Solved: Avast keeps detecting threats, google redirects

mjplus7 · 14-Jul-2012, 10:10 PM #1

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:52:13 PM, on 7/14/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Remote Mouse\server\server.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe
C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Family\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: WhiteSmoke Bar Toolbar - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: WhiteSmoke Bar - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: ooVoo Toolbar - {574be437-25ae-4010-a53e-8c63b6ae02ff} - C:\Program Files (x86)\oovootoolbar\vmntemplateX.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: ooVoo Toolbar - {574be437-25ae-4010-a53e-8c63b6ae02ff} - C:\Program Files (x86)\oovootoolbar\vmntemplateX.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: WhiteSmoke Bar Toolbar - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ooVoo.exe] C:\program files (x86)\oovoo\oovoo.exe /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Family\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Norton] rundll32.exe C:\Users\Family\AppData\Local\Norton\zspzngfu.dll,DEC_Init
O4 - HKCU\..\Run: [Adobe] rundll32.exe "C:\Users\Family\AppData\Local\AIM\Adobe\knywun.dll",CreateInstance
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe -update activex
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: WhiteSmoke Updater Service (UpdaterService) - Unknown owner - C:\ProgramData\UpdaterService\wsupdsvc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18092 bytes

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Family at 21:54:20 on 2012-07-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1569 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\UpdaterService\wsupdsvc.exe
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\ProgramData\UpdaterService\wsupdsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Remote Mouse\server\server.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
mURLSearchHooks: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: ooVoo Toolbar: {574be437-25ae-4010-a53e-8c63b6ae02ff} - C:\Program Files (x86)\oovootoolbar\vmntemplateX.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Wajam: {a7a6995d-6ee1-4fd1-a258-49395d5bf99c} - C:\Program Files (x86)\Wajam\IE\wajam.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: ooVoo Toolbar: {574be437-25ae-4010-a53e-8c63b6ae02ff} - C:\Program Files (x86)\oovootoolbar\vmntemplateX.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /c
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [ooVoo.exe] C:\program files (x86)\oovoo\oovoo.exe /minimized
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Facebook Update] "C:\Users\Family\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Norton] rundll32.exe C:\Users\Family\AppData\Local\Norton\zspzngfu.dll,DEC_Init
uRun: [Adobe] rundll32.exe "C:\Users\Family\AppData\Local\AIM\Adobe\knywun.dll",CreateInstance
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe -update activex
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Family\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 167.206.245.130 167.206.245.129
TCP: Interfaces\{6352B4A1-6618-4A5C-A078-C0AAD8B05A82} : DhcpNameServer = 192.168.2.1 167.206.245.130 167.206.245.129
TCP: Interfaces\{6352B4A1-6618-4A5C-A078-C0AAD8B05A82}\0443030335F614675632 : DhcpNameServer = 10.110.0.10 10.5.0.10
TCP: Interfaces\{6352B4A1-6618-4A5C-A078-C0AAD8B05A82}\4696375616375637 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6352B4A1-6618-4A5C-A078-C0AAD8B05A82}\4696375616375637D27657563747 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6352B4A1-6618-4A5C-A078-C0AAD8B05A82}\75C414E4 : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
BHO-X64: WhiteSmoke Bar - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: ooVoo Toolbar: {574be437-25ae-4010-a53e-8c63b6ae02ff} - C:\Program Files (x86)\oovootoolbar\vmntemplateX.dll
BHO-X64: ooVoo Toolbar - No File
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll
BHO-X64: Wajam IE BHO - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: ooVoo Toolbar: {574be437-25ae-4010-a53e-8c63b6ae02ff} - C:\Program Files (x86)\oovootoolbar\vmntemplateX.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-5-22 44768]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 UpdaterService;WhiteSmoke Updater Service;C:\ProgramData\UpdaterService\wsupdsvc.exe [2012-4-29 549744]
R2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-1-24 109064]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 227896]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-18 135664]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-18 135664]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 22:00:37.99 ===============

mjplus7 · 15-Jul-2012, 09:58 AM #2

Avast keeps detecting threats to windows 32 and a norton folder and I never had norton's, the folder is small with one dll file in it. Any help would be appreciated. Also I think my windows is 64 bit

mjplus7 · 16-Jul-2012, 09:50 AM #3

Bump

Conspire · 16-Jul-2012, 01:03 PM #4

Hello there, mjplus7

Welcome to TSG

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:

Read the entire procedure
It is important to perform ALL actions in sequence.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Stick with me till you're given the all clear.
Remember, absence of symptoms does not mean the infection is all gone.
Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

Also note that I will not respond to this thread if I don't receive your reply for 5 days.

Do you still need help with this?

---------------------------------------------------------------------------------------------------

mjplus7 · 16-Jul-2012, 04:38 PM #5

Yes I still need help. Thank you.

Conspire · 16-Jul-2012, 11:35 PM #6

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
Allow it to update where necessary
Click Scan
- Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
- You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
aswMBR log
TDSS Killer log

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

mjplus7 · 17-Jul-2012, 12:04 AM #7

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-16 23:46:34
-----------------------------
23:46:34.688 OS Version: Windows x64 6.1.7601 Service Pack 1
23:46:34.688 Number of processors: 2 586 0x170A
23:46:34.688 ComputerName: FAMILY-PC UserName: Family
23:46:37.462 Initialize success
23:46:41.441 AVAST engine defs: 12071601
23:46:53.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:46:53.609 Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40J Size: 305245MB BusType: 11
23:46:53.640 Disk 0 MBR read successfully
23:46:53.640 Disk 0 MBR scan
23:46:53.655 Disk 0 unknown MBR code
23:46:53.671 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
23:46:53.671 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292890 MB offset 409600
23:46:53.702 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12154 MB offset 600248320
23:46:53.749 Disk 0 scanning C:\Windows\system32\drivers
23:47:08.789 Service scanning
23:47:37.153 Modules scanning
23:47:37.163 Disk 0 trace - called modules:
23:47:37.193 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:47:37.543 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031a2060]
23:47:37.553 3 CLASSPNP.SYS[fffff8800112843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002ed5060]
23:47:38.468 AVAST engine scan C:\Windows
23:47:41.791 AVAST engine scan C:\Windows\system32
23:49:34.211 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
23:49:36.928 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
23:50:31.967 AVAST engine scan C:\Windows\system32\drivers
23:50:47.894 AVAST engine scan C:\Users\Family
23:53:38.988 Disk 0 MBR has been saved successfully to "C:\Users\Family\Desktop\MBR.dat"
23:53:39.008 The log file has been saved successfully to "C:\Users\Family\Desktop\aswMBR.txt"

23:56:16.0235 5896 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
23:56:16.0505 5896 ============================================================
23:56:16.0505 5896 Current date / time: 2012/07/16 23:56:16.0505
23:56:16.0505 5896 SystemInfo:
23:56:16.0505 5896
23:56:16.0505 5896 OS Version: 6.1.7601 ServicePack: 1.0
23:56:16.0505 5896 Product type: Workstation
23:56:16.0505 5896 ComputerName: FAMILY-PC
23:56:16.0505 5896 UserName: Family
23:56:16.0505 5896 Windows directory: C:\Windows
23:56:16.0505 5896 System windows directory: C:\Windows
23:56:16.0505 5896 Running under WOW64
23:56:16.0505 5896 Processor architecture: Intel x64
23:56:16.0505 5896 Number of processors: 2
23:56:16.0505 5896 Page size: 0x1000
23:56:16.0505 5896 Boot type: Normal boot
23:56:16.0505 5896 ============================================================
23:56:18.0419 5896 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x13135, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x7F, Type 'K0', Flags 0x00000040
23:56:18.0466 5896 ============================================================
23:56:18.0466 5896 \Device\Harddisk0\DR0:
23:56:18.0466 5896 MBR partitions:
23:56:18.0466 5896 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
23:56:18.0466 5896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23C0D000
23:56:18.0466 5896 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23C71000, BlocksNum 0x17BD000
23:56:18.0466 5896 ============================================================
23:56:18.0482 5896 C: <-> \Device\Harddisk0\DR0\Partition1
23:56:18.0529 5896 D: <-> \Device\Harddisk0\DR0\Partition2
23:56:18.0529 5896 ============================================================
23:56:18.0529 5896 Initialize success
23:56:18.0529 5896 ============================================================
23:56:24.0082 9096 ============================================================
23:56:24.0082 9096 Scan started
23:56:24.0082 9096 Mode: Manual;
23:56:24.0082 9096 ============================================================
23:56:25.0471 9096 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:56:25.0486 9096 1394ohci - ok
23:56:25.0549 9096 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:56:25.0564 9096 ACPI - ok
23:56:25.0595 9096 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:56:25.0611 9096 AcpiPmi - ok
23:56:25.0751 9096 AdobeActiveFileMonitor7.0 (3fd8dc2c9735c2aa70155102cfb93eda) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
23:56:25.0751 9096 AdobeActiveFileMonitor7.0 - ok
23:56:25.0923 9096 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:56:25.0939 9096 AdobeFlashPlayerUpdateSvc - ok
23:56:26.0032 9096 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:56:26.0032 9096 adp94xx - ok
23:56:26.0110 9096 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:56:26.0110 9096 adpahci - ok
23:56:26.0141 9096 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:56:26.0141 9096 adpu320 - ok
23:56:26.0188 9096 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:56:26.0188 9096 AeLookupSvc - ok
23:56:26.0282 9096 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:56:26.0282 9096 AFD - ok
23:56:26.0329 9096 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:56:26.0344 9096 agp440 - ok
23:56:26.0360 9096 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:56:26.0360 9096 ALG - ok
23:56:26.0391 9096 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:56:26.0391 9096 aliide - ok
23:56:26.0422 9096 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:56:26.0422 9096 amdide - ok
23:56:26.0485 9096 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:56:26.0485 9096 AmdK8 - ok
23:56:26.0516 9096 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:56:26.0516 9096 AmdPPM - ok
23:56:26.0578 9096 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:56:26.0578 9096 amdsata - ok
23:56:26.0609 9096 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:56:26.0625 9096 amdsbs - ok
23:56:26.0641 9096 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:56:26.0641 9096 amdxata - ok
23:56:26.0719 9096 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:56:26.0719 9096 AppID - ok
23:56:26.0750 9096 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:56:26.0750 9096 AppIDSvc - ok
23:56:26.0797 9096 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:56:26.0797 9096 Appinfo - ok
23:56:26.0953 9096 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:56:26.0953 9096 Apple Mobile Device - ok
23:56:27.0015 9096 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:56:27.0015 9096 arc - ok
23:56:27.0031 9096 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:56:27.0031 9096 arcsas - ok
23:56:27.0109 9096 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
23:56:27.0109 9096 aswFsBlk - ok
23:56:27.0218 9096 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
23:56:27.0218 9096 aswMonFlt - ok
23:56:27.0327 9096 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
23:56:27.0327 9096 aswRdr - ok
23:56:27.0499 9096 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
23:56:27.0514 9096 aswSnx - ok
23:56:27.0577 9096 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
23:56:27.0592 9096 aswSP - ok
23:56:27.0655 9096 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
23:56:27.0655 9096 aswTdi - ok
23:56:27.0701 9096 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:56:27.0701 9096 AsyncMac - ok
23:56:27.0733 9096 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:56:27.0748 9096 atapi - ok
23:56:27.0967 9096 athr (96abf88241f90ff647e55c934c55c2f1) C:\Windows\system32\DRIVERS\athrx.sys
23:56:27.0998 9096 athr - ok
23:56:28.0216 9096 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:56:28.0232 9096 AudioEndpointBuilder - ok
23:56:28.0247 9096 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:56:28.0247 9096 AudioSrv - ok
23:56:28.0357 9096 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
23:56:28.0357 9096 avast! Antivirus - ok
23:56:28.0419 9096 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:56:28.0419 9096 AxInstSV - ok
23:56:28.0528 9096 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:56:28.0528 9096 b06bdrv - ok
23:56:28.0606 9096 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:56:28.0606 9096 b57nd60a - ok
23:56:28.0949 9096 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
23:56:28.0949 9096 BBSvc - ok
23:56:29.0012 9096 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
23:56:29.0012 9096 BBUpdate - ok
23:56:29.0074 9096 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:56:29.0074 9096 BDESVC - ok
23:56:29.0121 9096 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:56:29.0121 9096 Beep - ok
23:56:29.0230 9096 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
23:56:29.0261 9096 BITS - ok
23:56:29.0324 9096 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:56:29.0324 9096 blbdrive - ok
23:56:29.0449 9096 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:56:29.0464 9096 Bonjour Service - ok
23:56:29.0527 9096 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:56:29.0527 9096 bowser - ok
23:56:29.0573 9096 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:56:29.0573 9096 BrFiltLo - ok
23:56:29.0589 9096 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:56:29.0589 9096 BrFiltUp - ok
23:56:29.0636 9096 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:56:29.0636 9096 Browser - ok
23:56:29.0683 9096 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:56:29.0698 9096 Brserid - ok
23:56:29.0714 9096 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:56:29.0714 9096 BrSerWdm - ok
23:56:29.0739 9096 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:56:29.0739 9096 BrUsbMdm - ok
23:56:29.0759 9096 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:56:29.0759 9096 BrUsbSer - ok
23:56:29.0809 9096 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:56:29.0809 9096 BTHMODEM - ok
23:56:29.0879 9096 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:56:29.0879 9096 bthserv - ok
23:56:30.0059 9096 btwdins (e090e9f1a10ab395b138357f2c600082) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
23:56:30.0079 9096 btwdins - ok
23:56:30.0149 9096 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
23:56:30.0159 9096 CAXHWAZL - ok
23:56:30.0219 9096 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:56:30.0229 9096 cdfs - ok
23:56:30.0289 9096 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:56:30.0289 9096 cdrom - ok
23:56:30.0349 9096 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:56:30.0359 9096 CertPropSvc - ok
23:56:30.0419 9096 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:56:30.0419 9096 circlass - ok
23:56:30.0479 9096 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:56:30.0479 9096 CLFS - ok
23:56:30.0569 9096 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:56:30.0569 9096 clr_optimization_v2.0.50727_32 - ok
23:56:30.0619 9096 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:56:30.0619 9096 clr_optimization_v2.0.50727_64 - ok
23:56:30.0739 9096 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:56:30.0759 9096 clr_optimization_v4.0.30319_32 - ok
23:56:30.0819 9096 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:56:30.0819 9096 clr_optimization_v4.0.30319_64 - ok
23:56:30.0879 9096 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:56:30.0879 9096 CmBatt - ok
23:56:30.0919 9096 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:56:30.0919 9096 cmdide - ok
23:56:30.0979 9096 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
23:56:30.0989 9096 CNG - ok
23:56:31.0089 9096 CnxtHdAudService (a44dfdb81dc62b11760881175e5b2266) C:\Windows\system32\drivers\CHDRT64.sys
23:56:31.0099 9096 CnxtHdAudService - ok
23:56:31.0279 9096 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
23:56:31.0289 9096 Com4QLBEx - ok
23:56:31.0359 9096 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:56:31.0359 9096 Compbatt - ok
23:56:31.0409 9096 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:56:31.0409 9096 CompositeBus - ok
23:56:31.0429 9096 COMSysApp - ok
23:56:31.0489 9096 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:56:31.0489 9096 crcdisk - ok
23:56:31.0559 9096 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
23:56:31.0569 9096 CryptSvc - ok
23:56:31.0649 9096 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:56:31.0669 9096 DcomLaunch - ok
23:56:31.0749 9096 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:56:31.0749 9096 defragsvc - ok
23:56:31.0821 9096 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:56:31.0836 9096 DfsC - ok
23:56:31.0899 9096 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:56:31.0914 9096 Dhcp - ok
23:56:31.0930 9096 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:56:31.0930 9096 discache - ok
23:56:31.0992 9096 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:56:31.0992 9096 Disk - ok
23:56:32.0055 9096 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:56:32.0055 9096 Dnscache - ok
23:56:32.0101 9096 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:56:32.0117 9096 dot3svc - ok
23:56:32.0164 9096 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:56:32.0164 9096 DPS - ok
23:56:32.0226 9096 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:56:32.0226 9096 drmkaud - ok
23:56:32.0335 9096 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:56:32.0351 9096 DXGKrnl - ok
23:56:32.0413 9096 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:56:32.0429 9096 EapHost - ok
23:56:32.0663 9096 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:56:32.0725 9096 ebdrv - ok
23:56:32.0850 9096 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:56:32.0866 9096 EFS - ok
23:56:32.0975 9096 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:56:32.0991 9096 ehRecvr - ok
23:56:33.0053 9096 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:56:33.0053 9096 ehSched - ok
23:56:33.0162 9096 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:56:33.0178 9096 elxstor - ok
23:56:33.0209 9096 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:56:33.0209 9096 ErrDev - ok
23:56:33.0303 9096 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:56:33.0318 9096 EventSystem - ok
23:56:33.0365 9096 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:56:33.0365 9096 exfat - ok
23:56:33.0381 9096 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:56:33.0396 9096 fastfat - ok
23:56:33.0505 9096 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:56:33.0521 9096 Fax - ok
23:56:33.0552 9096 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:56:33.0552 9096 fdc - ok
23:56:33.0583 9096 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:56:33.0583 9096 fdPHost - ok
23:56:33.0599 9096 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:56:33.0599 9096 FDResPub - ok
23:56:33.0630 9096 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:56:33.0630 9096 FileInfo - ok
23:56:33.0646 9096 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:56:33.0661 9096 Filetrace - ok
23:56:33.0817 9096 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:56:33.0833 9096 FLEXnet Licensing Service - ok
23:56:33.0849 9096 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:56:33.0864 9096 flpydisk - ok
23:56:33.0911 9096 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:56:33.0911 9096 FltMgr - ok
23:56:34.0239 9096 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:56:34.0254 9096 FontCache - ok
23:56:34.0348 9096 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:56:34.0348 9096 FontCache3.0.0.0 - ok
23:56:34.0395 9096 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:56:34.0395 9096 FsDepends - ok
23:56:34.0441 9096 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:56:34.0441 9096 Fs_Rec - ok
23:56:34.0504 9096 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:56:34.0519 9096 fvevol - ok
23:56:34.0566 9096 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:56:34.0566 9096 gagp30kx - ok
23:56:34.0691 9096 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
23:56:34.0691 9096 GameConsoleService - ok
23:56:34.0753 9096 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:56:34.0753 9096 GEARAspiWDM - ok
23:56:34.0847 9096 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:56:34.0863 9096 gpsvc - ok
23:56:35.0003 9096 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:56:35.0003 9096 gupdate - ok
23:56:35.0050 9096 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:56:35.0050 9096 gupdatem - ok
23:56:35.0097 9096 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:56:35.0097 9096 gusvc - ok
23:56:35.0128 9096 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:56:35.0128 9096 hcw85cir - ok
23:56:35.0221 9096 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:56:35.0237 9096 HdAudAddService - ok
23:56:35.0284 9096 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:56:35.0284 9096 HDAudBus - ok
23:56:35.0331 9096 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:56:35.0331 9096 HidBatt - ok
23:56:35.0377 9096 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:56:35.0393 9096 HidBth - ok
23:56:35.0409 9096 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:56:35.0409 9096 HidIr - ok
23:56:35.0455 9096 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
23:56:35.0455 9096 hidserv - ok
23:56:35.0518 9096 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:56:35.0518 9096 HidUsb - ok
23:56:35.0565 9096 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:56:35.0580 9096 hkmsvc - ok
23:56:35.0627 9096 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:56:35.0643 9096 HomeGroupListener - ok
23:56:35.0705 9096 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:56:35.0705 9096 HomeGroupProvider - ok
23:56:35.0861 9096 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
23:56:35.0877 9096 HP Support Assistant Service - ok
23:56:35.0955 9096 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
23:56:35.0955 9096 HPDrvMntSvc.exe - ok
23:56:36.0001 9096 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
23:56:36.0017 9096 HpqKbFiltr - ok
23:56:36.0111 9096 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
23:56:36.0126 9096 hpqwmiex - ok
23:56:36.0204 9096 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:56:36.0204 9096 HpSAMD - ok
23:56:36.0329 9096 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
23:56:36.0345 9096 HsfXAudioService - ok
23:56:36.0501 9096 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
23:56:36.0516 9096 HSF_DPV - ok
23:56:36.0719 9096 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:56:36.0735 9096 HTTP - ok
23:56:36.0781 9096 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:56:36.0781 9096 hwpolicy - ok
23:56:36.0828 9096 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:56:36.0828 9096 i8042prt - ok
23:56:36.0906 9096 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:56:36.0906 9096 iaStorV - ok
23:56:37.0031 9096 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:56:37.0047 9096 idsvc - ok
23:56:37.0889 9096 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:56:38.0170 9096 igfx - ok
23:56:38.0341 9096 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:56:38.0341 9096 iirsp - ok
23:56:38.0451 9096 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:56:38.0466 9096 IKEEXT - ok
23:56:38.0544 9096 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
23:56:38.0544 9096 IntcHdmiAddService - ok
23:56:38.0575 9096 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:56:38.0575 9096 intelide - ok
23:56:38.0638 9096 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:56:38.0638 9096 intelppm - ok
23:56:38.0700 9096 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:56:38.0700 9096 IPBusEnum - ok
23:56:38.0747 9096 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:56:38.0747 9096 IpFilterDriver - ok
23:56:38.0778 9096 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:56:38.0778 9096 IPMIDRV - ok
23:56:38.0841 9096 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:56:38.0841 9096 IPNAT - ok
23:56:38.0966 9096 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
23:56:38.0981 9096 iPod Service - ok
23:56:39.0012 9096 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:56:39.0012 9096 IRENUM - ok
23:56:39.0059 9096 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:56:39.0059 9096 isapnp - ok
23:56:39.0106 9096 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:56:39.0122 9096 iScsiPrt - ok
23:56:39.0215 9096 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:56:39.0215 9096 kbdclass - ok
23:56:39.0278 9096 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:56:39.0278 9096 kbdhid - ok
23:56:39.0309 9096 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:56:39.0309 9096 KeyIso - ok
23:56:39.0371 9096 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
23:56:39.0371 9096 KSecDD - ok
23:56:39.0434 9096 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
23:56:39.0434 9096 KSecPkg - ok
23:56:39.0449 9096 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:56:39.0449 9096 ksthunk - ok
23:56:39.0527 9096 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:56:39.0527 9096 KtmRm - ok
23:56:39.0605 9096 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
23:56:39.0621 9096 LanmanServer - ok
23:56:39.0668 9096 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:56:39.0668 9096 LanmanWorkstation - ok
23:56:39.0808 9096 LightScribeService (3503f257b3203f824b1567238ebe17e2) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
23:56:39.0808 9096 LightScribeService - ok
23:56:39.0870 9096 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:56:39.0870 9096 lltdio - ok
23:56:39.0948 9096 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:56:39.0964 9096 lltdsvc - ok
23:56:39.0980 9096 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:56:39.0980 9096 lmhosts - ok
23:56:40.0042 9096 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:56:40.0042 9096 LSI_FC - ok
23:56:40.0074 9096 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:56:40.0074 9096 LSI_SAS - ok
23:56:40.0105 9096 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:56:40.0105 9096 LSI_SAS2 - ok
23:56:40.0137 9096 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:56:40.0137 9096 LSI_SCSI - ok
23:56:40.0199 9096 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:56:40.0199 9096 luafv - ok
23:56:40.0277 9096 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:56:40.0277 9096 Mcx2Svc - ok
23:56:40.0324 9096 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:56:40.0324 9096 mdmxsdk - ok
23:56:40.0355 9096 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:56:40.0355 9096 megasas - ok
23:56:40.0402 9096 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:56:40.0417 9096 MegaSR - ok
23:56:40.0449 9096 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:56:40.0449 9096 MMCSS - ok
23:56:40.0480 9096 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:56:40.0480 9096 Modem - ok
23:56:40.0527 9096 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:56:40.0527 9096 monitor - ok
23:56:40.0605 9096 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
23:56:40.0605 9096 mouclass - ok
23:56:40.0698 9096 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:56:40.0698 9096 mouhid - ok
23:56:40.0745 9096 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:56:40.0745 9096 mountmgr - ok
23:56:40.0792 9096 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:56:40.0792 9096 mpio - ok
23:56:40.0823 9096 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:56:40.0823 9096 mpsdrv - ok
23:56:40.0870 9096 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:56:40.0870 9096 MRxDAV - ok
23:56:40.0917 9096 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:56:40.0932 9096 mrxsmb - ok
23:56:40.0979 9096 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:56:40.0979 9096 mrxsmb10 - ok
23:56:41.0010 9096 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:56:41.0010 9096 mrxsmb20 - ok
23:56:41.0057 9096 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:56:41.0057 9096 msahci - ok
23:56:41.0104 9096 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:56:41.0104 9096 msdsm - ok
23:56:41.0135 9096 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:56:41.0151 9096 MSDTC - ok
23:56:41.0197 9096 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:56:41.0213 9096 Msfs - ok
23:56:41.0213 9096 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:56:41.0213 9096 mshidkmdf - ok
23:56:41.0229 9096 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:56:41.0229 9096 msisadrv - ok
23:56:41.0307 9096 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:56:41.0307 9096 MSiSCSI - ok
23:56:41.0307 9096 msiserver - ok
23:56:41.0338 9096 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:56:41.0338 9096 MSKSSRV - ok
23:56:41.0353 9096 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:56:41.0353 9096 MSPCLOCK - ok
23:56:41.0369 9096 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:56:41.0385 9096 MSPQM - ok
23:56:41.0447 9096 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:56:41.0447 9096 MsRPC - ok
23:56:41.0494 9096 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:56:41.0494 9096 mssmbios - ok
23:56:41.0525 9096 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:56:41.0525 9096 MSTEE - ok
23:56:41.0541 9096 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:56:41.0541 9096 MTConfig - ok
23:56:41.0572 9096 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:56:41.0572 9096 Mup - ok
23:56:41.0634 9096 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:56:41.0650 9096 napagent - ok
23:56:41.0728 9096 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:56:41.0743 9096 NativeWifiP - ok
23:56:41.0837 9096 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:56:41.0853 9096 NDIS - ok
23:56:41.0868 9096 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:56:41.0868 9096 NdisCap - ok
23:56:41.0915 9096 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:56:41.0915 9096 NdisTapi - ok
23:56:41.0977 9096 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:56:41.0977 9096 Ndisuio - ok
23:56:42.0024 9096 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:56:42.0024 9096 NdisWan - ok
23:56:42.0071 9096 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:56:42.0071 9096 NDProxy - ok
23:56:42.0133 9096 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:56:42.0133 9096 NetBIOS - ok
23:56:42.0180 9096 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:56:42.0196 9096 NetBT - ok
23:56:42.0227 9096 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:56:42.0243 9096 Netlogon - ok
23:56:42.0321 9096 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:56:42.0336 9096 Netman - ok
23:56:42.0367 9096 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:56:42.0383 9096 netprofm - ok
23:56:42.0461 9096 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:56:42.0461 9096 NetTcpPortSharing - ok
23:56:42.0882 9096 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
23:56:42.0976 9096 netw5v64 - ok
23:56:43.0147 9096 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:56:43.0147 9096 nfrd960 - ok
23:56:43.0225 9096 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:56:43.0225 9096 NlaSvc - ok
23:56:43.0303 9096 NPF (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\drivers\npf.sys
23:56:43.0303 9096 NPF - ok
23:56:43.0335 9096 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:56:43.0350 9096 Npfs - ok
23:56:43.0366 9096 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:56:43.0381 9096 nsi - ok
23:56:43.0397 9096 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:56:43.0397 9096 nsiproxy - ok
23:56:43.0553 9096 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:56:43.0584 9096 Ntfs - ok
23:56:43.0725 9096 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:56:43.0725 9096 Null - ok
23:56:43.0771 9096 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:56:43.0771 9096 nvraid - ok
23:56:43.0803 9096 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:56:43.0803 9096 nvstor - ok
23:56:43.0865 9096 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:56:43.0881 9096 nv_agp - ok
23:56:44.0037 9096 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:56:44.0037 9096 odserv - ok
23:56:44.0083 9096 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:56:44.0083 9096 ohci1394 - ok
23:56:44.0161 9096 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:56:44.0161 9096 ose - ok
23:56:44.0224 9096 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:56:44.0224 9096 p2pimsvc - ok
23:56:44.0271 9096 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:56:44.0286 9096 p2psvc - ok
23:56:44.0333 9096 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:56:44.0333 9096 Parport - ok
23:56:44.0364 9096 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:56:44.0364 9096 partmgr - ok
23:56:44.0395 9096 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:56:44.0411 9096 PcaSvc - ok
23:56:44.0458 9096 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:56:44.0473 9096 pci - ok
23:56:44.0473 9096 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:56:44.0489 9096 pciide - ok
23:56:44.0520 9096 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:56:44.0536 9096 pcmcia - ok
23:56:44.0567 9096 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:56:44.0567 9096 pcw - ok
23:56:44.0629 9096 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:56:44.0645 9096 PEAUTH - ok
23:56:44.0739 9096 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:56:44.0739 9096 PerfHost - ok
23:56:44.0941 9096 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:56:44.0973 9096 pla - ok
23:56:45.0175 9096 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:56:45.0191 9096 PlugPlay - ok
23:56:45.0222 9096 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:56:45.0222 9096 PNRPAutoReg - ok
23:56:45.0269 9096 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:56:45.0269 9096 PNRPsvc - ok
23:56:45.0347 9096 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:56:45.0347 9096 PolicyAgent - ok
23:56:45.0394 9096 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:56:45.0409 9096 Power - ok
23:56:45.0503 9096 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:56:45.0519 9096 PptpMiniport - ok
23:56:45.0550 9096 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:56:45.0550 9096 Processor - ok
23:56:45.0597 9096 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
23:56:45.0612 9096 ProfSvc - ok
23:56:45.0628 9096 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:56:45.0643 9096 ProtectedStorage - ok
23:56:45.0706 9096 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:56:45.0706 9096 Psched - ok
23:56:45.0784 9096 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
23:56:45.0784 9096 PxHlpa64 - ok
23:56:45.0909 9096 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:56:45.0940 9096 ql2300 - ok
23:56:46.0080 9096 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:56:46.0096 9096 ql40xx - ok
23:56:46.0143 9096 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:56:46.0143 9096 QWAVE - ok
23:56:46.0174 9096 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:56:46.0174 9096 QWAVEdrv - ok
23:56:46.0189 9096 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:56:46.0189 9096 RasAcd - ok
23:56:46.0236 9096 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:56:46.0252 9096 RasAgileVpn - ok
23:56:46.0267 9096 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:56:46.0283 9096 RasAuto - ok
23:56:46.0314 9096 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:56:46.0330 9096 Rasl2tp - ok
23:56:46.0392 9096 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:56:46.0392 9096 RasMan - ok
23:56:46.0408 9096 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:56:46.0423 9096 RasPppoe - ok
23:56:46.0439 9096 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:56:46.0439 9096 RasSstp - ok
23:56:46.0501 9096 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys
23:56:46.0501 9096 rcmirror - ok
23:56:46.0533 9096 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:56:46.0548 9096 rdbss - ok
23:56:46.0564 9096 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:56:46.0579 9096 rdpbus - ok
23:56:46.0611 9096 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:56:46.0611 9096 RDPCDD - ok
23:56:46.0642 9096 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:56:46.0657 9096 RDPENCDD - ok
23:56:46.0673 9096 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:56:46.0673 9096 RDPREFMP - ok
23:56:46.0720 9096 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
23:56:46.0720 9096 RDPWD - ok
23:56:46.0798 9096 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:56:46.0798 9096 rdyboost - ok
23:56:46.0860 9096 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:56:46.0860 9096 RemoteAccess - ok
23:56:46.0907 9096 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:56:46.0923 9096 RemoteRegistry - ok
23:56:47.0047 9096 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
23:56:47.0047 9096 RichVideo - ok
23:56:47.0125 9096 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files (x86)\WinPcap\rpcapd.exe
23:56:47.0141 9096 rpcapd - ok
23:56:47.0172 9096 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:56:47.0188 9096 RpcEptMapper - ok
23:56:47.0203 9096 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:56:47.0219 9096 RpcLocator - ok
23:56:47.0297 9096 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:56:47.0313 9096 RpcSs - ok
23:56:47.0375 9096 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:56:47.0391 9096 rspndr - ok
23:56:47.0469 9096 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
23:56:47.0469 9096 RSUSBSTOR - ok
23:56:47.0531 9096 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:56:47.0531 9096 RTL8167 - ok
23:56:47.0547 9096 RtsUIR - ok
23:56:47.0578 9096 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:56:47.0578 9096 SamSs - ok
23:56:47.0625 9096 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:56:47.0640 9096 sbp2port - ok
23:56:47.0671 9096 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:56:47.0687 9096 SCardSvr - ok
23:56:47.0718 9096 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:56:47.0734 9096 scfilter - ok
23:56:47.0827 9096 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:56:47.0859 9096 Schedule - ok
23:56:47.0890 9096 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:56:47.0905 9096 SCPolicySvc - ok
23:56:47.0999 9096 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
23:56:47.0999 9096 sdbus - ok
23:56:48.0061 9096 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:56:48.0077 9096 SDRSVC - ok
23:56:48.0124 9096 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:56:48.0139 9096 secdrv - ok
23:56:48.0171 9096 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:56:48.0186 9096 seclogon - ok
23:56:48.0217 9096 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
23:56:48.0217 9096 SENS - ok
23:56:48.0264 9096 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:56:48.0280 9096 SensrSvc - ok
23:56:48.0295 9096 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:56:48.0311 9096 Serenum - ok
23:56:48.0327 9096 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:56:48.0342 9096 Serial - ok
23:56:48.0373 9096 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:56:48.0373 9096 sermouse - ok
23:56:48.0420 9096 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:56:48.0436 9096 SessionEnv - ok
23:56:48.0467 9096 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:56:48.0483 9096 sffdisk - ok
23:56:48.0498 9096 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:56:48.0498 9096 sffp_mmc - ok
23:56:48.0498 9096 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:56:48.0498 9096 sffp_sd - ok
23:56:48.0545 9096 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:56:48.0545 9096 sfloppy - ok
23:56:48.0607 9096 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:56:48.0623 9096 ShellHWDetection - ok
23:56:48.0670 9096 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:56:48.0685 9096 SiSRaid2 - ok
23:56:48.0701 9096 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:56:48.0701 9096 SiSRaid4 - ok
23:56:48.0763 9096 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:56:48.0779 9096 Smb - ok
23:56:48.0841 9096 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:56:48.0841 9096 SNMPTRAP - ok
23:56:48.0857 9096 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:56:48.0873 9096 spldr - ok
23:56:48.0951 9096 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:56:48.0966 9096 Spooler - ok
23:56:49.0216 9096 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:56:49.0278 9096 sppsvc - ok
23:56:49.0434 9096 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:56:49.0434 9096 sppuinotify - ok
23:56:49.0528 9096 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:56:49.0528 9096 srv - ok
23:56:49.0606 9096 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:56:49.0606 9096 srv2 - ok
23:56:49.0653 9096 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:56:49.0653 9096 SrvHsfHDA - ok
23:56:49.0762 9096 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:56:49.0793 9096 SrvHsfV92 - ok
23:56:49.0996 9096 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:56:50.0011 9096 SrvHsfWinac - ok
23:56:50.0058 9096 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:56:50.0058 9096 srvnet - ok
23:56:50.0121 9096 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:56:50.0136 9096 SSDPSRV - ok
23:56:50.0167 9096 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:56:50.0167 9096 SstpSvc - ok
23:56:50.0199 9096 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:56:50.0199 9096 stexstor - ok
23:56:50.0292 9096 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:56:50.0308 9096 stisvc - ok
23:56:50.0355 9096 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:56:50.0355 9096 swenum - ok
23:56:50.0417 9096 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:56:50.0433 9096 swprv - ok
23:56:50.0511 9096 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
23:56:50.0511 9096 SynTP - ok
23:56:50.0667 9096 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:56:50.0698 9096 SysMain - ok
23:56:50.0838 9096 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:56:50.0854 9096 TabletInputService - ok
23:56:50.0885 9096 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:56:50.0901 9096 TapiSrv - ok
23:56:50.0932 9096 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:56:50.0947 9096 TBS - ok
23:56:51.0135 9096 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:56:51.0197 9096 Tcpip - ok
23:56:51.0493 9096 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:56:51.0509 9096 TCPIP6 - ok
23:56:51.0603 9096 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:56:51.0603 9096 tcpipreg - ok
23:56:51.0649 9096 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:56:51.0665 9096 TDPIPE - ok
23:56:51.0696 9096 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:56:51.0696 9096 TDTCP - ok
23:56:51.0743 9096 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:56:51.0743 9096 tdx - ok
23:56:51.0790 9096 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:56:51.0790 9096 TermDD - ok
23:56:51.0852 9096 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:56:51.0868 9096 TermService - ok
23:56:51.0883 9096 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:56:51.0899 9096 Themes - ok
23:56:51.0915 9096 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:56:51.0930 9096 THREADORDER - ok
23:56:51.0993 9096 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
23:56:51.0993 9096 TIEHDUSB - ok
23:56:52.0024 9096 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:56:52.0039 9096 TrkWks - ok
23:56:52.0102 9096 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:56:52.0102 9096 TrustedInstaller - ok
23:56:52.0149 9096 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:56:52.0149 9096 tssecsrv - ok
23:56:52.0227 9096 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:56:52.0227 9096 TsUsbFlt - ok
23:56:52.0289 9096 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:56:52.0305 9096 tunnel - ok
23:56:52.0320 9096 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:56:52.0320 9096 uagp35 - ok
23:56:52.0367 9096 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:56:52.0367 9096 udfs - ok
23:56:52.0414 9096 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:56:52.0414 9096 UI0Detect - ok
23:56:52.0476 9096 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:56:52.0476 9096 uliagpkx - ok
23:56:52.0539 9096 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:56:52.0539 9096 umbus - ok
23:56:52.0617 9096 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:56:52.0617 9096 UmPass - ok
23:56:52.0741 9096 UpdaterService (132211270f2e846c4cd1c7bec980999a) C:\ProgramData\UpdaterService\wsupdsvc.exe
23:56:52.0757 9096 UpdaterService - ok
23:56:52.0819 9096 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:56:52.0819 9096 upnphost - ok
23:56:52.0882 9096 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
23:56:52.0897 9096 USBAAPL64 - ok
23:56:52.0975 9096 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:56:52.0991 9096 usbaudio - ok
23:56:53.0022 9096 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:56:53.0022 9096 usbccgp - ok
23:56:53.0053 9096 USBCCID - ok
23:56:53.0100 9096 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:56:53.0100 9096 usbcir - ok
23:56:53.0131 9096 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:56:53.0131 9096 usbehci - ok
23:56:53.0194 9096 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:56:53.0209 9096 usbhub - ok
23:56:53.0225 9096 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:56:53.0241 9096 usbohci - ok
23:56:53.0287 9096 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:56:53.0287 9096 usbprint - ok
23:56:53.0334 9096 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:56:53.0334 9096 USBSTOR - ok
23:56:53.0365 9096 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:56:53.0365 9096 usbuhci - ok
23:56:53.0437 9096 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
23:56:53.0437 9096 usbvideo - ok
23:56:53.0477 9096 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:56:53.0477 9096 UxSms - ok
23:56:53.0527 9096 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:56:53.0527 9096 VaultSvc - ok
23:56:53.0597 9096 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:56:53.0597 9096 vdrvroot - ok
23:56:53.0677 9096 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:56:53.0687 9096 vds - ok
23:56:53.0727 9096 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:56:53.0727 9096 vga - ok
23:56:53.0747 9096 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:56:53.0747 9096 VgaSave - ok
23:56:53.0807 9096 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:56:53.0807 9096 vhdmp - ok
23:56:53.0827 9096 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:56:53.0827 9096 viaide - ok
23:56:53.0877 9096 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:56:53.0877 9096 volmgr - ok
23:56:53.0937 9096 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:56:53.0937 9096 volmgrx - ok
23:56:53.0977 9096 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:56:53.0987 9096 volsnap - ok
23:56:54.0047 9096 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:56:54.0047 9096 vsmraid - ok
23:56:54.0197 9096 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:56:54.0227 9096 VSS - ok
23:56:54.0367 9096 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:56:54.0377 9096 vwifibus - ok
23:56:54.0427 9096 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:56:54.0427 9096 vwififlt - ok
23:56:54.0487 9096 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
23:56:54.0487 9096 vwifimp - ok
23:56:54.0537 9096 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:56:54.0547 9096 W32Time - ok
23:56:54.0587 9096 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:56:54.0587 9096 WacomPen - ok
23:56:54.0697 9096 WajamUpdater (4aa2cc5979aff984227364f2c23b04f3) C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
23:56:54.0707 9096 WajamUpdater - ok
23:56:54.0777 9096 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:56:54.0777 9096 WANARP - ok
23:56:54.0787 9096 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:56:54.0787 9096 Wanarpv6 - ok
23:56:54.0937 9096 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:56:54.0967 9096 WatAdminSvc - ok
23:56:55.0097 9096 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:56:55.0137 9096 wbengine - ok
23:56:55.0277 9096 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:56:55.0287 9096 WbioSrvc - ok
23:56:55.0347 9096 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:56:55.0357 9096 wcncsvc - ok
23:56:55.0377 9096 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:56:55.0387 9096 WcsPlugInService - ok
23:56:55.0417 9096 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:56:55.0417 9096 Wd - ok
23:56:55.0487 9096 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:56:55.0497 9096 Wdf01000 - ok
23:56:55.0517 9096 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:56:55.0527 9096 WdiServiceHost - ok
23:56:55.0537 9096 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:56:55.0547 9096 WdiSystemHost - ok
23:56:55.0607 9096 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:56:55.0617 9096 WebClient - ok
23:56:55.0667 9096 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:56:55.0677 9096 Wecsvc - ok
23:56:55.0697 9096 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:56:55.0697 9096 wercplsupport - ok
23:56:55.0747 9096 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:56:55.0757 9096 WerSvc - ok
23:56:55.0857 9096 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:56:55.0857 9096 WfpLwf - ok
23:56:55.0877 9096 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:56:55.0877 9096 WIMMount - ok
23:56:55.0987 9096 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
23:56:55.0997 9096 winachsf - ok
23:56:56.0007 9096 WinHttpAutoProxySvc - ok
23:56:56.0077 9096 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:56:56.0077 9096 Winmgmt - ok
23:56:56.0257 9096 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:56:56.0297 9096 WinRM - ok
23:56:56.0507 9096 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:56:56.0517 9096 WinUsb - ok
23:56:56.0607 9096 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:56:56.0627 9096 Wlansvc - ok
23:56:56.0947 9096 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:56:56.0987 9096 wlidsvc - ok
23:56:57.0167 9096 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:56:57.0167 9096 WmiAcpi - ok
23:56:57.0247 9096 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:56:57.0257 9096 wmiApSrv - ok
23:56:57.0317 9096 WMPNetworkSvc - ok
23:56:57.0367 9096 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:56:57.0367 9096 WPCSvc - ok
23:56:57.0417 9096 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:56:57.0427 9096 WPDBusEnum - ok
23:56:57.0457 9096 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:56:57.0457 9096 ws2ifsl - ok
23:56:57.0467 9096 WSearch - ok
23:56:57.0657 9096 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
23:56:57.0708 9096 wuauserv - ok
23:56:57.0864 9096 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:56:57.0879 9096 WudfPf - ok
23:56:57.0926 9096 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:56:57.0942 9096 WUDFRd - ok
23:56:57.0973 9096 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:56:57.0989 9096 wudfsvc - ok
23:56:58.0035 9096 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:56:58.0051 9096 WwanSvc - ok
23:56:58.0067 9096 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
23:56:58.0082 9096 XAudio - ok
23:56:58.0160 9096 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
23:56:58.0176 9096 yukonw7 - ok
23:56:58.0238 9096 MBR (0x1B8) (de23ad1285d12ab3358945dc7628786c) \Device\Harddisk0\DR0
23:56:58.0488 9096 \Device\Harddisk0\DR0 - ok
23:56:58.0488 9096 Boot (0x1200) (25d92dfe48a983d16446499e74ba4c52) \Device\Harddisk0\DR0\Partition0
23:56:58.0488 9096 \Device\Harddisk0\DR0\Partition0 - ok
23:56:58.0503 9096 Boot (0x1200) (eb4ff44826345e9bf9d9ee2dffa708a8) \Device\Harddisk0\DR0\Partition1
23:56:58.0503 9096 \Device\Harddisk0\DR0\Partition1 - ok
23:56:58.0535 9096 Boot (0x1200) (92ebc40c59bdb1b4cec85eb9196a18ba) \Device\Harddisk0\DR0\Partition2
23:56:58.0535 9096 \Device\Harddisk0\DR0\Partition2 - ok
23:56:58.0550 9096 ============================================================
23:56:58.0550 9096 Scan finished
23:56:58.0550 9096 ============================================================
23:56:58.0566 7736 Detected object count: 0
23:56:58.0566 7736 Actual detected object count: 0
23:57:34.0461 8076 Deinitialize success

Conspire · 17-Jul-2012, 01:24 AM #8

Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

mjplus7 · 17-Jul-2012, 10:30 AM #9

Illegal operation attempted on a registry key that has been marked for deletion

C:\Program Files (x86)InternetExplorer\iexplore.exe

Also comes up for windows explorer

I cannot do anything from the infected computer, so sending combofix log from another laptop

ComboFix 12-07-16.01 - Family 07/17/2012 9:40.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1823 [GMT -4:00]
Running from: c:\users\Family\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Family\AppData\Local\AIM\Adobe\knywun.dll
c:\users\Family\Documents\~WRL2588.tmp
c:\users\Family\GoToAssistDownloadHelper.exe
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\@
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\L\00000004.@
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\L\1afb2d56
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\00000004.@
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\00000008.@
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\000000cb.@
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000000.@
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000032.@
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000064.@
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1032.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz10D5.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz119E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1215.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1226.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz125A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz12C1.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1337.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz13AC.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz13DC.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz147E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz14A6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz14B7.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz14FC.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1533.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz155D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz15D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1608.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz160F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1632.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1679.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz169.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1696.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz170.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1720.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1722.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1727.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1767.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1809.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1818.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz183D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz18D4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1998.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1A12.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1A1A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1A34.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1A48.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1A55.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1B52.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1BB9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1BCA.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1C48.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1CA7.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1CAB.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1D95.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1DBB.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1DC1.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1E4B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1E51.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1E6E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1E8D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1ED0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1EF4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz1F21.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2003.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz200B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2023.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz20AD.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz211.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2119.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2142.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz214A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz216C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz21FB.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz224A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2284.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz22D1.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz22F9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz22FD.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2344.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2366.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz237.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz237B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2399.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz23A4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz23BE.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz23C5.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2422.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2439.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz24A8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz24E7.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2523.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2562.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz25B8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz25DC.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz25E2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz261E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz270B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2725.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2880.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz28A6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz28C5.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz28D4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz28F8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2915.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2997.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz29EF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz29F0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz29F1.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2AB2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2B06.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2B08.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2B6B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2B9F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2BC8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2BE8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2BF3.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2C13.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2C30.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2C31.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2C3C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2C5A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2CAB.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2CF9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2D0C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2D1D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2D31.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2DB6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2DB9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2E00.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2E1F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2E47.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2E57.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2E6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2E79.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2EAF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2EDB.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2EE6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2F0F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2F22.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2F31.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2F3E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2F7B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2FAB.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz2FDB.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3016.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3047.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz305.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3081.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz308A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz30A3.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz30B3.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz30E9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3120.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3152.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz317A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz318E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz31BF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz31DB.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz31FD.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz321B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3221.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3271.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz327B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3297.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz32D2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz331C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3329.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz333F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3352.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz33A7.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz33B8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz33D8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz33E0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz33EC.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz341E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz343C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz34C1.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz34CA.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz34D0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz34FA.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3502.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3517.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3541.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3570.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz35B0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz35CA.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz35E5.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz360E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3641.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3645.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3649.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz366F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3676.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz36D4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz36E3.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz36EE.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz36F2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz36F7.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3718.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3739.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3742.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3758.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz375F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3782.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3788.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz37CE.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz37F5.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz380F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3813.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz382B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3881.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz38FE.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3900.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz392E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz396C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz39B3.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz39D1.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3A15.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3A69.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3A71.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3AF5.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3B09.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3B2B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3B39.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3B47.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3BB0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3BC8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3BE0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3C2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3C80.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3CD2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3CD9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3CDA.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3CF5.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3D38.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3D3A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3D5F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3D63.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3DB.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3DBD.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3DDD.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3DE3.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3DE8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3DED.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3E39.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3F27.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3F57.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz3FCA.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz402D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4034.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4035.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4061.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz409E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz40AE.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz40AF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz40CE.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz40E3.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4112.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz411E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz41F9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz420D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4236.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz42A6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4307.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz43A9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz43DB.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4410.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4440.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz445F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz44A1.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz44AC.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4547.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz454A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz455B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz457F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz45D3.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4629.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4647.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz466.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz46BA.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz46DD.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz46EF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz46FE.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz470A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4730.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4835.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4875.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz48B2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz48BE.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz48D2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz491A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz495E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz49B2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz49B4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4A4B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4A64.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4AD9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4AE2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4AE3.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4B05.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4B2F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4B35.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4B62.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4B7B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4BA1.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4BA8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4BC7.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4C6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4CC9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4CD1.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4D04.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4E1E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4E70.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4E7D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4F04.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4F06.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4F37.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4F7E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz4FAF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz502B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5031.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5094.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz50C7.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz50CC.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz513B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz519.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz51AD.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz51EE.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz52FF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz531F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz536.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz538B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5406.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz541E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz54C2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz54FD.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz554E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5556.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz55BC.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz55EB.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz55FF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz561E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5629.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz568C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5693.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz56E6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz56E7.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5760.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz57A2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz57BD.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz57C0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5823.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5954.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5961.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz599B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5A38.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5A40.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5AA8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5AC9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5ACB.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5B24.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5B37.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5B48.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5B64.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5C0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5C73.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5CAA.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5CAC.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5CD8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5D8B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5D8C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5D8D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5E02.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5E05.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5E5D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5E66.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5E92.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5EDB.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5EF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5F0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5F59.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5F98.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz5FE0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz60BB.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz611.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6150.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz61B7.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz61BE.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz61DE.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz61FF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6285.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6324.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz635C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz63C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz63CA.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz63E9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6441.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz64B2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz64D7.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6528.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6529.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz652D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz65B8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz65D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz660C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6618.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz66AB.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz66CC.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz67EB.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz67F3.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6844.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz687F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz688C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz68FD.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6904.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6933.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz69E4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6A0A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6A0C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6A18.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6A36.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6A85.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6AF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6B14.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6B45.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6B71.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6BA5.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6BFC.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6C0B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6C2A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6C3B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6CC7.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6D07.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6D51.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6D92.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6DAD.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6DF4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6DFE.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6E33.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6E4F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6E9B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6E9D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6EA8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6EDC.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6EE0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6EFC.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6F41.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6F6E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz6F88.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz701C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz70D8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz70ED.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7179.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz718.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz71CC.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz71E4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz71F9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz72A1.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7345.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz73A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz740D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7421.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7436.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz74BA.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz74BB.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz751B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7556.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7578.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz757A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz75F3.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz762A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz763E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7644.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz76A6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz772A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7772.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz778D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz779.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz786B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz789A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz78A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz78F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz795B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7977.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7995.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz79AD.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7A01.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7A0C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7A69.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7AA4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7AFB.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7AFE.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7B33.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7B66.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7BA4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7BC2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7C32.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7C4A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7C7E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7C8A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7C98.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7D2A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7D43.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7D84.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7D9A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7DC8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7DE6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7E22.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7E8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7E85.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7E90.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7E93.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7ECA.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7EF2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7F19.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7F3B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7F64.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7F8C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7F8D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7FA8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz7FFA.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8008.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8049.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz80B2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz80D9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz80F9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz818B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8193.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz81A6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz825C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8296.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz82F4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz832D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8353.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz83F0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8402.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8421.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz845B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz849F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz84B9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz851C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8536.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz854C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8568.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz858A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz85F9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8607.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8665.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8683.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz869B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz86AD.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz86B3.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz86C3.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz86FA.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz871C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz874F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz877F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz880F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8822.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8854.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz88AD.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz88FA.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz892.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8920.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8963.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz898A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz89C6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8A08.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8A46.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8AC2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8AD8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8B20.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8B28.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8B2E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8B96.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8BF8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8CE8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8D8C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8E0F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8E11.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8E2F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8E64.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8E68.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8EAE.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8EB.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8FA9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8FCF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz8FD5.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9015.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9029.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9042.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz906.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz907E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz90B2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz90CF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz912.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz917E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9220.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz924.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz924A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz929.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9299.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz92FA.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9320.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9321.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9322.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9390.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9393.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz93B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9414.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9455.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9520.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9524.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9530.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz953F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz957A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9583.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz95B3.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz95B4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz95EE.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz962A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9645.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz969B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz96E4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz96F2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9705.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz971A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9733.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9766.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz976F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz977F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz97A7.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz97CF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz97D6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9803.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz98E0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9979.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz998C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz99B4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz99BA.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz99FE.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9A0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9A16.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9A2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9A35.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9A38.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9A57.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9ABA.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9AD4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9AE5.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9B31.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9B4D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9B60.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9B88.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9BFD.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9C1.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9C38.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9C43.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9C55.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9C60.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9C62.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9C91.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9CC1.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9D12.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9D16.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9D2B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9D45.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9D67.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9D9B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9DEF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9DF8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9E3E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9E45.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9E5E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9E5F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9E67.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9E95.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9EF5.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9F13.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9F15.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9F48.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9F49.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9F6B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9FB1.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trz9FEC.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA00C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA02B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA052.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA08A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA092.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA0C7.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA0CE.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA0D9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA0E5.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA1C2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA1DA.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA270.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA2BA.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA2FE.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA328.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA398.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA3E5.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA404.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA473.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA4F0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA539.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA53D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA53E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA561.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA584.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA5CB.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA5E6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA605.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA6E6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA71.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA73D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA74.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA7DF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA805.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA81C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA81D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA82F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA83A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA84B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA984.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA9A4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzA9E3.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzAA02.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzAA69.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzAA72.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzAAD1.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzABA.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzAC3C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzAC3D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzAC4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzAC45.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzAC5C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzACAD.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzAD3.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzADE6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzAE1D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzAEC5.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzAEE9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzAFE9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB0B5.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB0D3.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB0DF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB136.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB141.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB149.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB150.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB17C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB20C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB26A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB2F3.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB351.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB393.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB3EF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB42B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB48.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB48A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB54C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB567.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB5A0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB65B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB69.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB6B5.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB6B6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB778.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB7F3.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB80E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB81A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB85D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB861.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB87E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB8C6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB912.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzB9C1.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzBA04.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzBA41.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzBAA.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzBAD9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzBAFF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzBB32.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzBB47.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzBB5C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzBB6D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzBB74.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzBBE0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzBBE8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzBBF6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzBDA6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzBDEE.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzBF7A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzBF81.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzC0A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzC0A2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzC23.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzC2F0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzC3.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzC308.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzC309.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzC342.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzC3A5.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzC3B7.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzC3FC.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzC4DE.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzC52.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzC819.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzC849.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzC89.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzC928.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzC965.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzC98.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzC9CD.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzC9D6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzCA28.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzCAD4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzCAF4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzCB91.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzCBD3.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzCCE8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzCD18.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzCD47.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzCD86.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzCE50.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzCEBF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzCF51.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzCFC8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD022.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD074.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD112.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD1F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD259.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD288.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD297.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD306.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD349.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD42.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD44C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD46D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD49B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD4AA.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD4AC.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD4B0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD4D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD521.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD5BD.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD5E1.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD5F9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD602.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD61C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD667.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD67A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD75B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD7E9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzD912.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzDA4F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzDA63.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzDB06.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzDB08.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzDB1.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzDB27.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzDB50.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzDC02.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzDCB3.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzDCC.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzDCD4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzDD4B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzDD71.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzDDAD.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzDDBF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzDE61.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzDF3F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzDF57.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzDF5C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzDF9B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzDFC8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzDFE2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzDFF0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE048.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE095.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE0F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE0F4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE26F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE279.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE27A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE28D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE2A3.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE2BF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE2D1.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE319.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE32D.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE397.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE490.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE4C6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE4CE.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE539.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE5D5.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE5FB.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE70F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE761.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE789.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE7FB.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE848.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE858.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE859.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE864.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE8A6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE8C9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE8E5.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE8F6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE92F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE964.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE9B0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE9DF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzE9E7.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzEA02.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzEA1E.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzEA38.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzEA43.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzEABC.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzEB84.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzEBA0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzEBC2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzEBCE.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzEBDD.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzEC9C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzECE1.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzEDD2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzEE33.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzEEB6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzEECD.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzEEF8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzEF61.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzEF8B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF00A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF05B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF0A5.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF0B1.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF0C8.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF12A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF161.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF19F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF1B2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF1BD.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF1CE.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF20.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF24C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF263.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF2E1.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF310.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF313.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF333.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF355.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF3BB.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF459.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF4B5.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF4D0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF4D4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF4F2.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF4FB.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF55C.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF588.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF643.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF654.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF666.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF681.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF6A3.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF6C4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF6F6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF73F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF767.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF78B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF7AF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF7D7.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF7E9.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF7FD.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF932.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF933.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzF9EC.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzFA1A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzFA5.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzFA76.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzFB0.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzFB09.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzFBA6.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzFBB4.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzFBDF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzFBEF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzFC3F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzFCDF.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzFD26.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzFD9B.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzFDAE.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzFE9F.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzFF1A.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzFF78.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzFF99.tmp
c:\windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\trzFFDD.tmp
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy3_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))
.
.
2012-07-17 13:53 . 2012-07-17 13:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 12:56 . 2012-07-17 12:56 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-17 02:01 . 2012-07-17 02:01 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\trz695E.tmp
2012-07-17 02:01 . 2012-07-17 02:01 113664 ----a-w- c:\programdata\Microsoft\Windows\DRM\6486.tmp.dat
2012-07-15 15:29 . 2012-07-15 15:40 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-15 15:29 . 2012-07-15 15:29 -------- d-----w- c:\windows\system32\Macromed
2012-07-13 16:21 . 2012-07-13 16:21 -------- d-----w- c:\program files (x86)\Common Files\Canon_Inc_IC
2012-07-13 16:20 . 2012-07-13 16:20 -------- d-----w- c:\users\Family\AppData\Roaming\canon
2012-07-13 16:20 . 2012-07-13 16:20 -------- d-----w- c:\programdata\Canon_Inc_IC
2012-07-13 07:05 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 18:10 . 2012-07-15 21:29 -------- d-----w- c:\users\Family\AppData\Local\Norton
2012-07-11 19:28 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 19:28 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 19:28 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 19:28 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 19:28 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-11 19:28 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 19:28 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 19:28 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 19:28 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 19:28 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 19:28 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 19:28 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 19:28 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-08 06:09 . 2012-07-08 06:09 -------- d-----w- c:\program files (x86)\PC Tools
2012-07-08 05:31 . 2012-07-11 21:38 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-07-08 05:29 . 2012-07-08 06:09 -------- d-----w- c:\programdata\PC Tools
2012-07-08 05:29 . 2012-07-08 05:29 -------- d-----w- c:\users\Family\AppData\Roaming\TestApp
2012-06-22 00:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 00:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 00:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 00:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 00:23 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 00:23 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 00:23 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 00:22 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 00:22 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 15:40 . 2011-05-16 14:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 11:06 . 2012-06-12 20:34 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 20:34 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 20:34 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 20:34 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-12 20:33 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-12 20:35 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-12 20:35 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-12 20:35 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-12 20:33 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-12 20:33 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-12 20:33 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-12 20:33 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-12 20:33 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-12 20:33 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{574be437-25ae-4010-a53e-8c63b6ae02ff}]
2011-04-21 09:02 81920 ----a-w- c:\program files (x86)\oovootoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{574be437-25ae-4010-a53e-8c63b6ae02ff}"= "c:\program files (x86)\oovootoolbar\vmntemplateX.dll" [2011-04-21 81920]
.
[HKEY_CLASSES_ROOT\clsid\{574be437-25ae-4010-a53e-8c63b6ae02ff}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-10-26 1668664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-18 39408]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-05-14 307768]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-11-05 394616]
"ooVoo.exe"="c:\program files (x86)\oovoo\oovoo.exe" [2011-08-14 21975120]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2011-12-07 872448]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Facebook Update"="c:\users\Family\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-10-14 1062440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\syst em]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-18 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-18 135664]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-29 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-06-09 55856]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 69976]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
S2 UpdaterService;WhiteSmoke Updater Service;c:\programdata\UpdaterService\wsupdsvc.exe [2012-04-30 549744]
S2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-01-24 109064]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-24 292864]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-05-13 139264]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 15:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 15:40]
.
2012-07-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2821294850-1116772492-1716371393-1000Core.job
- c:\users\Family\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-20 15:32]
.
2012-07-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2821294850-1116772492-1716371393-1000UA.job
- c:\users\Family\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-20 15:32]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-18 22:44]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-18 22:44]
.
2012-07-13 c:\windows\Tasks\HPCeeScheduleForFamily.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]
.
2012-07-17 c:\windows\Tasks\Norton Security Scan for Family.job
- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-11-19 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-Adobe - c:\users\Family\AppData\Local\AIM\Adobe\knywun.dll
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2012-07-17 10:03:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-17 14:03
.
Pre-Run: 219,751,346,176 bytes free
Post-Run: 223,031,259,136 bytes free
.
- - End Of File - - D2F8D23805D2153D2A85B30FE5E951A9

Conspire · 17-Jul-2012, 12:44 PM **#10**

Hi,

The issue you encountered was normal and sometimes it takes more than twice to reboot the computer after disinfection process. We still have more to do, so please do the following.

Please follow all previous instructions regarding security programs.

Open a new Notepad session

Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.
Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

Code:

File::
c:\programdata\Microsoft\Windows\DRM\trz695E.tmp
c:\programdata\Microsoft\Windows\DRM\6486.tmp.dat

Folder::
c:\program files (x86)\oovootoolbar
c:\program files (x86)\oovoo

DirLook::
c:\windows\SysWow64\%APPDATA%
c:\programdata\Microsoft\Windows\DRM

Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{574be437-25ae-4010-a53e-8c63b6ae02ff}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{574be437-25ae-4010-a53e-8c63b6ae02ff}"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ooVoo.exe"=-

In the notepad

Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
Click save

Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

mjplus7 · 17-Jul-2012, 05:58 PM **#11**

ComboFix 12-07-16.01 - Family 07/17/2012 17:22:02.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1714 [GMT -4:00]
Running from: c:\users\Family\Desktop\ComboFix.exe
Command switches used :: c:\users\Family\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\DRM\6486.tmp.dat"
"c:\programdata\Microsoft\Windows\DRM\trz695E.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\oovoo
c:\program files (x86)\oovoo\Languages\ar_SA\ooVoo.mo
c:\program files (x86)\oovoo\Languages\de_DE\ooVoo.mo
c:\program files (x86)\oovoo\Languages\en_US\ooVoo.mo
c:\program files (x86)\oovoo\Languages\es_ES\ooVoo.mo
c:\program files (x86)\oovoo\Languages\fr_FR\ooVoo.mo
c:\program files (x86)\oovoo\Languages\he_IL\ooVoo.mo
c:\program files (x86)\oovoo\Languages\it_IT\ooVoo.mo
c:\program files (x86)\oovoo\Languages\pt_PT\ooVoo.mo
c:\program files (x86)\oovoo\Languages\ru_RU\ooVoo.mo
c:\program files (x86)\oovoo\Languages\zh_CN\ooVoo.mo
c:\program files (x86)\oovoo\ooVoo.exe
c:\program files (x86)\oovootoolbar
c:\program files (x86)\oovootoolbar\chrome\content\lib\about.xml
c:\program files (x86)\oovootoolbar\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\oovootoolbar\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\oovootoolbar\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\oovootoolbar\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\oovootoolbar\chrome\content\lib\dtxwin.xul
c:\program files (x86)\oovootoolbar\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\oovootoolbar\chrome\content\lib\external.js
c:\program files (x86)\oovootoolbar\chrome\content\lib\neterror.xhtml
c:\program files (x86)\oovootoolbar\chrome\content\lib\nsDragAndDrop.js
c:\program files (x86)\oovootoolbar\chrome\content\lib\rsspreview.html
c:\program files (x86)\oovootoolbar\chrome\content\lib\rsswin.xml
c:\program files (x86)\oovootoolbar\chrome\content\lib\rsswin.xsl
c:\program files (x86)\oovootoolbar\chrome\content\lib\vmncode.js
c:\program files (x86)\oovootoolbar\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\oovootoolbar\chrome\content\modules\datastore.jsm
c:\program files (x86)\oovootoolbar\chrome\content\neterror.xhtml
c:\program files (x86)\oovootoolbar\chrome\content\newtab\images\btn_search.gif
c:\program files (x86)\oovootoolbar\chrome\content\newtab\images\bullet.gif
c:\program files (x86)\oovootoolbar\chrome\content\newtab\images\field_bg.gif
c:\program files (x86)\oovootoolbar\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files (x86)\oovootoolbar\chrome\content\newtab\newtab.html
c:\program files (x86)\oovootoolbar\chrome\content\newtab\newtab_mystart.html
c:\program files (x86)\oovootoolbar\chrome\content\newtab\newtab_yahoo.html
c:\program files (x86)\oovootoolbar\chrome\content\preferences.xml
c:\program files (x86)\oovootoolbar\chrome\content\toolbar.htm
c:\program files (x86)\oovootoolbar\chrome\content\toolbar.xul
c:\program files (x86)\oovootoolbar\chrome\content\vmncode.js
c:\program files (x86)\oovootoolbar\chrome\content\vmnrsswin.xml
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\css\dialog.css
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\back.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search-over.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\delete.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-disable.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-down.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-disable.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-down.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow-hover.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-l.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-r.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-l.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-r.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-l.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-r.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-left.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-mdl.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-right.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-left.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-mdl.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-right.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\vid-bg.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\youtube.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\index.html
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\function.js
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\jquery-1.4.2.min.js
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\JSON.js
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css\dialog.css
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\bg-facebook.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\blank.gif
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.http://www.MyStartFacebook\skin\imag...close-over.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.http://www.MyStartFacebook\skin\imag...wide-close.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\default.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-left.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-mdl.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.http://www.MyStartFacebook\skin\imag...ght-resize.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.http://www.MyStartFacebook\skin\imag...-btm-right.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\main.html
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\defscript.js
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.http://www.MyStartFacebook\skin\scri...y-1.4.2.min.js
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\tb_icon.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.js
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.jsw
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.xml
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget_version.txt
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\css\twitter.css
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login-over.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-submit.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\loginbg.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh-over.gif
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh.gif
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-disable.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-down.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-over.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-disable.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-down.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-over.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-l.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-r.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-l.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-r.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\throbber.gif
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\Thumbs.db
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter-logo48.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter_top.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\css\dialog.css
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\bg.gif
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close-over.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\default.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-left.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-mdl.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right-resize.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\main.html
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\tb_icon.png
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\Thumbs.db
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget.jsw
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget.xml
c:\program files (x86)\oovootoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget_version.txt
c:\program files (x86)\oovootoolbar\chrome\data\dynamicElements\vmntoolbar.xsl
c:\program files (x86)\oovootoolbar\chrome\data\product.xml
c:\program files (x86)\oovootoolbar\chrome\data\rss\rss.xml
c:\program files (x86)\oovootoolbar\chrome\data\search\engines.xml
c:\program files (x86)\oovootoolbar\chrome\data\search\search.xsl
c:\program files (x86)\oovootoolbar\chrome\data\weather\icons.xml
c:\program files (x86)\oovootoolbar\chrome\skin\1x1_png
c:\program files (x86)\oovootoolbar\chrome\skin\about.gif
c:\program files (x86)\oovootoolbar\chrome\skin\about_logo.png
c:\program files (x86)\oovootoolbar\chrome\skin\babylon_logo.png
c:\program files (x86)\oovootoolbar\chrome\skin\bing_searchicon_20x22_spaced_hover_png
c:\program files (x86)\oovootoolbar\chrome\skin\bing_searchicon_20x22_spaced_png
c:\program files (x86)\oovootoolbar\chrome\skin\bing_searchicon_24x24_png
c:\program files (x86)\oovootoolbar\chrome\skin\bluelite.gif
c:\program files (x86)\oovootoolbar\chrome\skin\bluesky.gif
c:\program files (x86)\oovootoolbar\chrome\skin\btn-search-over.png
c:\program files (x86)\oovootoolbar\chrome\skin\btn-search.png
c:\program files (x86)\oovootoolbar\chrome\skin\btn-settings-over.png
c:\program files (x86)\oovootoolbar\chrome\skin\btn-settings.png
c:\program files (x86)\oovootoolbar\chrome\skin\btn-widgets-over.png
c:\program files (x86)\oovootoolbar\chrome\skin\btn-widgets.png
c:\program files (x86)\oovootoolbar\chrome\skin\btn_settings.png
c:\program files (x86)\oovootoolbar\chrome\skin\ca.png
c:\program files (x86)\oovootoolbar\chrome\skin\dictionary.png
c:\program files (x86)\oovootoolbar\chrome\skin\divider.png
c:\program files (x86)\oovootoolbar\chrome\skin\downloadcom.png
c:\program files (x86)\oovootoolbar\chrome\skin\dtxlogo.png
c:\program files (x86)\oovootoolbar\chrome\skin\email.png
c:\program files (x86)\oovootoolbar\chrome\skin\email_on.png
c:\program files (x86)\oovootoolbar\chrome\skin\facebook.png
c:\program files (x86)\oovootoolbar\chrome\skin\games.png
c:\program files (x86)\oovootoolbar\chrome\skin\graphna.png
c:\program files (x86)\oovootoolbar\chrome\skin\graphred0.png
c:\program files (x86)\oovootoolbar\chrome\skin\graphred0_5.png
c:\program files (x86)\oovootoolbar\chrome\skin\graphred1.png
c:\program files (x86)\oovootoolbar\chrome\skin\graphred1_5.png
c:\program files (x86)\oovootoolbar\chrome\skin\graphred2.png
c:\program files (x86)\oovootoolbar\chrome\skin\graphred2_5.png
c:\program files (x86)\oovootoolbar\chrome\skin\graphred3.png
c:\program files (x86)\oovootoolbar\chrome\skin\graphred3_5.png
c:\program files (x86)\oovootoolbar\chrome\skin\graphred4.png
c:\program files (x86)\oovootoolbar\chrome\skin\graphred4_5.png
c:\program files (x86)\oovootoolbar\chrome\skin\graphred5.png
c:\program files (x86)\oovootoolbar\chrome\skin\graphredna.png
c:\program files (x86)\oovootoolbar\chrome\skin\grey.gif
c:\program files (x86)\oovootoolbar\chrome\skin\ico-shield.png
c:\program files (x86)\oovootoolbar\chrome\skin\images.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\add.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\alexabutton.css
c:\program files (x86)\oovootoolbar\chrome\skin\lib\aol.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\bg-btn-divider.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\bg-btnover-divider.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\blank.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\btn-widgets-over.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\btn-widgets.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\btn_slider.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\button-splitter.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\checkmark.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\chevron.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\collapse.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\comcast.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\debugbar\debug.html
c:\program files (x86)\oovootoolbar\chrome\skin\lib\dtx-test.css
c:\program files (x86)\oovootoolbar\chrome\skin\lib\dtx.css
c:\program files (x86)\oovootoolbar\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\edit-back.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\embarq.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\expand.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\fast.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\found.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\gmail.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\gripper.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\highlight.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\hotmail.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\ico-check.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\imap.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\launchers.css
c:\program files (x86)\oovootoolbar\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\lock.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\logo-separator.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\mailcom.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\menu_separator_white.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\menuitemleft.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\minus.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\modify.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\move.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\movetarget.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\newsitem.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\games.xsl
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\popupRSS.html
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\oovootoolbar\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\plus.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\pop.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\radio-options.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\slider.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\slideron.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\images\track.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\managerpanel.html
c:\program files (x86)\oovootoolbar\chrome\skin\lib\radio\volumeslider.html
c:\program files (x86)\oovootoolbar\chrome\skin\lib\rank0.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\rank0_5.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\rank1.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\rank1_5.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\rank2.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\rank2_5.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\rank3.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\rank3_5.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\rank4.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\rank4_5.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\rank5.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\rankna.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\reload.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\remove.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\rename.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\resize-box.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\rss.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\scroll-left.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\scroll-right.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\search-go.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\search.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\separator.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\oovootoolbar\chrome\skin\lib\throbber.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\template.html
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\oovootoolbar\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton.css
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\oovootoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\oovootoolbar\chrome\skin\lib\websiteinspector-highrisk-user.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\websiteinspector-highrisk.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\websiteinspector-lowrisk.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\websiteinspector-norating.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\websiteinspector-verified-user.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\websiteinspector-verified.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\websiteinspector-verifying.gif
c:\program files (x86)\oovootoolbar\chrome\skin\lib\yahoo.png
c:\program files (x86)\oovootoolbar\chrome\skin\lichen.gif
c:\program files (x86)\oovootoolbar\chrome\skin\logo-about.png
c:\program files (x86)\oovootoolbar\chrome\skin\logo-over.png
c:\program files (x86)\oovootoolbar\chrome\skin\logo-separator.png
c:\program files (x86)\oovootoolbar\chrome\skin\logo.png
c:\program files (x86)\oovootoolbar\chrome\skin\logo_60x25_png
c:\program files (x86)\oovootoolbar\chrome\skin\logo_png
c:\program files (x86)\oovootoolbar\chrome\skin\mail.png
c:\program files (x86)\oovootoolbar\chrome\skin\menuseparatorback.gif
c:\program files (x86)\oovootoolbar\chrome\skin\modify-save.png
c:\program files (x86)\oovootoolbar\chrome\skin\modify.png
c:\program files (x86)\oovootoolbar\chrome\skin\modifyhot.png
c:\program files (x86)\oovootoolbar\chrome\skin\music.png
c:\program files (x86)\oovootoolbar\chrome\skin\namespacetoolbar.css
c:\program files (x86)\oovootoolbar\chrome\skin\new_logo_png
c:\program files (x86)\oovootoolbar\chrome\skin\news.png
c:\program files (x86)\oovootoolbar\chrome\skin\options-main.png
c:\program files (x86)\oovootoolbar\chrome\skin\options-search.png
c:\program files (x86)\oovootoolbar\chrome\skin\options\options-main.png
c:\program files (x86)\oovootoolbar\chrome\skin\options\options-search.png
c:\program files (x86)\oovootoolbar\chrome\skin\options\options-weather.gif
c:\program files (x86)\oovootoolbar\chrome\skin\options\options-weather.png
c:\program files (x86)\oovootoolbar\chrome\skin\options\options-widgets.png
c:\program files (x86)\oovootoolbar\chrome\skin\orange.gif
c:\program files (x86)\oovootoolbar\chrome\skin\p_yahoo.png
c:\program files (x86)\oovootoolbar\chrome\skin\pixsy.png
c:\program files (x86)\oovootoolbar\chrome\skin\ppcbully.png
c:\program files (x86)\oovootoolbar\chrome\skin\protect-id.png
c:\program files (x86)\oovootoolbar\chrome\skin\relatedlinks.png
c:\program files (x86)\oovootoolbar\chrome\skin\rss-collapse.png
c:\program files (x86)\oovootoolbar\chrome\skin\rss-delete.png
c:\program files (x86)\oovootoolbar\chrome\skin\rss-expand.png
c:\program files (x86)\oovootoolbar\chrome\skin\rss-feed.png
c:\program files (x86)\oovootoolbar\chrome\skin\rss-folder-remove.png
c:\program files (x86)\oovootoolbar\chrome\skin\rss-folder-rename.png
c:\program files (x86)\oovootoolbar\chrome\skin\rss-folder.png
c:\program files (x86)\oovootoolbar\chrome\skin\rss-found.png
c:\program files (x86)\oovootoolbar\chrome\skin\rss-reload.png
c:\program files (x86)\oovootoolbar\chrome\skin\rss-subscribe.png
c:\program files (x86)\oovootoolbar\chrome\skin\rss.png
c:\program files (x86)\oovootoolbar\chrome\skin\rssback.gif
c:\program files (x86)\oovootoolbar\chrome\skin\rsstopback.gif
c:\program files (x86)\oovootoolbar\chrome\skin\search-over.png
c:\program files (x86)\oovootoolbar\chrome\skin\search.png
c:\program files (x86)\oovootoolbar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\oovootoolbar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\oovootoolbar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\oovootoolbar\chrome\skin\settings.png
c:\program files (x86)\oovootoolbar\chrome\skin\shopping.png
c:\program files (x86)\oovootoolbar\chrome\skin\siteinfo.png
c:\program files (x86)\oovootoolbar\chrome\skin\skin-bluelite.png
c:\program files (x86)\oovootoolbar\chrome\skin\skin-bluesky.png
c:\program files (x86)\oovootoolbar\chrome\skin\skin-grey.png
c:\program files (x86)\oovootoolbar\chrome\skin\skin-lichen.png
c:\program files (x86)\oovootoolbar\chrome\skin\skin-orange.png
c:\program files (x86)\oovootoolbar\chrome\skin\skin-yellow.png
c:\program files (x86)\oovootoolbar\chrome\skin\skin.xml
c:\program files (x86)\oovootoolbar\chrome\skin\technorati.png
c:\program files (x86)\oovootoolbar\chrome\skin\throbber.gif
c:\program files (x86)\oovootoolbar\chrome\skin\toolbarsplitter.png
c:\program files (x86)\oovootoolbar\chrome\skin\translate.png
c:\program files (x86)\oovootoolbar\chrome\skin\TRUSTe_about.png
c:\program files (x86)\oovootoolbar\chrome\skin\videochat_22x100_png
c:\program files (x86)\oovootoolbar\chrome\skin\videochat_png
c:\program files (x86)\oovootoolbar\chrome\skin\vmn.css
c:\program files (x86)\oovootoolbar\chrome\skin\vmn.png
c:\program files (x86)\oovootoolbar\chrome\skin\web.png
c:\program files (x86)\oovootoolbar\chrome\skin\websearch.png
c:\program files (x86)\oovootoolbar\chrome\skin\wikipedia.png
c:\program files (x86)\oovootoolbar\chrome\skin\yahoosearch.png
c:\program files (x86)\oovootoolbar\chrome\skin\yellow.gif
c:\program files (x86)\oovootoolbar\chrome\skin\youtube.png
c:\program files (x86)\oovootoolbar\chrome\skin\zoom.png
c:\program files (x86)\oovootoolbar\components\windowmediator.js
c:\program files (x86)\oovootoolbar\install.ico
c:\program files (x86)\oovootoolbar\manifest.xml
c:\program files (x86)\oovootoolbar\partner.xml
c:\program files (x86)\oovootoolbar\uninstall.exe
c:\program files (x86)\oovootoolbar\vmntemplate.dll
c:\program files (x86)\oovootoolbar\vmntemplateX.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))
.
.
2012-07-17 21:36 . 2012-07-17 21:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 21:36 . 2012-07-17 21:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-17 12:56 . 2012-07-17 12:56 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-17 02:01 . 2012-07-17 02:01 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\trz695E.tmp
2012-07-17 02:01 . 2012-07-17 02:01 113664 ----a-w- c:\programdata\Microsoft\Windows\DRM\6486.tmp.dat
2012-07-15 15:29 . 2012-07-15 15:40 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-15 15:29 . 2012-07-15 15:29 -------- d-----w- c:\windows\system32\Macromed
2012-07-13 16:21 . 2012-07-13 16:21 -------- d-----w- c:\program files (x86)\Common Files\Canon_Inc_IC
2012-07-13 16:20 . 2012-07-13 16:20 -------- d-----w- c:\users\Family\AppData\Roaming\canon
2012-07-13 16:20 . 2012-07-13 16:20 -------- d-----w- c:\programdata\Canon_Inc_IC
2012-07-13 07:05 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 18:10 . 2012-07-15 21:29 -------- d-----w- c:\users\Family\AppData\Local\Norton
2012-07-11 19:28 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 19:28 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 19:28 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 19:28 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 19:28 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-11 19:28 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 19:28 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 19:28 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 19:28 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 19:28 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 19:28 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 19:28 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 19:28 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-08 06:09 . 2012-07-08 06:09 -------- d-----w- c:\program files (x86)\PC Tools
2012-07-08 05:31 . 2012-07-11 21:38 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-07-08 05:29 . 2012-07-08 06:09 -------- d-----w- c:\programdata\PC Tools
2012-07-08 05:29 . 2012-07-08 05:29 -------- d-----w- c:\users\Family\AppData\Roaming\TestApp
2012-06-22 00:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 00:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 00:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 00:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 00:23 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 00:23 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 00:23 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 00:22 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 00:22 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 06:40 . 2012-07-17 21:13 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E65F7090-AD1E-4A8E-B777-6A1AAC9ACB49}\mpengine.dll
2012-07-15 15:40 . 2011-05-16 14:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 16:25 . 2010-02-27 18:59 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 11:06 . 2012-06-12 20:34 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 20:34 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 20:34 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 20:34 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-12 20:33 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-12 20:35 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-12 20:35 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-12 20:35 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-12 20:33 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-12 20:33 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-12 20:33 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-12 20:33 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-12 20:33 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-12 20:33 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\Microsoft\Windows\DRM ----
.
2012-07-17 02:01 . 2012-07-17 02:01 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\trz695E.tmp
2012-07-17 02:01 . 2012-07-17 02:01 113664 ----a-w- c:\programdata\Microsoft\Windows\DRM\6486.tmp.dat
2012-06-04 01:17 . 2012-06-04 01:17 0 ----a-w- c:\programdata\Microsoft\Windows\DRM\96E0.tmp
2012-06-04 01:17 . 2012-06-04 01:17 0 ----a-w- c:\programdata\Microsoft\Windows\DRM\96A0.tmp
2012-06-01 01:37 . 2012-06-01 01:37 0 ----a-w- c:\programdata\Microsoft\Windows\DRM\1A5B.tmp
2012-06-01 01:37 . 2012-06-01 01:37 0 ----a-w- c:\programdata\Microsoft\Windows\DRM\1A4A.tmp
2012-05-31 00:14 . 2012-05-31 00:14 0 ----a-w- c:\programdata\Microsoft\Windows\DRM\4F96.tmp
2012-05-31 00:14 . 2012-05-31 00:14 0 ----a-w- c:\programdata\Microsoft\Windows\DRM\4FB6.tmp
2012-05-30 01:28 . 2012-05-30 01:28 0 ----a-w- c:\programdata\Microsoft\Windows\DRM\71CC.tmp
2012-05-30 01:28 . 2012-05-30 01:28 0 ----a-w- c:\programdata\Microsoft\Windows\DRM\71BC.tmp
2012-05-29 03:18 . 2012-05-29 03:18 0 ----a-w- c:\programdata\Microsoft\Windows\DRM\E478.tmp
2012-05-29 03:18 . 2012-05-29 03:18 0 ----a-w- c:\programdata\Microsoft\Windows\DRM\E458.tmp
2012-05-28 16:32 . 2012-05-28 16:32 0 ----a-w- c:\programdata\Microsoft\Windows\DRM\AB08.tmp
2012-05-28 16:32 . 2012-05-28 16:32 0 ----a-w- c:\programdata\Microsoft\Windows\DRM\AB09.tmp
2010-11-04 19:36 . 2010-11-04 19:36 4348 --sha-w- c:\programdata\Microsoft\Windows\DRM\DRMv1.bak
2010-11-04 19:36 . 2010-11-04 19:36 4348 --sha-w- c:\programdata\Microsoft\Windows\DRM\DRMv1.key
2010-11-04 19:36 . 2010-10-22 01:17 1580856 --sha-w- c:\programdata\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-21-2821294850-1116772492-1716371393-1000\Indiv01_64.key
2010-10-28 21:40 . 2010-10-22 01:17 1473712 --sha-w- c:\programdata\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-21-2821294850-1116772492-1716371393-1000\Indiv01.key
2010-10-22 18:57 . 2010-10-22 01:17 1580856 --sha-w- c:\programdata\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key
2010-10-22 01:17 . 2010-10-22 01:17 1473712 --sha-w- c:\programdata\Microsoft\Windows\DRM\IndivBox.key
2010-10-22 01:17 . 2010-10-22 01:17 1580856 --sha-w- c:\programdata\Microsoft\Windows\DRM\IndivBox_64.key
2010-10-22 01:17 . 2010-10-22 01:17 11551 --sha-w- c:\programdata\Microsoft\Windows\DRM\v2ksndv.bla
2010-10-22 01:17 . 2010-10-22 01:17 11551 --sha-w- c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.bla
2010-10-22 01:17 . 2010-10-22 01:17 1473712 --sha-w- c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.key
2010-10-22 01:17 . 2010-10-22 01:17 0 --sha-w- c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.tmp
2010-10-22 01:17 . 2010-10-22 01:17 1580856 --sha-w- c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01_64.key
2010-01-03 05:15 . 2010-01-03 05:15 20 --sha-w- c:\programdata\Microsoft\Windows\DRM\blackbox.bin
2010-01-03 05:15 . 2010-01-03 05:15 9506 --sha-w- c:\programdata\Microsoft\Windows\DRM\v3ks.bla
2010-01-03 05:15 . 2010-01-03 05:15 740 --sha-w- c:\programdata\Microsoft\Windows\DRM\v3ks.sec
2010-01-03 05:15 . 2012-07-17 21:41 233472 --sha-w- c:\programdata\Microsoft\Windows\DRM\drmstore.hds
.
---- Directory of c:\windows\SysWow64\%APPDATA% ----
.
2012-07-17 12:56 . 2012-07-17 12:55 262144 --sha-w- c:\windows\SysWow64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-17_13.55.19 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-07-17 13:13 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-17 21:11 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-17 13:13 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-17 21:11 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-08-17 18:30 . 2012-07-17 21:39 57016 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-17 21:39 61050 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-03 03:24 . 2012-07-17 21:39 20004 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2821294850-1116772492-1716371393-1000_UserData.bin
- 2012-07-17 13:54 . 2012-07-17 13:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-17 21:37 . 2012-07-17 21:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-17 21:37 . 2012-07-17 21:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-17 13:54 . 2012-07-17 13:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-07-17 13:13 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-17 21:11 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:36 . 2012-07-17 13:18 628554 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-17 14:15 628554 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-17 14:15 108700 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-17 13:18 108700 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-17 13:53 344208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-17 21:36 344208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-08-17 22:02 . 2012-07-17 21:36 1092704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-12-07 09:31 . 2012-07-17 21:36 2049676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2821294850-1116772492-1716371393-1000-8192.dat
- 2010-12-07 09:31 . 2012-07-13 21:03 2049676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2821294850-1116772492-1716371393-1000-8192.dat
+ 2011-06-10 17:02 . 2012-07-17 21:36 55797612 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2821294850-1116772492-1716371393-1000-4096.dat
- 2011-06-10 17:02 . 2012-07-17 12:59 55797612 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2821294850-1116772492-1716371393-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-10-26 1668664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-18 39408]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-05-14 307768]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-11-05 394616]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2011-12-07 872448]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Facebook Update"="c:\users\Family\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-10-14 1062440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\syst em]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-18 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-18 135664]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-29 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-06-09 55856]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 69976]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
S2 UpdaterService;WhiteSmoke Updater Service;c:\programdata\UpdaterService\wsupdsvc.exe [2012-04-30 549744]
S2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-01-24 109064]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-24 292864]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-05-13 139264]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 15:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 15:40]
.
2012-07-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2821294850-1116772492-1716371393-1000Core.job
- c:\users\Family\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-20 15:32]
.
2012-07-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2821294850-1116772492-1716371393-1000UA.job
- c:\users\Family\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-20 15:32]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-18 22:44]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-18 22:44]
.
2012-07-13 c:\windows\Tasks\HPCeeScheduleForFamily.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]
.
2012-07-17 c:\windows\Tasks\Norton Security Scan for Family.job
- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-11-19 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1 167.206.245.129 167.206.245.130
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-oovootoolbar - c:\program files (x86)\oovootoolbar\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2012-07-17 17:46:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-17 21:46
ComboFix2.txt 2012-07-17 14:03
.
Pre-Run: 222,848,540,672 bytes free
Post-Run: 222,522,843,136 bytes free
.
- - End Of File - - 41BA4EE082B8006DE7D67AA9AFA14F16

Conspire · 17-Jul-2012, 11:22 PM **#12**

Please follow all previous instructions regarding security programs.

Open a new Notepad session

Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.
Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

Code:

File::
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

In the notepad

Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
Click save

Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

===================================================

On your next reply please post :
Combofix log
How is it running now? Any redirects reoccurring?

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

mjplus7 · 18-Jul-2012, 10:33 AM **#13**

It seems to be running good...no redirects so far and no constant threat detection from avast. Thank you.

ComboFix 12-07-18.01 - Family 07/18/2012 9:33.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1768 [GMT -4:00]
Running from: c:\users\Family\Desktop\ComboFix.exe
Command switches used :: c:\users\Family\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\assembly\GAC_32\Desktop.ini"
"c:\windows\assembly\GAC_64\Desktop.ini"
.
.
((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
.
.
2012-07-18 13:44 . 2012-07-18 13:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-18 13:44 . 2012-07-18 13:44 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-17 12:56 . 2012-07-17 12:56 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-17 02:01 . 2012-07-17 02:01 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\trz695E.tmp
2012-07-17 02:01 . 2012-07-17 02:01 113664 ----a-w- c:\programdata\Microsoft\Windows\DRM\6486.tmp.dat
2012-07-15 15:29 . 2012-07-15 15:40 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-15 15:29 . 2012-07-15 15:29 -------- d-----w- c:\windows\system32\Macromed
2012-07-13 16:21 . 2012-07-13 16:21 -------- d-----w- c:\program files (x86)\Common Files\Canon_Inc_IC
2012-07-13 16:20 . 2012-07-13 16:20 -------- d-----w- c:\users\Family\AppData\Roaming\canon
2012-07-13 16:20 . 2012-07-13 16:20 -------- d-----w- c:\programdata\Canon_Inc_IC
2012-07-13 07:05 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 18:10 . 2012-07-15 21:29 -------- d-----w- c:\users\Family\AppData\Local\Norton
2012-07-11 19:28 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 19:28 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 19:28 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 19:28 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 19:28 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-11 19:28 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 19:28 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 19:28 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 19:28 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 19:28 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 19:28 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 19:28 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 19:28 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-08 06:09 . 2012-07-08 06:09 -------- d-----w- c:\program files (x86)\PC Tools
2012-07-08 05:31 . 2012-07-11 21:38 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-07-08 05:29 . 2012-07-08 06:09 -------- d-----w- c:\programdata\PC Tools
2012-07-08 05:29 . 2012-07-08 05:29 -------- d-----w- c:\users\Family\AppData\Roaming\TestApp
2012-06-22 00:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 00:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 00:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 00:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 00:23 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 00:23 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 00:23 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 00:22 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 00:22 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 06:40 . 2012-07-17 21:13 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E65F7090-AD1E-4A8E-B777-6A1AAC9ACB49}\mpengine.dll
2012-07-15 15:40 . 2011-05-16 14:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 16:25 . 2010-02-27 18:59 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 11:06 . 2012-06-12 20:34 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 20:34 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 20:34 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 20:34 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-12 20:33 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-12 20:35 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-12 20:35 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-12 20:35 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-12 20:33 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-12 20:33 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-12 20:33 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-12 20:33 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-12 20:33 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-12 20:33 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-17_13.55.19 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-07-17 13:13 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-18 13:24 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-17 13:13 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-18 13:24 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-08-17 18:30 . 2012-07-18 13:47 57252 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-18 13:47 61090 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-03 03:24 . 2012-07-18 13:47 20068 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2821294850-1116772492-1716371393-1000_UserData.bin
+ 2012-07-18 13:45 . 2012-07-18 13:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-17 13:54 . 2012-07-17 13:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-18 13:45 . 2012-07-18 13:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-17 13:54 . 2012-07-17 13:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-07-18 13:24 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-17 13:13 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2010-01-04 14:45 . 2012-07-18 02:37 268006 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-17 13:18 628554 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-18 02:51 628554 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-18 02:51 108700 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-17 13:18 108700 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-18 13:44 344208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-17 13:53 344208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-08-17 22:02 . 2012-07-18 13:44 1092864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-12-07 09:31 . 2012-07-13 21:03 2049676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2821294850-1116772492-1716371393-1000-8192.dat
+ 2010-12-07 09:31 . 2012-07-17 21:36 2049676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2821294850-1116772492-1716371393-1000-8192.dat
+ 2011-06-10 17:02 . 2012-07-18 13:44 55804300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2821294850-1116772492-1716371393-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-10-26 1668664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-18 39408]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-05-14 307768]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-11-05 394616]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2011-12-07 872448]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Facebook Update"="c:\users\Family\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-10-14 1062440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\syst em]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-18 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-18 135664]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-29 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-06-09 55856]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 69976]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
S2 UpdaterService;WhiteSmoke Updater Service;c:\programdata\UpdaterService\wsupdsvc.exe [2012-04-30 549744]
S2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-01-24 109064]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-24 292864]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-05-13 139264]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 15:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 15:40]
.
2012-07-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2821294850-1116772492-1716371393-1000Core.job
- c:\users\Family\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-20 15:32]
.
2012-07-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2821294850-1116772492-1716371393-1000UA.job
- c:\users\Family\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-20 15:32]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-18 22:44]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-18 22:44]
.
2012-07-13 c:\windows\Tasks\HPCeeScheduleForFamily.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]
.
2012-07-17 c:\windows\Tasks\Norton Security Scan for Family.job
- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-11-19 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1 167.206.245.129 167.206.245.130
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2012-07-18 09:54:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-18 13:54
ComboFix2.txt 2012-07-17 21:46
ComboFix3.txt 2012-07-17 14:03
.
Pre-Run: 222,519,431,168 bytes free
Post-Run: 222,325,186,560 bytes free
.
- - End Of File - - 9811F7381C92CE474B52EC4BE3113580

Conspire · 18-Jul-2012, 11:21 AM **#14**

Very good. Let's check for remnants.

Download TFC to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

===================================================

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
1. Click on to download the ESET Smart Installer. Save it to your desktop.
2. Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
Push the Back button.
Select Uninstall application on close check box and push

===================================================

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.)
At the end, be sure a checkmark is placed next to:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

Note:

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Or via the Logs tab when Malwarebytes' Anti-Malware is started.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.

===================================================

On your next reply please post :
ESET log
MBAM log

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

mjplus7 · 20-Jul-2012, 10:53 AM **#15**

We are back to square one. The avast is now popping up with threat detects, and the google redirects are back. I had trouble downloading the scans in your last response. I needed to reply from another computer. I am now getting inappropriate redirects. Thank you.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Solved: Avast keeps detecting threats, google redirects

Find the solution to your computer problem!

Find the solution to your
computer problem!