 15:41 . 2012-06-15 15:41 921600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\348482b8eb60eb9595a313ed706fa074\System.Transactions.ni.dll
+ 2012-06-15 15:42 . 2012-06-15 15:42 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\993018172a83c2431adeb6a309aa27cf\System.ServiceProcess.ni.dll
+ 2012-06-15 15:41 . 2012-06-15 15:41 928768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\3fbac653667adb06ac98561f57049751\System.Security.ni.dll
+ 2012-06-15 15:41 . 2012-06-15 15:41 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\3805923cd6a0d7c9c4c872c1ede4619d\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\984398a06970ec18178ddf072de6167e\System.Messaging.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\0e83d3c8f7e6295055548caa2a1a3743\System.IdentityModel.Selectors.ni.dll
+ 2012-06-15 15:41 . 2012-06-15 15:41 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\b48bd4bfbc25e5fb2b6bbc0627bb7aad\System.EnterpriseServices.Wrapper.dll
+ 2012-06-15 15:42 . 2012-06-15 15:42 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\a650d1b1ee920b0fecfe5e8342217265\System.Drawing.Design.ni.dll
+ 2012-06-15 15:42 . 2012-06-15 15:42 649728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\3d2da45f50b57ab5871ff32fa9a0fa71\System.DirectoryServices.Protocols.ni.dll
+ 2012-06-15 15:51 . 2012-06-15 15:51 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\2e18ba464979573aa3dcf04e07e79d87\System.Data.DataSetExtensions.ni.dll
+ 2012-06-15 15:42 . 2012-06-15 15:42 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\58d7e28f550aa89ebc5046b960525b46\System.Configuration.Install.ni.dll
+ 2012-06-15 15:51 . 2012-06-15 15:51 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\3de11837ee6fc7bda6f50bdc8eed68ce\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-06-15 15:45 . 2012-06-15 15:45 890880 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\eb850c90fad10f90fa495be2efa5d8ec\System.AddIn.ni.dll
+ 2012-06-15 15:45 . 2012-06-15 15:45 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\236fe667af3ca016ae66a5b08fb94bd8\System.AddIn.Contract.ni.dll
+ 2012-06-15 15:51 . 2012-06-15 15:51 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\510283052ba3df05080787d71eb6fa31\SMSvcHost.ni.exe
+ 2012-06-15 15:45 . 2012-06-15 15:45 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\97ef3ca694f50f101c0b369e3c3528cc\SMDiagnostics.ni.dll
+ 2012-06-15 15:43 . 2012-06-15 15:43 279040 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\dc82ea5f368056cb5340c270bb75becb\PresentationFramework.Classic.ni.dll
+ 2012-06-15 15:43 . 2012-06-15 15:43 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\76933856fb4dd9f9cf17136aac2ca38c\PresentationFramework.Luna.ni.dll
+ 2012-06-15 15:43 . 2012-06-15 15:43 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\5a95213214431ffa96c6e4dbfa36345e\PresentationFramework.Aero.ni.dll
+ 2012-06-15 15:43 . 2012-06-15 15:43 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\57138d0d992b152869c9bb250e9d3735\PresentationFramework.Royale.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\33ae5cf0b1603f19a9c66e376b4cdcda\napsnap.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\5c28e1b5ec388ca1b62f229a068b9842\napinit.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 175104 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\4a034fcf374482db0b2cb8a7f661608c\naphlpr.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 127488 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\41854d8487d49fad7f177425b6c781f7\napcrypt.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\02fa94543dd6ba737d98562e9a42e519\MSBuild.ni.exe
+ 2012-06-15 15:49 . 2012-06-15 15:49 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\bf084532afc235bb8947191850be2dbd\MMCFxCommon.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 681472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\d4a321be6b1775b27e878d5866ac9b6d\Microsoft.WSMan.Management.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\bdfc36a270290eeff2dfa72949ff20ca\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\915c41bb932618c4abf94b123df9ceae\Microsoft.Vsa.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\b90d3fa08fb2f482ec06283b20bf4525\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 237056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\f50a903783750e4c093cbf105f334ead\Microsoft.PowerShell.Security.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\65d6ad0aa6d85a25d2840ab5f7d7405c\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\3acefb890be23403069123754db8a8d1\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\2708d6ea3f3db7891db1a609018064d8\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b53fcd9a5a78a169e0fb3c64ae73af49\Microsoft.MediaCenter.iTv.Media.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\80143f646da89090918f7b0d70e1bd2a\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\611f809f625bafde88d989c624f5fd0f\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\4f0916261770cb38d02cc73799ba9c24\Microsoft.MediaCenter.Sports.ni.dll
+ 2012-06-15 15:40 . 2012-06-15 15:40 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\4817b5f63709e4dbf02cfa2f1fbf68dd\Microsoft.MediaCenter.Interop.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\3d55ad018dcd5cb77de84d181946de06\Microsoft.MediaCenter.Playback.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\10492ed390f72165b7701b0b209f41b1\Microsoft.MediaCenter.Mheg.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 797696 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\e357bfb6a7358070a31cfb315e1094b8\Microsoft.ManagementConsole.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\6f1c7692333bbe4aba03d4c68cd56210\Microsoft.Build.Utilities.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 244224 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\05ab0f916af911347d5b7fda20fab3e3\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\a92742de12c5358a722d9b81f4c93f8b\Microsoft.Build.Framework.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\4d843288146d5c6ddcd942e1d68b510b\Microsoft.Build.Framework.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\9435c4788924ed688417b3087ff5cdd2\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 107008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\a9dfffd80c488893b4c34451173f188c\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\d0c9c13cbeb5e9d29c3300c7dc6ad18f\Mcx2Dvcs.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 545792 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\fbae2394e24c9a0712247af10a9a95f4\mcupdate.ni.exe
+ 2012-06-15 15:46 . 2012-06-15 15:46 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\1e6ea539bd19db7400a20f185fbd37cf\mcstoredb.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\e49dc639637c7bbefc0603f47af007a8\mcplayerinterop.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\75409182685d131c4e96f44ac4a74bbe\mcGlidHostObj.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\c26c2b86de76298e59e433e778c936c5\MCESidebarCtrl.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\bef11fb4617a18e0cdb5c7673308f0d8\EventViewer.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\d0e216d8df9ccdf961dca37e63a9aaa8\ehRecObj.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\81a510ea5fd14aa30ff41d4fc7f74161\ehiWUapi.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\608233581ceee7892045ebae25b48248\ehiwmp.ni.dll
+ 2012-06-15 15:40 . 2012-06-15 15:40 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\0ff5bc978a9279d484cdf59d919e60df\ehiUserXp.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\75957f1e4c465eb8053fb9f235c5c696\ehiiTv.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\165c31078ab64ffe338512b778f3a645\ehiExtens.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\097208918b41f71a55e52cf2e8a14b9e\ehiBmlDataCarousel.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 125440 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\01b2b2f884349644dd1b1b4e4ac5f47a\ehiActivScp.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\3266ef1067584da5503061cb4c694b82\ehExtHost.ni.exe
+ 2012-06-15 15:46 . 2012-06-15 15:46 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\f5cd36f9696a44997ffb61cc38067006\ehCIR.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\e7e8991e9dfce879c22b2647edb72287\CustomMarshalers.ni.dll
+ 2012-06-15 15:45 . 2012-06-15 15:45 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\bad60d21de09740f3c2a498fa4aaa7b0\ComSvcConfig.ni.exe
+ 2012-06-15 15:45 . 2012-06-15 15:45 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\a7fd2038556fca7f411cf6f0a62c1671\BDATunePIA.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2aac794e7890acc1a1430e065e16b31a\WsatConfig.ni.exe
+ 2012-06-15 15:46 . 2012-06-15 15:46 626688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\b4339d59d892015b9b85f45da5405968\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e040c9e32d2b6ec6aab2e0d55df8642a\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\cab30ee882d32c6359c5e71f91115674\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bf812087547b87d15f5d962567c19ed5\WindowsLive.Writer.Controls.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a1ad92ba10cdf2f2fc8657a0d8effa7d\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9fd83508417a1fbcaecbd9bc4517cf87\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\94b811060d696946b20fd357b734ee53\WindowsLive.Writer.Interop.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\942ea781fbd96d72372935eec35ef967\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 258560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8382b11f7b421755b4cf07b344e761b1\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\82551e9a5e56cfa84841fdc6131cc807\WindowsLive.Writer.Instrumentation.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6b2fbf2e97edff13c87a1d542aec6190\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\58895e1ec530c5a0b4d304c071ea9608\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\54289c8fe09f12d1257a647b73237956\WindowsLive.Writer.Localization.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4301a860eb28265f4e4181ff0b238f31\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\16b217f8f1a2694db53b5acda8231485\WindowsLive.Writer.Passport.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0f0ac77d1901c796f6fb7cd1335ba4d9\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\7cea701bfe1a6fbc1e1b0d09a690f873\WindowsLive.Client.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\961b28b18dc304d4434ca9938abd1d60\WindowsFormsIntegration.ni.dll
+ 2012-06-15 15:44 . 2012-06-15 15:44 185344 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\5e398c245811fe932ce6bcf68664e307\UIAutomationTypes.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\42378a09ba2a003848de7d2cfeb1c56a\UIAutomationClient.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\58b6523c5167dd748a679e8a46330c32\TaskScheduler.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\496033ebd93c3381e4ba09486bf23cc3\System.Xml.Linq.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e8583c3f80cd2a94f552a64b4953dde2\System.Web.Routing.ni.dll
+ 2012-06-15 15:45 . 2012-06-15 15:45 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\e6a25bb61babf2ad6d6fa3256a2ea41a\System.Web.RegularExpressions.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\394765924d5b924fe87103c943abc69c\System.Web.Extensions.Design.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\4b72a66912627a66c65ebc8ce8d82e91\System.Web.Entity.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\973d534cb631a5c9c7ea74842056332d\System.Web.Entity.Design.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\c80448d686095317e9019f48572b03e0\System.Web.DynamicData.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\a5f548d874a19f075ca408ac46e57d72\System.Web.Abstractions.ni.dll
+ 2012-06-15 15:44 . 2012-06-15 15:44 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\61fbbd8bc7d76972115b292b132ff2d1\System.Transactions.ni.dll
+ 2012-06-15 15:45 . 2012-06-15 15:45 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b7a7f9c607e09bfa03c07b5ff3a8ae3\System.ServiceProcess.ni.dll
+ 2012-06-15 15:44 . 2012-06-15 15:44 680960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\61af058c2bc079f28397a29ed145fbc7\System.Security.ni.dll
+ 2012-06-15 15:44 . 2012-06-15 15:44 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\35fcbda2532ece23d09a044aa2ef62a4\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-06-15 15:44 . 2012-06-15 15:44 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\cd8ad97063680071342f13d12376fd17\System.Net.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\9023843c5179d58bd814b64f440679a1\System.Messaging.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 997888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\c9986072b91eb63728d4843ae798e121\System.Management.Instrumentation.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\870427539c6829f750490719470bfa22\System.IO.Log.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\f93d41cf41160cc660aea5eb8be181d6\System.IdentityModel.Selectors.ni.dll
+ 2012-06-15 15:44 . 2012-06-15 15:44 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\558fa6c6131f14af258f94291a5d19d6\System.EnterpriseServices.Wrapper.dll
+ 2012-06-15 15:44 . 2012-06-15 15:44 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\558fa6c6131f14af258f94291a5d19d6\System.EnterpriseServices.ni.dll
+ 2012-06-15 15:45 . 2012-06-15 15:45 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\4e3449df387e6a0680d25969da6f965a\System.Drawing.Design.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 887808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\bbede691e8386ac49379edad37eb7e3c\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-06-15 15:45 . 2012-06-15 15:45 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\77fb2ee5038b95bb20353a305918df9e\System.DirectoryServices.Protocols.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 946176 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\4c7d1e5492f79ac7217577e45a06f559\System.Data.Services.Client.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 356864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\35dfab6426c2a64cae53944e19623dca\System.Data.Services.Design.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 762880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\71d6318c39c6ee8abb7c3ae61cf2fd4f\System.Data.Entity.Design.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4f1cef2fd7b12da72654f2522f169d2e\System.Data.DataSetExtensions.ni.dll
+ 2012-06-15 15:44 . 2012-06-15 15:44 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
+ 2012-06-15 15:45 . 2012-06-15 15:45 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f96bc91c85c7aafc6cc0f04742359564\System.Configuration.Install.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\db477bc003958f524c72bc30040f0899\System.AddIn.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\51f227c6d989cd851b46ac157df263a3\sysglobl.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4bc345ee664ca736a30a7fafd8c5a16c\SMSvcHost.ni.exe
+ 2012-06-15 15:47 . 2012-06-15 15:47 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\26a852935ab27c328a148effb43a76bf\SMDiagnostics.ni.dll
+ 2012-06-15 15:45 . 2012-06-15 15:45 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fcdfda3443709bbe8d0a44cf2e0e1660\PresentationFramework.Classic.ni.dll
+ 2012-06-15 15:45 . 2012-06-15 15:45 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll
+ 2012-06-15 15:45 . 2012-06-15 15:45 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d85fc1508cff1e635f87b4afb4f4cc9a\PresentationFramework.Luna.ni.dll
+ 2012-06-15 15:45 . 2012-06-15 15:45 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\056f7ed4e914569f97b47631c0ade534\PresentationFramework.Royale.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\0e9f88f220b048e2b0d2c8e3801e1fbd\napsnap.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\821bb293acac9e6fbb0dc69087e2a172\napinit.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\5de0fa9a3f84bad3c0827c3f77387c25\naphlpr.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\b31fec98f29b3530a72c044d36c88cfa\MSBuild.ni.exe
+ 2012-06-15 15:47 . 2012-06-15 15:47 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\1f10581674c9eb08c896e21fc1f43be4\MMCFxCommon.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 531456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\530aebd2f4fb78e463e4622b53fa1d29\Microsoft.WSMan.Management.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\0329bf8cfafd687cee2b2d682d182ce9\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ec25dcf853949dc1b1055f0a8d3d3817\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d664a2c965541177d610a2deffd28a29\Microsoft.PowerShell.Security.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 785920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d3719732987a18c70428002240fa0271\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\83032d78b29cd09caf0ef69d05d33cd3\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6140e4423431468afff328b69276bd43\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\49af28b21e53bc36f58c371995dfae1a\Microsoft.ManagementConsole.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a3163f28829b22e3ae962dbaa9216028\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4e130bab9541f548007f649552225772\Microsoft.Build.Utilities.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c617adec91d29b55d0690ace389d1b46\Microsoft.Build.Engine.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\aa7fe29b3123fc147df14c38b18aed9d\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\e9560fae578611cec24fd559817d8b4a\mcstoredb.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 253952 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CxHDAudioAP#\5afca7f4eb69ef958830b87710a92373\Interop.CxHDAudioAPILib.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\491bfb35b47079843c7faecb5b67787d\EventViewer.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\6fe19c9611c4a5e801f589e1216126c2\ehRecObj.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 875520 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\e4ac05c2ec50bf546e050f2d8b28b630\ehiVidCtl.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 442880 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\f627a0274101e3dae80ddcde40885795\ehiProxy.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\b052b90444da59b2ebd1d6485cf49605\ehiExtens.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\97a8bea875e2f88da466cfa59340a528\ehExtHost32.ni.exe
+ 2012-06-15 15:47 . 2012-06-15 15:47 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\1435db5dea878f59191dc112a40e2185\CustomMarshalers.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\1d948af5bf966ad1277936a6e30f91e3\ComSvcConfig.ni.exe
+ 2012-06-15 15:46 . 2012-06-15 15:46 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\7ac2fa31914eca722b63ebd994550211\BDATunePIA.ni.dll
+ 2012-06-15 08:27 . 2012-04-23 22:37 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-07-13 21:10 . 2009-06-10 21:14 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-06-15 08:27 . 2012-04-06 00:49 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2009-07-14 00:35 . 2009-06-10 21:14 532480 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-06-15 08:27 . 2012-04-06 00:49 532480 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2009-07-14 01:01 . 2009-06-10 20:30 357376 c:\windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-15 08:27 . 2012-04-06 00:45 357376 c:\windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2009-07-14 00:24 . 2009-07-14 01:51 315392 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll
+ 2012-06-15 08:25 . 2011-08-17 05:35 315392 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll
- 2009-07-14 00:35 . 2009-06-10 21:14 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-15 08:27 . 2012-04-06 00:49 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-15 14:34 . 2012-06-15 14:34 1619456 c:\windows\SysWOW64\WMVDECOD.DLL
+ 2012-06-15 14:42 . 2012-06-15 14:42 1129472 c:\windows\SysWOW64\wininet.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 1103872 c:\windows\SysWOW64\urlmon.dll
- 2010-08-02 01:45 . 2009-12-19 09:02 1328640 c:\windows\SysWOW64\quartz.dll
+ 2012-06-15 08:27 . 2011-10-26 04:28 1328640 c:\windows\SysWOW64\quartz.dll
+ 2012-06-15 08:27 . 2010-06-29 05:02 1413632 c:\windows\SysWOW64\ole32.dll
+ 2012-06-15 08:25 . 2012-05-04 10:08 3902320 c:\windows\SysWOW64\ntoskrnl.exe
+ 2012-06-15 08:25 . 2012-05-04 10:08 3958128 c:\windows\SysWOW64\ntkrnlpa.exe
+ 2012-06-15 08:24 . 2011-11-17 05:41 1292592 c:\windows\SysWOW64\ntdll.dll
+ 2012-06-15 08:25 . 2010-06-08 06:02 1233920 c:\windows\SysWOW64\msxml3.dll
+ 2012-06-15 08:24 . 2010-12-18 05:30 2690560 c:\windows\SysWOW64\mstscax.dll
+ 2012-06-15 08:24 . 2010-12-18 05:26 1034240 c:\windows\SysWOW64\mstsc.exe
+ 2012-06-15 08:26 . 2011-03-11 05:40 1164288 c:\windows\SysWOW64\mfc42u.dll
+ 2012-06-15 08:26 . 2011-03-11 05:40 1137664 c:\windows\SysWOW64\mfc42.dll
+ 2012-06-15 14:34 . 2012-06-15 14:34 3181568 c:\windows\SysWOW64\mf.dll
+ 2012-06-15 10:42 . 2012-06-15 10:42 8797856 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
+ 2012-06-15 08:25 . 2011-07-16 04:30 1048576 c:\windows\SysWOW64\kernel32.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 1800192 c:\windows\SysWOW64\jscript9.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 9737728 c:\windows\SysWOW64\ieframe.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 3695416 c:\windows\SysWOW64\ieapfltr.dat
- 2009-07-13 23:44 . 2009-07-14 01:15 1495040 c:\windows\SysWOW64\ExplorerFrame.dll
+ 2012-06-15 14:34 . 2012-06-15 14:34 1495040 c:\windows\SysWOW64\ExplorerFrame.dll
+ 2012-06-15 08:27 . 2012-03-03 05:40 1074176 c:\windows\SysWOW64\DWrite.dll
+ 2012-06-15 08:27 . 2012-03-03 05:40 1170944 c:\windows\SysWOW64\d3d10warp.dll
+ 2012-06-15 14:34 . 2012-06-15 14:34 1888256 c:\windows\system32\WMVDECOD.DLL
+ 2012-06-15 08:25 . 2010-08-21 06:38 1024512 c:\windows\system32\wmpmde.dll
- 2009-07-14 00:19 . 2009-07-14 01:41 1024512 c:\windows\system32\wmpmde.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 1392128 c:\windows\system32\wininet.dll
+ 2012-06-15 08:25 . 2012-05-15 01:32 3144192 c:\windows\system32\win32k.sys
+ 2012-06-15 15:36 . 2012-06-15 14:28 1255736 c:\windows\system32\Wat\WatAdminSvc.exe
+ 2012-06-15 14:42 . 2012-06-15 14:42 1346048 c:\windows\system32\urlmon.dll
+ 2012-06-15 08:26 . 2010-11-02 05:17 1169408 c:\windows\system32\taskschd.dll
- 2009-07-14 00:03 . 2009-07-14 01:41 1402880 c:\windows\system32\spool\drivers\x64\3\JNWDRV.dll
+ 2012-06-15 08:24 . 2012-04-02 05:24 1402880 c:\windows\system32\spool\drivers\x64\3\JNWDRV.dll
+ 2012-06-15 08:26 . 2010-11-02 05:16 1114624 c:\windows\system32\schedsvc.dll
+ 2012-06-15 08:27 . 2010-12-23 06:07 1118720 c:\windows\system32\sbe.dll
- 2009-07-14 00:21 . 2009-07-14 01:41 1118720 c:\windows\system32\sbe.dll
+ 2012-06-15 08:27 . 2011-10-26 05:22 1572864 c:\windows\system32\quartz.dll
+ 2012-06-15 08:27 . 2010-06-29 05:39 2085376 c:\windows\system32\ole32.dll
+ 2012-06-15 08:25 . 2012-05-04 10:52 5505392 c:\windows\system32\ntoskrnl.exe
+ 2012-06-15 08:24 . 2011-11-17 07:14 1739160 c:\windows\system32\ntdll.dll
+ 2012-06-15 08:25 . 2010-06-08 05:36 1877504 c:\windows\system32\msxml3.dll
+ 2012-06-15 08:24 . 2010-12-18 06:12 3138048 c:\windows\system32\mstscax.dll
+ 2012-06-15 08:24 . 2010-12-18 06:08 1097216 c:\windows\system32\mstsc.exe
+ 2012-06-15 08:26 . 2011-03-11 06:19 1359872 c:\windows\system32\mfc42u.dll
+ 2012-06-15 08:26 . 2011-03-11 06:19 1395712 c:\windows\system32\mfc42.dll
+ 2012-06-15 14:34 . 2012-06-15 14:34 4068864 c:\windows\system32\mf.dll
- 2010-08-02 01:54 . 2009-12-11 09:24 1446912 c:\windows\system32\lsasrv.dll
+ 2012-06-15 08:26 . 2011-11-17 07:08 1446912 c:\windows\system32\lsasrv.dll
+ 2012-06-15 08:25 . 2011-07-16 05:21 1162240 c:\windows\system32\kernel32.dll
- 2009-07-13 23:28 . 2009-07-14 01:41 1162240 c:\windows\system32\kernel32.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 2311680 c:\windows\system32\jscript9.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 2144768 c:\windows\system32\iertutil.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 3695416 c:\windows\system32\ieapfltr.dat
+ 2012-06-15 14:34 . 2012-06-15 14:34 1133568 c:\windows\system32\FntCache.dll
+ 2012-06-15 14:34 . 2012-06-15 14:34 1863680 c:\windows\system32\ExplorerFrame.dll
- 2009-07-13 23:57 . 2009-07-14 01:40 1863680 c:\windows\system32\ExplorerFrame.dll
+ 2012-06-15 08:27 . 2012-03-03 06:29 1541120 c:\windows\system32\DWrite.dll
+ 2012-06-15 08:24 . 2012-03-30 11:09 1895280 c:\windows\system32\drivers\tcpip.sys
+ 2012-06-15 08:27 . 2012-03-03 06:29 1837568 c:\windows\system32\d3d10warp.dll
+ 2009-07-14 04:45 . 2012-06-15 18:38 3798234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-06-15 06:11 3798234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-06-15 06:41 . 2012-06-15 18:46 2213316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2675067982-3295729358-1155118055-1000-8192.dat
+ 2012-06-15 08:27 . 2012-04-06 00:45 2255952 c:\windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll
- 2009-07-13 20:37 . 2009-06-10 20:40 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
+ 2012-06-15 08:25 . 2012-03-21 22:28 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
+ 2012-06-15 08:25 . 2011-12-26 19:08 5259264 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll
+ 2012-06-15 08:27 . 2012-01-04 02:48 3182592 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2012-06-15 08:25 . 2012-03-21 22:28 4927488 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Design.dll
- 2009-07-13 20:37 . 2009-06-10 20:40 4927488 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Design.dll
- 2009-07-13 20:37 . 2009-06-10 20:39 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
+ 2012-06-15 08:27 . 2012-01-04 02:48 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
+ 2012-06-15 08:27 . 2012-01-04 02:48 1577744 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
+ 2012-06-15 08:27 . 2012-01-04 02:48 1765136 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll
+ 2012-06-15 08:27 . 2012-04-06 00:49 1737296 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-06-15 08:25 . 2012-03-21 22:29 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-06-15 08:25 . 2011-12-26 19:13 5251072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2012-06-15 08:27 . 2012-01-04 02:51 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-06-15 08:25 . 2012-03-21 22:29 4927488 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 4927488 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2012-06-15 08:27 . 2012-01-04 02:51 5917456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2012-06-15 08:27 . 2012-01-04 02:51 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-04-16 13:44 . 2011-04-16 13:44 2770944 c:\windows\Installer\ee6635.msi
+ 2012-06-15 15:42 . 2012-06-15 15:42 4927488 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\7cdb4f5d0ff25c672e52a333ee394bb8\WindowsBase.ni.dll
+ 2012-06-15 15:40 . 2012-06-15 15:40 6948864 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\c40cbbdf7af03daedb16f4d9ef1b6f5f\System.Xml.ni.dll
+ 2012-06-15 15:43 . 2012-06-15 15:43 2707456 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\13dec2cd87ea433f1746027ccbaa3bc4\System.Workflow.Runtime.ni.dll
+ 2012-06-15 15:43 . 2012-06-15 15:43 5955072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\1c1764b9120f6a73ebdfb58b8e4ab9df\System.Workflow.ComponentModel.ni.dll
+ 2012-06-15 15:43 . 2012-06-15 15:43 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\254e69d8d12742213f715fc860aad36f\System.Workflow.Activities.ni.dll
+ 2012-06-15 15:41 . 2012-06-15 15:41 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\35b994e63fbc2836f32326e9f5862a1b\System.Web.Services.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\f37d2ca916cafdabe1c4f6f9c6b2c518\System.Runtime.Serialization.ni.dll
+ 2012-06-15 15:41 . 2012-06-15 15:41 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\17bf0932e5c6cb8ba59046456f13328d\System.Runtime.Remoting.ni.dll
+ 2012-06-15 15:43 . 2012-06-15 15:43 1453568 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\86a3611cdef98c49edd41c3cb52d5b81\System.Printing.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 1408512 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\bc4eb71543857d07a7401eab3a93d412\System.Management.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 1433088 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\8310af7cfed169c2e806347dfd31ed03\System.IdentityModel.ni.dll
+ 2012-06-15 15:41 . 2012-06-15 15:41 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\b48bd4bfbc25e5fb2b6bbc0627bb7aad\System.EnterpriseServices.ni.dll
+ 2012-06-15 15:41 . 2012-06-15 15:41 2318336 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\6ea40f2da0e2321428a7bdd387e475fd\System.Drawing.ni.dll
+ 2012-06-15 15:41 . 2012-06-15 15:41 1640448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\09fa848feffe98e25571f12ba6533b71\System.DirectoryServices.ni.dll
+ 2012-06-15 15:42 . 2012-06-15 15:42 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\817485fd285d4ceca00b5a2f54127187\System.Deployment.ni.dll
+ 2012-06-15 15:41 . 2012-06-15 15:41 8692736 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\d223792883556acb200a74d695a1c2c5\System.Data.ni.dll
+ 2012-06-15 15:41 . 2012-06-15 15:41 3461632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\e2bf05478288e42b7d5b3953303b43ea\System.Data.SqlXml.ni.dll
+ 2012-06-15 15:42 . 2012-06-15 15:42 1506816 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\a3f0cb65205bc8101de152a3049efa53\System.Data.OracleClient.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\fb0a7c597f43ec6c1fa7eb5c1404cac3\System.Core.ni.dll
+ 2012-06-15 15:40 . 2012-06-15 15:40 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\dcadcfb938ccdd3f70859fdcdd329ec5\System.Configuration.ni.dll
+ 2012-06-15 15:43 . 2012-06-15 15:43 3101696 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\ace65925339dc7a67f7d5801d305fea7\ReachFramework.ni.dll
+ 2012-06-15 15:43 . 2012-06-15 15:43 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\bb6de6dc7e0983ff5d5eb50e4d303401\PresentationUI.ni.dll
+ 2012-06-15 15:51 . 2012-06-15 15:51 1881088 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\42dad1fa286c2dfef840436e0117f195\PresentationBuildTasks.ni.dll
+ 2012-06-15 15:51 . 2012-06-15 15:51 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\fcfebf142d7794efa4d9f3442b4078b0\Narrator.ni.exe
+ 2012-06-15 15:50 . 2012-06-15 15:50 2327040 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\53fc273e6830f8ed9f4a6861bd9e3259\MMCEx.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 7966208 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\cbd80a405506069dcbc40bcf9e35cdbe\MIGUIControls.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\c43123085590686ee0fe2157c6cf78c8\Microsoft.VisualBasic.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 1598464 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\f0d782756caeea9306a63de672c6da6e\Microsoft.Transactions.Bridge.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\f99d492441caaf40f1825b2fb1bb018d\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 2175488 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\e67017ef44edf5abace08749ba07b3b8\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b2a90c6f1e99fd284159c30dfe2f34e8\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 5351424 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\57340a7859df958d29fa5caa530dcf5f\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\cc1a3125cc25ececf6bdd96313e1b43d\Microsoft.MediaCenter.Shell.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\cb5ff04ccae6b9da5dbe37a6ae0fa6c1\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-06-15 15:40 . 2012-06-15 15:40 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b6af7cba1817dc28bdcea3f0552b05f3\Microsoft.MediaCenter.UI.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 1516032 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\77cfbc9d38b1f0ba1dda1acbf8dc864e\Microsoft.MediaCenter.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5940bb2af41ce045c35a68977ce3d1f6\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 3208192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\729baa115f5b270a3b161e72ef7f5351\Microsoft.JScript.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\a036f49088456b29078f9450be06443f\Microsoft.Ink.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\9293388abb9fd1c2e63ae6224b5f1631\Microsoft.Build.Tasks.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 2677760 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\1f21383dca22c1a8cbe08f00f26150df\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\dc5d8b624b01a2a1db10e4ed5be18b93\Microsoft.Build.Engine.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\3a40ad58fa2e38681f57c1f1e641e329\Microsoft.Build.Engine.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 2796032 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\4f46834d06db91796c4a966100181997\mcstore.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 4075520 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\9fba63a6318b318dbfe2205a624e893e\mcepg.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 2165248 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\d93d8a0682de5277e41ef2bc05bd0b33\ehiVidCtl.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 1201664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\2260f0ed059f4db1564c6015bb1a591d\ehiProxy.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b7831aa9ae1459f54994bb88096135a0\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 1105408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5970a18cc76b9e7f063e964d61a7f3e4\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 2018304 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2137f840aa4841440459310c974098ab\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-06-15 15:44 . 2012-06-15 15:44 3325952 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\7f102c92f212048da706c724d5809f12\UIAutomationClientsideProviders.ni.dll
+ 2012-06-15 15:44 . 2012-06-15 15:44 7952384 c:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
+ 2012-06-15 15:44 . 2012-06-15 15:44 5453312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\b345f2895557e6ef39b94aebdeb4a57e\System.WorkflowServices.ni.dll
+ 2012-06-15 15:45 . 2012-06-15 15:45 1914880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\fd5cec6034bba6b7c0c9b8429b6f2222\System.Workflow.Runtime.ni.dll
+ 2012-06-15 15:45 . 2012-06-15 15:45 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\7ad53a4ed45b577ddc8f80aa5c8e012d\System.Workflow.ComponentModel.ni.dll
+ 2012-06-15 15:45 . 2012-06-15 15:45 2994688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\5c617f481e72820be334a511ad7e0648\System.Workflow.Activities.ni.dll
+ 2012-06-15 15:45 . 2012-06-15 15:45 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\675c8bd801698993255d100c3b350d4b\System.Web.Services.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\e950097b782a3726f9ec9a2662944e73\System.Web.Mobile.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 2403840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\99d890cec9c7b5d0883d2d84ad98a457\System.Web.Extensions.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\f68d50b9cfb466c62939548433943b3f\System.Speech.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 1705984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\b744ac6047519b7b186db4d77a78ca0c\System.ServiceModel.Web.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3848d7865bda88a9e94e03480b5ada2f\System.Runtime.Serialization.ni.dll
+ 2012-06-15 15:44 . 2012-06-15 15:44 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\da97dedec4a2fd679a2c45b6e91b2481\System.Printing.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 8871936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\c9b40cfc4764cf4f9585897f6d2d6110\System.Management.Automation.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 1072128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\f77eb3dd20db5f2277636d4e700a2a2a\System.IdentityModel.ni.dll
+ 2012-06-15 15:44 . 2012-06-15 15:44 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
+ 2012-06-15 15:44 . 2012-06-15 15:44 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\027d378a0f7111c18fb687d2948088a9\System.DirectoryServices.ni.dll
+ 2012-06-15 15:44 . 2012-06-15 15:44 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\37aa8a6e1a69671c23eb916417629682\System.Deployment.ni.dll
+ 2012-06-15 15:44 . 2012-06-15 15:44 6618624 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll
+ 2012-06-15 15:44 . 2012-06-15 15:44 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e8dd334aba14a540d9ac95e372564310\System.Data.SqlXml.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 1328640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\30664d5f93b99eb6e51900ec8137909d\System.Data.Services.ni.dll
+ 2012-06-15 15:45 . 2012-06-15 15:45 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\e05825b235c398d3148bbac51abab75d\System.Data.OracleClient.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\98bbe3c24de8dfbbfa6faa685fac7632\System.Data.Linq.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 9921024 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\e7f8e31dd8f015e08388619be47e632c\System.Data.Entity.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c366ebd7f33816762268154efc68176d\System.Core.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 1303552 c:\windows\assembly\NativeImages_v2.0.50727_32\SmartAudio\7b8fecf0c87c972de4e79d4870c37667\SmartAudio.ni.exe
+ 2012-06-15 15:44 . 2012-06-15 15:44 2147328 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4ddbf3609f6efff982c900440dcdb181\ReachFramework.ni.dll
+ 2012-06-15 15:44 . 2012-06-15 15:44 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\1b357b8f86096b51ac50f1d7c90fd9b9\PresentationUI.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 1449984 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\178be2ae406d87f35b4f22458af0d448\PresentationBuildTasks.ni.dll
+ 2012-06-15 15:48 . 2012-06-15 15:48 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\edd366eb04c2fe0aaabba01c5a2105e0\Narrator.ni.exe
+ 2012-06-15 15:48 . 2012-06-15 15:48 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\e143c439fa3698366c4b2b1911a5f8f2\MMCEx.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 6434304 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\66183b1d79527c54e9d5ffdd8f8fda69\MIGUIControls.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3eaec5bc57c67c3b24ca2bb281ca249d\Microsoft.VisualBasic.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 1092608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7f5335e134e48d154c8cc8aa5d1d9cce\Microsoft.Transactions.Bridge.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b02bdb4f1d9b1e3fb1c5b79838e371e4\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 1705472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6a81878ac094031e85d9b01001dee716\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4f309ae82c753663e09a9a4cdb8375e1\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\f606df7f73ca8fb4ad5fc8edf23c3a88\Microsoft.MediaCenter.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\3e794c9f632eef8f63037605644b2385\Microsoft.MediaCenter.UI.ni.dll
+ 2012-06-15 15:46 . 2012-06-15 15:46 2332672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\45c2fc4880b3ea85ee32d106553d5484\Microsoft.JScript.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\4c9b801dd450ef4344d43ba63cd8928f\Microsoft.Ink.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d7fe0033c89960de70477f3a3bf6f139\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\608fbe1dfdc8d81dacec493fb0359ff4\Microsoft.Build.Tasks.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\cf8b29164df493cae5121e9da162150a\Microsoft.Build.Engine.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 2031104 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\23c5e5c8219eca512c8395e329ee937a\mcstore.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 3017216 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\8ac5920c8a67346657f455146b27ad26\mcepg.ni.dll
+ 2012-06-15 08:27 . 2012-04-06 00:49 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-06-15 08:27 . 2012-01-04 02:51 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-06-15 08:27 . 2012-03-21 22:29 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-15 08:25 . 2011-12-26 19:13 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2009-07-13 21:10 . 2009-06-10 21:14 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 4927488 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-15 08:25 . 2012-03-21 22:29 4927488 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-15 08:27 . 2012-04-06 00:49 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2009-07-14 00:35 . 2009-06-10 21:14 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-06-15 08:25 . 2011-12-26 19:08 5259264 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-06-15 08:27 . 2012-04-06 00:45 2255952 c:\windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
+ 2012-06-15 08:27 . 2012-04-06 00:45 3997696 c:\windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2009-07-13 20:37 . 2009-06-10 20:39 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-15 08:27 . 2012-01-04 02:48 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-15 08:25 . 2011-12-26 19:13 5251072 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-06-15 08:27 . 2012-04-06 00:49 1737296 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
- 2009-07-14 00:35 . 2009-06-10 21:14 4214784 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-06-15 08:27 . 2012-04-06 00:49 4214784 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-06-15 08:27 . 2012-01-04 02:51 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-08-02 01:44 . 2009-08-29 06:54 12625408 c:\windows\SysWOW64\wmploc.DLL
+ 2012-06-15 08:24 . 2010-09-01 04:23 12625408 c:\windows\SysWOW64\wmploc.DLL
+ 2012-06-15 08:24 . 2010-09-01 04:29 11406848 c:\windows\SysWOW64\wmp.dll
+ 2012-06-15 08:26 . 2010-07-27 14:03 12867584 c:\windows\SysWOW64\shell32.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 12314624 c:\windows\SysWOW64\mshtml.dll
+ 2012-06-15 08:24 . 2010-09-01 05:12 12625920 c:\windows\system32\wmploc.DLL
- 2010-08-02 01:44 . 2009-08-29 07:45 12625920 c:\windows\system32\wmploc.DLL
+ 2012-06-15 08:24 . 2010-09-01 05:21 14627840 c:\windows\system32\wmp.dll
+ 2009-07-14 02:34 . 2012-06-15 15:52 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-06-15 08:26 . 2010-07-27 14:59 14162944 c:\windows\system32\shell32.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 17807360 c:\windows\system32\mshtml.dll
+ 2012-06-15 14:42 . 2012-06-15 14:42 10924032 c:\windows\system32\ieframe.dll
+ 2012-06-15 08:27 . 2012-01-04 02:48 10005264 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
+ 2012-06-15 14:23 . 2012-06-15 14:23 20343808 c:\windows\Installer\ee662c.msp
+ 2012-06-15 15:40 . 2012-06-15 15:40 10605056 c:\windows\assembly\NativeImages_v2.0.50727_64\System\6ec488b702c100ad5d3e712db0e88554\System.ni.dll
+ 2012-06-15 15:42 . 2012-06-15 15:42 17382912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\ced1d3b0790804426463ad06a61f180e\System.Windows.Forms.ni.dll
+ 2012-06-15 15:41 . 2012-06-15 15:41 15252992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\f6514b690596d60ca9f4fa64e14a8355\System.Web.ni.dll
+ 2012-06-15 15:45 . 2012-06-15 15:45 23812096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\de361406af8223de5eaa109782ea8272\System.ServiceModel.ni.dll
+ 2012-06-15 15:50 . 2012-06-15 15:50 11898880 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\e8015a653e9913ada402b8361ced3d7e\System.Management.Automation.ni.dll
+ 2012-06-15 15:41 . 2012-06-15 15:41 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\dfb7152260d641e49ec1ecf0f2df0f37\System.Design.ni.dll
+ 2012-06-15 15:43 . 2012-06-15 15:43 19173376 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\916af5e5c39e1226e0b87a80e3a979f2\PresentationFramework.ni.dll
+ 2012-06-15 15:42 . 2012-06-15 15:42 16517120 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\ea90a194614680a484a25b6ccc4df754\PresentationCore.ni.dll
+ 2012-06-15 15:40 . 2012-06-15 15:40 15568896 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9a7b48ad2929bc93362ec42cd4573f87\mscorlib.ni.dll
+ 2012-06-15 15:49 . 2012-06-15 15:49 25462272 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\f0269fca7328d35e580371a10527634e\ehshell.ni.dll
+ 2012-06-15 15:44 . 2012-06-15 15:44 12433920 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
+ 2012-06-15 15:45 . 2012-06-15 15:45 11824128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
+ 2012-06-15 15:47 . 2012-06-15 15:47 17400320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7900b4e8c860d8b4a3c1f98047c3c1a3\System.ServiceModel.ni.dll
+ 2012-06-15 15:45 . 2012-06-15 15:45 10578432 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\1321319c8922886e520d2821b5a64dca\System.Design.ni.dll
+ 2012-06-15 15:44 . 2012-06-15 15:44 14325760 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll
+ 2012-06-15 15:44 . 2012-06-15 15:44 12218880 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll
+ 2012-06-15 15:43 . 2012-06-15 15:43 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-06-03 3218792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-02 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 257696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-02 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-01-29 103792]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 10:42]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-02 02:08]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-02 02:08]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675067982-3295729358-1155118055-1000Core.job
- c:\users\grizzard\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-15 06:22]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675067982-3295729358-1155118055-1000UA.job
- c:\users\grizzard\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-15 06:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-26 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-26 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-26 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 24.116.2.50 24.116.2.34 192.168.1.1
FF - ProfilePath - c:\users\grizzard\AppData\Roaming\Mozilla\Firefox\Profiles\kqd3l37a.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Panda USB Vaccine\USBVaccine.exe
.
**************************************************************************
.
Completion time: 2012-06-15 13:50:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-15 18:50
ComboFix2.txt 2012-06-15 08:09
ComboFix3.txt 2012-06-15 07:13
.
Pre-Run: 211,667,656,704 bytes free
Post-Run: 211,332,456,448 bytes free
.
- - End Of File - - EE8FF8B34821A7357E50F89539998DBE

[Essexboy]

That indicates a driver.. Although you posted the Combofix log not the OTL one

Lets try a clean boot to see if it is a driver conflict

Step 1:

Start the System Configuration Utility
Click Start, click Run, type msconfig, and then click OK.
The System Configuration Utility dialog box is displayed.

Step 2:

Configure selective startup options
In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
Click the Services tab.
Click to select the Hide All Microsoft Services check box.
Click Disable All, and then click OK.
When you are prompted, click Restart to restart the computer.

Step 3: Log on to Windows

If you are prompted, log on to Windows.


Now we get to the tedious part,:

If windows behaves itself then do the following

Restart MSConfig and select half of the disabled services and reboot

Is the problem still present ?

If Yes then deselect half of the services that you resumed and reboot

If no then select half of the remaining services and reboot

The intention here is to isolate the one service/driver that is causing the problem