Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

PC randomly shuts down

6K views 22 replies 2 participants last post by  eddie5659 
#1 ·
If I play games that take up the full screen or watch videos that my PC will shutdown withing 5-15 minutes. When I turn it back on it starts making a beeping noise for about 20 seconds then reboots.

CyberpowerPC Gamer Infinity 3315 Desktop PC Core 2 Quad Q8200(2.33GHz) 4GB DDR2 500GB HDD Capacity NVIDIA GeForce GT 220 Windows 7 Home Premium 64-Bit

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:27:37 PM, on 1/22/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal

Running processes:
C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Users\user\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Users\user\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Voobys\Voobys.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
C:\Users\user\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTProShellHlp.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/421
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: SearchCore for Browsers - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O2 - BHO: Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [4StoryPrePatch] C:\Program Files (x86)\Zemi Interactive\4Story_US\PrePatch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE
O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\XviD\CheckUpdate.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\user\AppData\Local\Akamai\netsession_win.exe"
O4 - Startup: Voobys!.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba...000&si=&a=kQHEdN1M80MDz6WQhMXpyg&n=2010070305
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15577 bytes

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by user at 15:23:21 on 2012-01-22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4092.2357 [GMT -5:00]
.
AV: avast! antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\user\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Users\user\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Voobys\Voobys.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
C:\Users\user\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\DAEMON Tools Pro\DTProShellHlp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\msiexec.exe
C:\Windows\system32\msiexec.exe
C:\Windows\syswow64\MsiExec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/421
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
mWinlogon: Userinit=userinit.exe
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
BHO: SearchCore for Browsers: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL
BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
uRun: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [AdobeBridge]
uRun: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe" -autorun
uRun: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
uRun: [Xvid] C:\Program Files (x86)\XviD\CheckUpdate.exe
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Akamai NetSession Interface] "C:\Users\user\AppData\Local\Akamai\netsession_win.exe"
mRun: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [4StoryPrePatch] C:\Program Files (x86)\Zemi Interactive\4Story_US\PrePatch.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE
StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Voobys!.lnk - C:\Users\user\AppData\Roaming\Microsoft\Installer\{24EF2EDA-1224-4D3C-9C67-B45AF0C1D056}\_E81200C3A88A51B823FC48.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - http://edits.mywebsearch.com/toolba...000&si=&a=kQHEdN1M80MDz6WQhMXpyg&n=2010070305
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 167.206.254.2 167.206.254.1
TCP: Interfaces\{4D3948F2-4C59-4A78-9B28-3E7278201FB8} : DhcpNameServer = 167.206.254.2 167.206.254.1
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll
BHO-X64: MyWebSearch Search Assistant BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
BHO-X64: MyWebSearch Search Assistant BHO - No File
BHO-X64: mwsBar BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
BHO-X64: mwsBar BHO - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
BHO-X64: Searchqu Toolbar - No File
BHO-X64: SearchCore for Browsers: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL
BHO-X64: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO-X64: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO-X64: AIM Toolbar Loader - No File
BHO-X64: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
BHO-X64: Somoto Toolbar - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SweetIM Toolbar Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO-X64: SWEETIE - No File
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB-X64: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
TB-X64: SweetIM Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
mRun-x64: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun-x64: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [4StoryPrePatch] C:\Program Files (x86)\Zemi Interactive\4Story_US\PrePatch.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
mRun-x64: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE
AppInit_DLLs-X64: C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys --> C:\Windows\system32\DRIVERS\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys --> C:\Windows\system32\DRIVERS\aswMonFlt.sys [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-9-27 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-5-31 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 MyWebSearchService;My Web Search Service;C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe [2010-7-3 28762]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-15 2214504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-12-25 138680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-29 135664]
S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-12-25 254040]
S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-12-25 352920]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-29 135664]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
regfile="regedit.exe" "%1"
.
=============== Created Last 30 ================
.
2012-01-21 10:50:04 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3DB0BE0B-59E1-4C86-8B21-916A5CC2961D}\offreg.dll
2012-01-20 10:55:24 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3DB0BE0B-59E1-4C86-8B21-916A5CC2961D}\mpengine.dll
2012-01-20 00:19:16 -------- d-----w- C:\Program Files (x86)\WinDS PRO
2012-01-15 00:48:35 -------- d-----w- C:\Users\user\AppData\Roaming\.minecraft server
2012-01-15 00:48:35 -------- d-----w- C:\Users\user\AppData\Roaming\.minecraft
2012-01-11 05:12:46 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 05:12:46 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 05:12:45 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 05:12:45 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 05:12:42 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 05:12:42 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 05:12:41 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 05:12:41 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-03 19:38:34 -------- d-----w- C:\ProgramData\boost_interprocess
2011-12-24 20:03:13 -------- d-----w- C:\Program Files (x86)\Windows Searchqu Toolbar
2011-12-24 20:03:12 40960 ----a-w- C:\Windows\SysWow64\SSubTmr6.dll
2011-12-24 20:03:12 200704 ----a-w- C:\Windows\SysWow64\vbalExpBar6.ocx
2011-12-24 20:03:12 15360 ----a-w- C:\Windows\SysWow64\inetfr.DLL
2011-12-24 20:03:12 141312 ----a-w- C:\Windows\SysWow64\MSCMCFR.DLL
2011-12-24 20:03:12 119568 ----a-w- C:\Windows\SysWow64\VB6FR.DLL
2011-12-24 20:03:12 -------- d-----w- C:\Program Files (x86)\SearchCore for Browsers
2011-12-24 20:03:11 484352 ----a-w- C:\Windows\SysWow64\lame_enc.dll
2011-12-24 20:03:11 32768 ----a-w- C:\Windows\SysWow64\CMDLGFR.DLL
2011-12-24 20:03:11 -------- d-----w- C:\Users\user\AppData\Roaming\FreeBurner
2011-12-24 20:03:11 -------- d-----w- C:\Program Files (x86)\Free Easy CD DVD Burner
2011-12-24 19:51:47 -------- d-----w- C:\Program Files (x86)\SweetIM
2011-12-24 19:51:46 -------- d-----w- C:\ProgramData\SweetIM
2011-12-24 19:51:31 -------- d-----w- C:\Program Files (x86)\Burn4Free
.
==================== Find3M ====================
.
2012-01-14 19:18:29 900 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2012-01-03 03:55:41 1682 --sha-w- C:\ProgramData\KGyGaAvL.sys
2011-12-06 19:56:02 652 ---ha-w- C:\os604495.bin
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-15 19:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-10 10:54:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec
2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll
.
============= FINISH: 15:25:36.24 ===============

Sorry if I'm missing something
 

Attachments

See less See more
#5 ·
Hiya and welcome to Tech Support Guy :)

P2P Warning!

  • IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    BitTorrent

    Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
    Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

    I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

    Please read these short reports on the dangers of peer-2-peer programs and file sharing.

    I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

    If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.

----------------------------
Now that's out of the way, lets get started :)

Can you go to AddRemove Programs, and uninstall the following:

MyWebSearch
Ask.com
ConduitEngine
BitTorrentBar
Searchqu Toolbar
DealPly
Somoto Toolbar


Then, can you run the following programs:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

Download and scan with SUPERAntiSpyware Free Edition for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Home" button to leave the control center screen.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click Scan your computer.
  • On the left, select all fixed drives.
  • Click "Start Complete Scan" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "Continue".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "Remove Threats" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click View Scan Logs.
      [*]Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      [*]If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      [*]Please copy and paste the Scan Log results in your next reply.
    [*]Click Close to exit the program.


Please include the MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log in your next reply

eddie
 
#6 ·
Alright, when I tried to do the scan for SUPERAntiSpyware my computer shut down and did the same thing.

Then for some reason when I tried to do a second scan for Hijack this I got this error:



I tried doing what it said to an extent but it basically says something doesn't exist

And here's the Malwarebytes scan:

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.29.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
user :: USER-PC [administrator]

Protection: Enabled

1/29/2012 12:09:36 PM
mbam-log-2012-01-29 (12-09-36).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 489174
Time elapsed: 1 hour(s), 6 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 15
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 3
C:\Users\user\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com (Adware.GamesVance) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome (Adware.GamesVance) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components (Adware.GamesVance) -> Quarantined and deleted successfully.

Files Detected: 16
C:\Users\Guest\AppData\Local\My Web Search Installer(0f925e08).exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Guest\AppData\Local\My Web Search Installer(131c3833).exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Guest\AppData\Local\Temp\CE6B.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\Guest\AppData\Local\Temp\D3F8.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Xenocode\Sandbox\Gygan\0.6.5.5\2010.09.29T02.46\Native\STUBEXE\8.0.1112\@APPDATALOCAL@\Google\Chrome\Application\chrome.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Xenocode\Sandbox\Gygan\0.6.5.5\2010.09.29T02.46\Native\STUBEXE\8.0.1112\@SYSTEM@\explorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Xenocode\Sandbox\Gygan\0.6.5.5\2010.09.29T02.46\Virtual\STUBEXE\8.0.1112\@PROGRAMFILES@\Gygan BETA\Gygan.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Xenocode\Sandbox\WinRAR\2010.09.24T19.02\Virtual\STUBEXE\8.0.1112\@PROGRAMFILES@\Gygan BETA\unrar.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\LocalLow\MyWebSearch\bar\setups\mwsautSp.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\time.exe (Worm.VBNA) -> Quarantined and deleted successfully.
C:\Users\user\Downloads\PDFCreatorSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Guest\Desktop\Privacy Protection.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\install.rdf (Adware.GamesVance) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome\gvtextlinks.jar (Adware.GamesVance) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.xpt (Adware.GamesVance) -> Quarantined and deleted successfully.

(end)
 
#7 ·
Okay, lets see if its a rootkit causing the problems:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply


---------------------

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.


  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.


  • Click the Start Scan button.


  • If a suspicious object is detected, the default action will be Skip, click on Continue.


  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.


  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply

------

eddie
 
#8 ·
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-30 20:44:59
-----------------------------
20:44:59.888 OS Version: Windows x64 6.1.7600
20:44:59.888 Number of processors: 4 586 0x170A
20:44:59.888 ComputerName: USER-PC UserName: user
20:45:01.198 Initialize success
20:45:07.468 AVAST engine defs: 12013000
20:45:10.618 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
20:45:10.618 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5CA Size: 476940MB BusType: 3
20:45:10.638 Disk 0 MBR read successfully
20:45:10.638 Disk 0 MBR scan
20:45:10.648 Disk 0 Windows 7 default MBR code
20:45:10.658 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:45:10.668 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
20:45:10.678 Service scanning
20:45:11.738 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
20:45:12.298 Modules scanning
20:45:12.298 Disk 0 trace - called modules:
20:45:12.318 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8003cba2c0]<<spex.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
20:45:12.318 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004dd8060]
20:45:12.318 3 CLASSPNP.SYS[fffff880013c643f] -> nt!IofCallDriver -> [0xfffffa8004b562d0]
20:45:12.328 5 ACPI.sys[fffff8800100b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa8004b58060]
20:45:12.338 \Driver\atapi[0xfffffa8004afa060] -> IRP_MJ_CREATE -> 0xfffffa8003cba2c0
20:45:13.898 AVAST engine scan C:\Windows
20:45:15.698 AVAST engine scan C:\Windows\system32
20:47:35.784 AVAST engine scan C:\Windows\system32\drivers
20:47:45.004 AVAST engine scan C:\Users\user
20:48:56.864 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
20:48:56.894 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-30 20:50:21
-----------------------------
20:50:21.665 OS Version: Windows x64 6.1.7600
20:50:21.665 Number of processors: 4 586 0x170A
20:50:21.665 ComputerName: USER-PC UserName: user
20:50:23.075 Initialize success
20:50:26.625 AVAST engine defs: 12013000
20:50:27.965 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
20:50:27.975 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5CA Size: 476940MB BusType: 3
20:50:27.985 Disk 0 MBR read successfully
20:50:27.985 Disk 0 MBR scan
20:50:27.995 Disk 0 Windows 7 default MBR code
20:50:27.995 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:50:28.005 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
20:50:28.015 Service scanning
20:50:30.715 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
20:50:31.705 Modules scanning
20:50:31.705 Disk 0 trace - called modules:
20:50:31.725 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8003cba2c0]<<spex.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
20:50:31.735 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004dd8060]
20:50:31.735 3 CLASSPNP.SYS[fffff880013c643f] -> nt!IofCallDriver -> [0xfffffa8004b562d0]
20:50:31.745 5 ACPI.sys[fffff8800100b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa8004b58060]
20:50:31.745 \Driver\atapi[0xfffffa8004afa060] -> IRP_MJ_CREATE -> 0xfffffa8003cba2c0
20:50:33.095 AVAST engine scan C:\Windows
20:50:37.865 AVAST engine scan C:\Windows\system32
20:53:04.915 AVAST engine scan C:\Windows\system32\drivers
20:53:15.305 AVAST engine scan C:\Users\user
21:08:18.786 AVAST engine scan C:\ProgramData
21:17:31.609 Scan finished successfully
02:47:37.677 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
02:47:37.697 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"

20:38:14.0924 2336 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
20:38:15.0424 2336 ============================================================
20:38:15.0424 2336 Current date / time: 2012/01/30 20:38:15.0424
20:38:15.0424 2336 SystemInfo:
20:38:15.0424 2336
20:38:15.0424 2336 OS Version: 6.1.7600 ServicePack: 0.0
20:38:15.0424 2336 Product type: Workstation
20:38:15.0424 2336 ComputerName: USER-PC
20:38:15.0424 2336 UserName: user
20:38:15.0424 2336 Windows directory: C:\Windows
20:38:15.0424 2336 System windows directory: C:\Windows
20:38:15.0424 2336 Running under WOW64
20:38:15.0424 2336 Processor architecture: Intel x64
20:38:15.0424 2336 Number of processors: 4
20:38:15.0424 2336 Page size: 0x1000
20:38:15.0424 2336 Boot type: Normal boot
20:38:15.0424 2336 ============================================================
20:38:18.0409 2336 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:38:18.0423 2336 \Device\Harddisk0\DR0:
20:38:18.0424 2336 MBR used
20:38:18.0424 2336 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:38:18.0424 2336 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
20:38:18.0441 2336 Initialize success
20:38:18.0441 2336 ============================================================
20:38:59.0389 4284 ============================================================
20:38:59.0389 4284 Scan started
20:38:59.0389 4284 Mode: Manual; SigCheck; TDLFS;
20:38:59.0389 4284 ============================================================
20:39:01.0059 4284 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
20:39:01.0289 4284 1394ohci - ok
20:39:01.0369 4284 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:39:01.0419 4284 ACPI - ok
20:39:01.0439 4284 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:39:01.0549 4284 AcpiPmi - ok
20:39:01.0679 4284 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
20:39:01.0809 4284 adfs - ok
20:39:01.0879 4284 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:39:01.0929 4284 adp94xx - ok
20:39:01.0969 4284 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:39:02.0009 4284 adpahci - ok
20:39:02.0139 4284 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:39:02.0179 4284 adpu320 - ok
20:39:02.0239 4284 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
20:39:02.0349 4284 AFD - ok
20:39:02.0459 4284 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:39:02.0489 4284 agp440 - ok
20:39:02.0519 4284 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:39:02.0549 4284 aliide - ok
20:39:02.0599 4284 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:39:02.0629 4284 amdide - ok
20:39:02.0659 4284 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:39:02.0729 4284 AmdK8 - ok
20:39:02.0809 4284 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:39:02.0879 4284 AmdPPM - ok
20:39:02.0939 4284 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
20:39:02.0979 4284 amdsata - ok
20:39:03.0009 4284 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:39:03.0039 4284 amdsbs - ok
20:39:03.0069 4284 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
20:39:03.0099 4284 amdxata - ok
20:39:03.0239 4284 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:39:03.0359 4284 AppID - ok
20:39:03.0419 4284 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:39:03.0449 4284 arc - ok
20:39:03.0539 4284 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:39:03.0569 4284 arcsas - ok
20:39:03.0629 4284 aswFsBlk (5bab6d80435f9dff95a7e86c69110b32) C:\Windows\system32\DRIVERS\aswFsBlk.sys
20:39:03.0649 4284 aswFsBlk - ok
20:39:03.0669 4284 aswMonFlt (6067ec1c153f07a9e8e76b45df4d9f8d) C:\Windows\system32\DRIVERS\aswMonFlt.sys
20:39:03.0689 4284 aswMonFlt - ok
20:39:03.0709 4284 aswRdr (e4928b11d24fc5490c92ed74ecd922d0) C:\Windows\system32\drivers\aswRdr.sys
20:39:03.0729 4284 aswRdr - ok
20:39:03.0749 4284 aswSP (c6c9a87dd1ba5815082cd900ebe0bfb1) C:\Windows\system32\drivers\aswSP.sys
20:39:03.0769 4284 aswSP - ok
20:39:03.0789 4284 aswTdi (d6cd3f4c869adf746c87b7188743664f) C:\Windows\system32\drivers\aswTdi.sys
20:39:03.0809 4284 aswTdi - ok
20:39:03.0889 4284 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:39:04.0089 4284 AsyncMac - ok
20:39:04.0159 4284 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:39:04.0189 4284 atapi - ok
20:39:04.0269 4284 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:39:04.0369 4284 b06bdrv - ok
20:39:04.0449 4284 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:39:04.0519 4284 b57nd60a - ok
20:39:04.0609 4284 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:39:04.0729 4284 Beep - ok
20:39:04.0829 4284 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:39:04.0889 4284 blbdrive - ok
20:39:05.0139 4284 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
20:39:05.0239 4284 bowser - ok
20:39:05.0329 4284 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:39:05.0389 4284 BrFiltLo - ok
20:39:05.0429 4284 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:39:05.0479 4284 BrFiltUp - ok
20:39:05.0519 4284 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:39:05.0609 4284 Brserid - ok
20:39:05.0649 4284 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:39:05.0729 4284 BrSerWdm - ok
20:39:05.0819 4284 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:39:05.0889 4284 BrUsbMdm - ok
20:39:05.0929 4284 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:39:05.0989 4284 BrUsbSer - ok
20:39:06.0029 4284 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:39:06.0109 4284 BTHMODEM - ok
20:39:06.0239 4284 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:39:06.0359 4284 cdfs - ok
20:39:06.0399 4284 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
20:39:06.0459 4284 cdrom - ok
20:39:06.0609 4284 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:39:06.0689 4284 circlass - ok
20:39:06.0749 4284 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:39:06.0789 4284 CLFS - ok
20:39:06.0899 4284 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:39:06.0959 4284 CmBatt - ok
20:39:06.0989 4284 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
20:39:07.0029 4284 cmdide - ok
20:39:07.0059 4284 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
20:39:07.0119 4284 CNG - ok
20:39:07.0139 4284 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:39:07.0169 4284 Compbatt - ok
20:39:07.0199 4284 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:39:07.0269 4284 CompositeBus - ok
20:39:07.0369 4284 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:39:07.0399 4284 crcdisk - ok
20:39:07.0479 4284 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
20:39:07.0559 4284 DfsC - ok
20:39:07.0599 4284 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:39:07.0769 4284 discache - ok
20:39:07.0839 4284 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:39:07.0879 4284 Disk - ok
20:39:07.0959 4284 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:39:08.0019 4284 drmkaud - ok
20:39:08.0059 4284 dump_wmimmc - ok
20:39:08.0189 4284 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
20:39:08.0249 4284 DXGKrnl - ok
20:39:08.0309 4284 EagleX64 - ok
20:39:08.0459 4284 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:39:08.0589 4284 ebdrv - ok
20:39:08.0719 4284 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:39:08.0769 4284 elxstor - ok
20:39:08.0789 4284 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
20:39:08.0859 4284 ErrDev - ok
20:39:08.0939 4284 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:39:09.0069 4284 exfat - ok
20:39:09.0239 4284 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:39:09.0339 4284 fastfat - ok
20:39:09.0419 4284 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:39:09.0489 4284 fdc - ok
20:39:09.0639 4284 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:39:09.0669 4284 FileInfo - ok
20:39:09.0729 4284 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:39:09.0859 4284 Filetrace - ok
20:39:09.0899 4284 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:39:09.0959 4284 flpydisk - ok
20:39:10.0019 4284 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:39:10.0059 4284 FltMgr - ok
20:39:10.0109 4284 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:39:10.0149 4284 FsDepends - ok
20:39:10.0189 4284 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:39:10.0219 4284 Fs_Rec - ok
20:39:10.0299 4284 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:39:10.0339 4284 fvevol - ok
20:39:10.0399 4284 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:39:10.0429 4284 gagp30kx - ok
20:39:10.0519 4284 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:39:10.0539 4284 GEARAspiWDM - ok
20:39:10.0829 4284 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
20:39:10.0859 4284 hamachi - ok
20:39:10.0909 4284 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:39:10.0999 4284 hcw85cir - ok
20:39:11.0089 4284 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
20:39:11.0169 4284 HdAudAddService - ok
20:39:11.0229 4284 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:39:11.0299 4284 HDAudBus - ok
20:39:11.0409 4284 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:39:11.0469 4284 HidBatt - ok
20:39:11.0509 4284 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:39:11.0589 4284 HidBth - ok
20:39:11.0629 4284 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:39:11.0679 4284 HidIr - ok
20:39:11.0769 4284 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:39:11.0799 4284 HidUsb - ok
20:39:11.0869 4284 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:39:11.0909 4284 HpSAMD - ok
20:39:11.0949 4284 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:39:12.0089 4284 HTTP - ok
20:39:12.0139 4284 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:39:12.0169 4284 hwpolicy - ok
20:39:12.0289 4284 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:39:12.0329 4284 i8042prt - ok
20:39:12.0499 4284 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
20:39:12.0539 4284 iaStorV - ok
20:39:12.0679 4284 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:39:12.0709 4284 iirsp - ok
20:39:12.0829 4284 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
20:39:12.0919 4284 IntcAzAudAddService - ok
20:39:12.0979 4284 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:39:13.0009 4284 intelide - ok
20:39:13.0059 4284 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:39:13.0129 4284 intelppm - ok
20:39:13.0169 4284 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:39:13.0299 4284 IpFilterDriver - ok
20:39:13.0359 4284 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:39:13.0439 4284 IPMIDRV - ok
20:39:13.0499 4284 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:39:13.0629 4284 IPNAT - ok
20:39:13.0749 4284 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:39:13.0799 4284 IRENUM - ok
20:39:13.0829 4284 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:39:13.0859 4284 isapnp - ok
20:39:13.0899 4284 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:39:13.0939 4284 iScsiPrt - ok
20:39:13.0969 4284 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:39:13.0999 4284 kbdclass - ok
20:39:14.0109 4284 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:39:14.0189 4284 kbdhid - ok
20:39:14.0229 4284 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
20:39:14.0259 4284 KSecDD - ok
20:39:14.0309 4284 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
20:39:14.0339 4284 KSecPkg - ok
20:39:14.0399 4284 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:39:14.0519 4284 ksthunk - ok
20:39:14.0629 4284 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:39:14.0749 4284 lltdio - ok
20:39:14.0859 4284 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
20:39:14.0879 4284 LMIInfo - ok
20:39:15.0109 4284 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
20:39:15.0139 4284 lmimirr - ok
20:39:15.0199 4284 LMIRfsClientNP - ok
20:39:15.0229 4284 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
20:39:15.0259 4284 LMIRfsDriver - ok
20:39:15.0369 4284 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:39:15.0409 4284 LSI_FC - ok
20:39:15.0439 4284 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:39:15.0489 4284 LSI_SAS - ok
20:39:15.0519 4284 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:39:15.0549 4284 LSI_SAS2 - ok
20:39:15.0599 4284 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:39:15.0629 4284 LSI_SCSI - ok
20:39:15.0659 4284 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:39:15.0779 4284 luafv - ok
20:39:15.0999 4284 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
20:39:16.0019 4284 MBAMProtector - ok
20:39:16.0069 4284 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:39:16.0149 4284 megasas - ok
20:39:16.0199 4284 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:39:16.0239 4284 MegaSR - ok
20:39:16.0299 4284 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:39:16.0439 4284 Modem - ok
20:39:16.0549 4284 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:39:16.0639 4284 monitor - ok
20:39:16.0699 4284 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:39:16.0729 4284 mouclass - ok
20:39:16.0759 4284 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:39:16.0819 4284 mouhid - ok
20:39:16.0879 4284 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:39:16.0909 4284 mountmgr - ok
20:39:16.0959 4284 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:39:16.0989 4284 mpio - ok
20:39:17.0009 4284 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:39:17.0149 4284 mpsdrv - ok
20:39:17.0309 4284 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:39:17.0389 4284 MRxDAV - ok
20:39:17.0529 4284 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:39:17.0639 4284 mrxsmb - ok
20:39:17.0709 4284 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:39:17.0769 4284 mrxsmb10 - ok
20:39:17.0809 4284 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:39:17.0889 4284 mrxsmb20 - ok
20:39:18.0039 4284 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
20:39:18.0069 4284 msahci - ok
20:39:18.0169 4284 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:39:18.0199 4284 msdsm - ok
20:39:18.0239 4284 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:39:18.0339 4284 Msfs - ok
20:39:18.0369 4284 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:39:18.0489 4284 mshidkmdf - ok
20:39:18.0599 4284 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:39:18.0629 4284 msisadrv - ok
20:39:18.0679 4284 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:39:18.0799 4284 MSKSSRV - ok
20:39:18.0829 4284 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:39:18.0949 4284 MSPCLOCK - ok
20:39:19.0019 4284 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:39:19.0169 4284 MSPQM - ok
20:39:19.0209 4284 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:39:19.0249 4284 MsRPC - ok
20:39:19.0279 4284 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:39:19.0309 4284 mssmbios - ok
20:39:19.0339 4284 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:39:19.0459 4284 MSTEE - ok
20:39:19.0639 4284 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:39:19.0709 4284 MTConfig - ok
20:39:19.0759 4284 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:39:19.0799 4284 Mup - ok
20:39:19.0869 4284 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:39:19.0949 4284 NativeWifiP - ok
20:39:20.0029 4284 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:39:20.0099 4284 NDIS - ok
20:39:20.0139 4284 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:39:20.0239 4284 NdisCap - ok
20:39:20.0319 4284 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:39:20.0439 4284 NdisTapi - ok
20:39:20.0549 4284 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:39:20.0689 4284 Ndisuio - ok
20:39:20.0899 4284 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:39:21.0029 4284 NdisWan - ok
20:39:21.0069 4284 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:39:21.0179 4284 NDProxy - ok
20:39:21.0249 4284 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:39:21.0349 4284 NetBIOS - ok
20:39:21.0469 4284 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:39:21.0599 4284 NetBT - ok
20:39:21.0689 4284 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:39:21.0719 4284 nfrd960 - ok
20:39:21.0799 4284 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:39:21.0919 4284 Npfs - ok
20:39:21.0939 4284 NPPTNT2 - ok
20:39:21.0969 4284 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:39:22.0089 4284 nsiproxy - ok
20:39:22.0189 4284 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
20:39:22.0289 4284 Ntfs - ok
20:39:22.0359 4284 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:39:22.0449 4284 Null - ok
20:39:22.0489 4284 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
20:39:22.0569 4284 NVENETFD - ok
20:39:22.0679 4284 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
20:39:22.0709 4284 NVHDA - ok
20:39:23.0159 4284 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:39:23.0669 4284 nvlddmkm - ok
20:39:23.0749 4284 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
20:39:23.0779 4284 nvraid - ok
20:39:23.0809 4284 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
20:39:23.0849 4284 nvstor - ok
20:39:23.0899 4284 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:39:23.0939 4284 nv_agp - ok
20:39:23.0969 4284 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:39:24.0029 4284 ohci1394 - ok
20:39:24.0129 4284 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:39:24.0169 4284 Parport - ok
20:39:24.0189 4284 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
20:39:24.0229 4284 partmgr - ok
20:39:24.0289 4284 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:39:24.0349 4284 pci - ok
20:39:24.0459 4284 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:39:24.0509 4284 pciide - ok
20:39:24.0529 4284 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:39:24.0569 4284 pcmcia - ok
20:39:24.0609 4284 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:39:24.0639 4284 pcw - ok
20:39:24.0699 4284 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:39:24.0839 4284 PEAUTH - ok
20:39:25.0069 4284 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:39:25.0189 4284 PptpMiniport - ok
20:39:25.0219 4284 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:39:25.0279 4284 Processor - ok
20:39:25.0389 4284 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:39:25.0509 4284 Psched - ok
20:39:25.0619 4284 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:39:25.0719 4284 ql2300 - ok
20:39:25.0759 4284 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:39:25.0809 4284 ql40xx - ok
20:39:25.0989 4284 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:39:26.0059 4284 QWAVEdrv - ok
20:39:26.0119 4284 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:39:26.0249 4284 RasAcd - ok
20:39:26.0339 4284 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:39:26.0469 4284 RasAgileVpn - ok
20:39:26.0499 4284 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:39:26.0619 4284 Rasl2tp - ok
20:39:26.0679 4284 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:39:26.0809 4284 RasPppoe - ok
20:39:26.0919 4284 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:39:27.0039 4284 RasSstp - ok
20:39:27.0249 4284 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:39:27.0369 4284 rdbss - ok
20:39:27.0439 4284 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:39:27.0499 4284 rdpbus - ok
20:39:27.0559 4284 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:39:27.0719 4284 RDPCDD - ok
20:39:27.0869 4284 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:39:27.0989 4284 RDPENCDD - ok
20:39:28.0019 4284 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:39:28.0109 4284 RDPREFMP - ok
20:39:28.0139 4284 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
20:39:28.0269 4284 RDPWD - ok
20:39:28.0349 4284 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
20:39:28.0389 4284 rdyboost - ok
20:39:28.0449 4284 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:39:28.0569 4284 rspndr - ok
20:39:28.0639 4284 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:39:28.0679 4284 RTL8167 - ok
20:39:28.0739 4284 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:39:28.0759 4284 SASDIFSV - ok
20:39:28.0789 4284 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:39:28.0809 4284 SASKUTIL - ok
20:39:28.0869 4284 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:39:28.0909 4284 sbp2port - ok
20:39:28.0929 4284 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:39:29.0049 4284 scfilter - ok
20:39:29.0109 4284 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:39:29.0219 4284 secdrv - ok
20:39:29.0339 4284 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:39:29.0399 4284 Serenum - ok
20:39:29.0439 4284 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:39:29.0499 4284 Serial - ok
20:39:29.0529 4284 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:39:29.0599 4284 sermouse - ok
20:39:29.0649 4284 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:39:29.0729 4284 sffdisk - ok
20:39:29.0999 4284 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:39:30.0059 4284 sffp_mmc - ok
20:39:30.0099 4284 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:39:30.0169 4284 sffp_sd - ok
20:39:30.0209 4284 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:39:30.0249 4284 sfloppy - ok
20:39:30.0299 4284 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:39:30.0329 4284 SiSRaid2 - ok
20:39:30.0409 4284 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:39:30.0439 4284 SiSRaid4 - ok
20:39:30.0479 4284 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:39:30.0569 4284 Smb - ok
20:39:30.0639 4284 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:39:30.0669 4284 spldr - ok
20:39:30.0819 4284 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
20:39:30.0819 4284 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
20:39:30.0829 4284 sptd ( LockedFile.Multi.Generic ) - warning
20:39:30.0829 4284 sptd - detected LockedFile.Multi.Generic (1)
20:39:30.0869 4284 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
20:39:30.0969 4284 srv - ok
20:39:31.0059 4284 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
20:39:31.0129 4284 srv2 - ok
20:39:31.0179 4284 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
20:39:31.0249 4284 srvnet - ok
20:39:31.0369 4284 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
20:39:31.0399 4284 ssadbus - ok
20:39:31.0469 4284 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:39:31.0499 4284 stexstor - ok
20:39:31.0639 4284 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:39:31.0669 4284 swenum - ok
20:39:31.0919 4284 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
20:39:31.0949 4284 taphss - ok
20:39:32.0079 4284 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
20:39:32.0199 4284 Tcpip - ok
20:39:32.0419 4284 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
20:39:32.0519 4284 TCPIP6 - ok
20:39:32.0659 4284 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:39:32.0759 4284 tcpipreg - ok
20:39:32.0789 4284 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:39:32.0919 4284 TDPIPE - ok
20:39:32.0959 4284 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:39:33.0079 4284 TDTCP - ok
20:39:33.0179 4284 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:39:33.0309 4284 tdx - ok
20:39:33.0469 4284 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:39:33.0499 4284 TermDD - ok
20:39:33.0689 4284 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:39:33.0809 4284 tssecsrv - ok
20:39:33.0889 4284 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:39:33.0989 4284 tunnel - ok
20:39:34.0089 4284 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:39:34.0119 4284 uagp35 - ok
20:39:34.0149 4284 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
20:39:34.0279 4284 udfs - ok
20:39:34.0339 4284 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:39:34.0399 4284 uliagpkx - ok
20:39:34.0429 4284 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:39:34.0489 4284 umbus - ok
20:39:34.0609 4284 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:39:34.0689 4284 UmPass - ok
20:39:34.0829 4284 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
20:39:34.0899 4284 usbaudio - ok
20:39:34.0949 4284 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
20:39:35.0069 4284 usbccgp - ok
20:39:35.0219 4284 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:39:35.0299 4284 usbcir - ok
20:39:35.0349 4284 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
20:39:35.0419 4284 usbehci - ok
20:39:35.0549 4284 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
20:39:35.0639 4284 usbhub - ok
20:39:35.0709 4284 usbio (5c4219c10b5887dff85e1d2779aed55b) C:\Windows\system32\Drivers\dsiarhwprog_x64.sys
20:39:35.0799 4284 usbio - ok
20:39:35.0859 4284 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
20:39:35.0929 4284 usbohci - ok
20:39:35.0999 4284 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:39:36.0069 4284 usbprint - ok
20:39:36.0109 4284 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:39:36.0189 4284 USBSTOR - ok
20:39:36.0389 4284 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:39:36.0469 4284 usbuhci - ok
20:39:36.0539 4284 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
20:39:36.0589 4284 usb_rndisx - ok
20:39:36.0679 4284 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:39:36.0709 4284 vdrvroot - ok
20:39:36.0749 4284 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:39:36.0789 4284 vga - ok
20:39:36.0809 4284 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:39:36.0929 4284 VgaSave - ok
20:39:36.0979 4284 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:39:37.0019 4284 vhdmp - ok
20:39:37.0109 4284 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:39:37.0139 4284 viaide - ok
20:39:37.0159 4284 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:39:37.0189 4284 volmgr - ok
20:39:37.0229 4284 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:39:37.0269 4284 volmgrx - ok
20:39:37.0299 4284 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:39:37.0339 4284 volsnap - ok
20:39:37.0379 4284 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:39:37.0419 4284 vsmraid - ok
20:39:37.0479 4284 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:39:37.0549 4284 vwifibus - ok
20:39:37.0639 4284 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:39:37.0699 4284 WacomPen - ok
20:39:37.0749 4284 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:39:37.0869 4284 WANARP - ok
20:39:37.0899 4284 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:39:37.0989 4284 Wanarpv6 - ok
20:39:38.0109 4284 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:39:38.0139 4284 Wd - ok
20:39:38.0189 4284 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:39:38.0239 4284 Wdf01000 - ok
20:39:38.0309 4284 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:39:38.0409 4284 WfpLwf - ok
20:39:38.0429 4284 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:39:38.0459 4284 WIMMount - ok
20:39:38.0639 4284 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
20:39:38.0709 4284 WinUsb - ok
20:39:38.0799 4284 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:39:38.0939 4284 WmiAcpi - ok
20:39:39.0029 4284 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:39:39.0159 4284 ws2ifsl - ok
20:39:39.0259 4284 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
20:39:39.0389 4284 WudfPf - ok
20:39:39.0549 4284 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:39:39.0659 4284 WUDFRd - ok
20:39:39.0759 4284 X6va001 - ok
20:39:39.0829 4284 X6va002 - ok
20:39:39.0869 4284 X6va005 - ok
20:39:39.0909 4284 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:39:40.0149 4284 \Device\Harddisk0\DR0 - ok
20:39:40.0159 4284 Boot (0x1200) (5056998c04eb4f752cc6a1b9111e71d1) \Device\Harddisk0\DR0\Partition0
20:39:40.0169 4284 \Device\Harddisk0\DR0\Partition0 - ok
20:39:40.0189 4284 Boot (0x1200) (c49579dba4d0aff98866f967d3dd5414) \Device\Harddisk0\DR0\Partition1
20:39:40.0189 4284 \Device\Harddisk0\DR0\Partition1 - ok
20:39:40.0189 4284 ============================================================
20:39:40.0189 4284 Scan finished
20:39:40.0189 4284 ============================================================
20:39:40.0229 3644 Detected object count: 1
20:39:40.0229 3644 Actual detected object count: 1
20:39:55.0129 3644 sptd ( LockedFile.Multi.Generic ) - skipped by user
20:39:55.0129 3644 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
20:40:26.0749 4208 ============================================================
20:40:26.0749 4208 Scan started
20:40:26.0749 4208 Mode: Manual; SigCheck; TDLFS;
20:40:26.0749 4208 ============================================================
20:40:27.0699 4208 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
20:40:27.0769 4208 1394ohci - ok
20:40:27.0809 4208 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:40:27.0849 4208 ACPI - ok
20:40:27.0899 4208 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:40:27.0939 4208 AcpiPmi - ok
20:40:27.0999 4208 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
20:40:28.0029 4208 adfs - ok
20:40:28.0059 4208 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:40:28.0099 4208 adp94xx - ok
20:40:28.0129 4208 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:40:28.0169 4208 adpahci - ok
20:40:28.0229 4208 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:40:28.0269 4208 adpu320 - ok
20:40:28.0319 4208 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
20:40:28.0359 4208 AFD - ok
20:40:28.0399 4208 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:40:28.0429 4208 agp440 - ok
20:40:28.0459 4208 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:40:28.0489 4208 aliide - ok
20:40:28.0619 4208 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:40:28.0649 4208 amdide - ok
20:40:28.0699 4208 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:40:28.0729 4208 AmdK8 - ok
20:40:28.0759 4208 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:40:28.0799 4208 AmdPPM - ok
20:40:28.0839 4208 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
20:40:28.0869 4208 amdsata - ok
20:40:28.0889 4208 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:40:28.0929 4208 amdsbs - ok
20:40:28.0969 4208 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
20:40:28.0999 4208 amdxata - ok
20:40:29.0039 4208 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:40:29.0089 4208 AppID - ok
20:40:29.0129 4208 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:40:29.0159 4208 arc - ok
20:40:29.0189 4208 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:40:29.0219 4208 arcsas - ok
20:40:29.0269 4208 aswFsBlk (5bab6d80435f9dff95a7e86c69110b32) C:\Windows\system32\DRIVERS\aswFsBlk.sys
20:40:29.0289 4208 aswFsBlk - ok
20:40:29.0349 4208 aswMonFlt (6067ec1c153f07a9e8e76b45df4d9f8d) C:\Windows\system32\DRIVERS\aswMonFlt.sys
20:40:29.0369 4208 aswMonFlt - ok
20:40:29.0389 4208 aswRdr (e4928b11d24fc5490c92ed74ecd922d0) C:\Windows\system32\drivers\aswRdr.sys
20:40:29.0409 4208 aswRdr - ok
20:40:29.0429 4208 aswSP (c6c9a87dd1ba5815082cd900ebe0bfb1) C:\Windows\system32\drivers\aswSP.sys
20:40:29.0459 4208 aswSP - ok
20:40:29.0469 4208 aswTdi (d6cd3f4c869adf746c87b7188743664f) C:\Windows\system32\drivers\aswTdi.sys
20:40:29.0489 4208 aswTdi - ok
20:40:29.0519 4208 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:40:29.0619 4208 AsyncMac - ok
20:40:29.0639 4208 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:40:29.0669 4208 atapi - ok
20:40:29.0739 4208 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:40:29.0789 4208 b06bdrv - ok
20:40:29.0899 4208 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:40:29.0939 4208 b57nd60a - ok
20:40:29.0989 4208 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:40:30.0089 4208 Beep - ok
20:40:30.0179 4208 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:40:30.0229 4208 blbdrive - ok
20:40:30.0269 4208 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
20:40:30.0309 4208 bowser - ok
20:40:30.0419 4208 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:40:30.0459 4208 BrFiltLo - ok
20:40:30.0489 4208 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:40:30.0529 4208 BrFiltUp - ok
20:40:30.0599 4208 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:40:30.0649 4208 Brserid - ok
20:40:30.0669 4208 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:40:30.0709 4208 BrSerWdm - ok
20:40:30.0759 4208 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:40:30.0799 4208 BrUsbMdm - ok
20:40:30.0819 4208 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:40:30.0849 4208 BrUsbSer - ok
20:40:30.0869 4208 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:40:30.0909 4208 BTHMODEM - ok
20:40:30.0959 4208 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:40:31.0059 4208 cdfs - ok
20:40:31.0089 4208 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
20:40:31.0129 4208 cdrom - ok
20:40:31.0219 4208 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:40:31.0269 4208 circlass - ok
20:40:31.0319 4208 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:40:31.0359 4208 CLFS - ok
20:40:31.0449 4208 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:40:31.0479 4208 CmBatt - ok
20:40:31.0529 4208 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
20:40:31.0559 4208 cmdide - ok
20:40:31.0609 4208 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
20:40:31.0669 4208 CNG - ok
20:40:31.0689 4208 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:40:31.0719 4208 Compbatt - ok
20:40:31.0729 4208 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:40:31.0769 4208 CompositeBus - ok
20:40:31.0799 4208 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:40:31.0829 4208 crcdisk - ok
20:40:31.0899 4208 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
20:40:31.0929 4208 DfsC - ok
20:40:31.0969 4208 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:40:32.0059 4208 discache - ok
20:40:32.0119 4208 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:40:32.0149 4208 Disk - ok
20:40:32.0179 4208 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:40:32.0229 4208 drmkaud - ok
20:40:32.0249 4208 dump_wmimmc - ok
20:40:32.0439 4208 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
20:40:32.0509 4208 DXGKrnl - ok
20:40:32.0609 4208 EagleX64 - ok
20:40:32.0729 4208 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:40:32.0849 4208 ebdrv - ok
20:40:32.0899 4208 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:40:32.0939 4208 elxstor - ok
20:40:32.0959 4208 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
20:40:32.0999 4208 ErrDev - ok
20:40:33.0089 4208 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:40:33.0189 4208 exfat - ok
20:40:33.0209 4208 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:40:33.0309 4208 fastfat - ok
20:40:33.0349 4208 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:40:33.0379 4208 fdc - ok
20:40:33.0409 4208 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:40:33.0439 4208 FileInfo - ok
20:40:33.0459 4208 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:40:33.0549 4208 Filetrace - ok
20:40:33.0599 4208 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:40:33.0639 4208 flpydisk - ok
20:40:33.0669 4208 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:40:33.0709 4208 FltMgr - ok
20:40:33.0789 4208 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:40:33.0819 4208 FsDepends - ok
20:40:33.0839 4208 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:40:33.0869 4208 Fs_Rec - ok
20:40:33.0919 4208 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:40:33.0959 4208 fvevol - ok
20:40:33.0979 4208 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:40:34.0009 4208 gagp30kx - ok
20:40:34.0139 4208 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:40:34.0169 4208 GEARAspiWDM - ok
20:40:34.0219 4208 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
20:40:34.0239 4208 hamachi - ok
20:40:34.0319 4208 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:40:34.0349 4208 hcw85cir - ok
20:40:34.0409 4208 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
20:40:34.0459 4208 HdAudAddService - ok
20:40:34.0489 4208 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:40:34.0529 4208 HDAudBus - ok
20:40:34.0559 4208 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:40:34.0599 4208 HidBatt - ok
20:40:34.0629 4208 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:40:34.0669 4208 HidBth - ok
20:40:34.0699 4208 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:40:34.0739 4208 HidIr - ok
20:40:34.0799 4208 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:40:34.0829 4208 HidUsb - ok
20:40:34.0899 4208 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:40:34.0929 4208 HpSAMD - ok
20:40:34.0999 4208 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:40:35.0109 4208 HTTP - ok
20:40:35.0119 4208 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:40:35.0159 4208 hwpolicy - ok
20:40:35.0189 4208 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:40:35.0219 4208 i8042prt - ok
20:40:35.0329 4208 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
20:40:35.0369 4208 iaStorV - ok
20:40:35.0429 4208 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:40:35.0459 4208 iirsp - ok
20:40:35.0549 4208 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
20:40:35.0639 4208 IntcAzAudAddService - ok
20:40:35.0749 4208 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:40:35.0769 4208 intelide - ok
20:40:35.0789 4208 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:40:35.0829 4208 intelppm - ok
20:40:35.0859 4208 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:40:35.0959 4208 IpFilterDriver - ok
20:40:36.0019 4208 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:40:36.0049 4208 IPMIDRV - ok
20:40:36.0079 4208 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:40:36.0179 4208 IPNAT - ok
20:40:36.0239 4208 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:40:36.0289 4208 IRENUM - ok
20:40:36.0339 4208 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:40:36.0359 4208 isapnp - ok
20:40:36.0409 4208 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:40:36.0449 4208 iScsiPrt - ok
20:40:36.0469 4208 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:40:36.0499 4208 kbdclass - ok
20:40:36.0519 4208 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:40:36.0549 4208 kbdhid - ok
20:40:36.0629 4208 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
20:40:36.0659 4208 KSecDD - ok
20:40:36.0699 4208 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
20:40:36.0739 4208 KSecPkg - ok
20:40:36.0799 4208 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:40:36.0889 4208 ksthunk - ok
20:40:36.0929 4208 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:40:37.0019 4208 lltdio - ok
20:40:37.0089 4208 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
20:40:37.0109 4208 LMIInfo - ok
20:40:37.0159 4208 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
20:40:37.0179 4208 lmimirr - ok
20:40:37.0289 4208 LMIRfsClientNP - ok
20:40:37.0349 4208 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
20:40:37.0379 4208 LMIRfsDriver - ok
20:40:37.0459 4208 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:40:37.0489 4208 LSI_FC - ok
20:40:37.0549 4208 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:40:37.0579 4208 LSI_SAS - ok
20:40:37.0629 4208 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:40:37.0659 4208 LSI_SAS2 - ok
20:40:37.0679 4208 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:40:37.0709 4208 LSI_SCSI - ok
20:40:37.0739 4208 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:40:37.0829 4208 luafv - ok
20:40:37.0959 4208 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
20:40:37.0989 4208 MBAMProtector - ok
20:40:38.0039 4208 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:40:38.0069 4208 megasas - ok
20:40:38.0099 4208 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:40:38.0129 4208 MegaSR - ok
20:40:38.0159 4208 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:40:38.0259 4208 Modem - ok
20:40:38.0319 4208 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:40:38.0359 4208 monitor - ok
20:40:38.0389 4208 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:40:38.0419 4208 mouclass - ok
20:40:38.0449 4208 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:40:38.0479 4208 mouhid - ok
20:40:38.0529 4208 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:40:38.0559 4208 mountmgr - ok
20:40:38.0599 4208 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:40:38.0639 4208 mpio - ok
20:40:38.0679 4208 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:40:38.0769 4208 mpsdrv - ok
20:40:38.0809 4208 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:40:38.0859 4208 MRxDAV - ok
20:40:38.0899 4208 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:40:38.0939 4208 mrxsmb - ok
20:40:39.0039 4208 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:40:39.0079 4208 mrxsmb10 - ok
20:40:39.0159 4208 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:40:39.0189 4208 mrxsmb20 - ok
20:40:39.0309 4208 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
20:40:39.0339 4208 msahci - ok
20:40:39.0369 4208 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:40:39.0399 4208 msdsm - ok
20:40:39.0449 4208 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:40:39.0539 4208 Msfs - ok
20:40:39.0609 4208 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:40:39.0699 4208 mshidkmdf - ok
20:40:39.0719 4208 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:40:39.0749 4208 msisadrv - ok
20:40:39.0779 4208 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:40:39.0869 4208 MSKSSRV - ok
20:40:39.0889 4208 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:40:39.0979 4208 MSPCLOCK - ok
20:40:40.0059 4208 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:40:40.0159 4208 MSPQM - ok
20:40:40.0269 4208 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:40:40.0309 4208 MsRPC - ok
20:40:40.0369 4208 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:40:40.0399 4208 mssmbios - ok
20:40:40.0409 4208 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:40:40.0509 4208 MSTEE - ok
20:40:40.0529 4208 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:40:40.0559 4208 MTConfig - ok
20:40:40.0589 4208 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:40:40.0619 4208 Mup - ok
20:40:40.0689 4208 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:40:40.0739 4208 NativeWifiP - ok
20:40:40.0789 4208 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:40:40.0849 4208 NDIS - ok
20:40:40.0899 4208 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:40:40.0989 4208 NdisCap - ok
20:40:41.0009 4208 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:40:41.0109 4208 NdisTapi - ok
20:40:41.0129 4208 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:40:41.0229 4208 Ndisuio - ok
20:40:41.0269 4208 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:40:41.0359 4208 NdisWan - ok
20:40:41.0399 4208 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:40:41.0499 4208 NDProxy - ok
20:40:41.0519 4208 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:40:41.0609 4208 NetBIOS - ok
20:40:41.0699 4208 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:40:41.0799 4208 NetBT - ok
20:40:41.0959 4208 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:40:41.0989 4208 nfrd960 - ok
20:40:42.0059 4208 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:40:42.0149 4208 Npfs - ok
20:40:42.0169 4208 NPPTNT2 - ok
20:40:42.0209 4208 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:40:42.0299 4208 nsiproxy - ok
20:40:42.0369 4208 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
20:40:42.0459 4208 Ntfs - ok
20:40:42.0539 4208 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:40:42.0629 4208 Null - ok
20:40:42.0669 4208 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
20:40:42.0719 4208 NVENETFD - ok
20:40:42.0769 4208 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
20:40:42.0799 4208 NVHDA - ok
20:40:43.0189 4208 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:40:43.0679 4208 nvlddmkm - ok
20:40:43.0789 4208 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
20:40:43.0819 4208 nvraid - ok
20:40:43.0849 4208 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
20:40:43.0879 4208 nvstor - ok
20:40:43.0929 4208 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:40:43.0959 4208 nv_agp - ok
20:40:43.0979 4208 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:40:44.0019 4208 ohci1394 - ok
20:40:44.0059 4208 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:40:44.0099 4208 Parport - ok
20:40:44.0119 4208 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
20:40:44.0159 4208 partmgr - ok
20:40:44.0229 4208 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:40:44.0269 4208 pci - ok
20:40:44.0299 4208 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:40:44.0329 4208 pciide - ok
20:40:44.0379 4208 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:40:44.0419 4208 pcmcia - ok
20:40:44.0469 4208 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:40:44.0499 4208 pcw - ok
20:40:44.0609 4208 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:40:44.0729 4208 PEAUTH - ok
20:40:44.0819 4208 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:40:44.0919 4208 PptpMiniport - ok
20:40:44.0939 4208 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:40:44.0979 4208 Processor - ok
20:40:45.0009 4208 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:40:45.0109 4208 Psched - ok
20:40:45.0169 4208 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:40:45.0259 4208 ql2300 - ok
20:40:45.0369 4208 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:40:45.0399 4208 ql40xx - ok
20:40:45.0429 4208 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:40:45.0479 4208 QWAVEdrv - ok
20:40:45.0509 4208 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:40:45.0609 4208 RasAcd - ok
20:40:45.0639 4208 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:40:45.0729 4208 RasAgileVpn - ok
20:40:45.0769 4208 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:40:45.0859 4208 Rasl2tp - ok
20:40:45.0909 4208 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:40:46.0009 4208 RasPppoe - ok
20:40:46.0049 4208 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:40:46.0149 4208 RasSstp - ok
20:40:46.0169 4208 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:40:46.0269 4208 rdbss - ok
20:40:46.0309 4208 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:40:46.0349 4208 rdpbus - ok
20:40:46.0379 4208 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:40:46.0479 4208 RDPCDD - ok
20:40:46.0499 4208 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:40:46.0589 4208 RDPENCDD - ok
20:40:46.0609 4208 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:40:46.0709 4208 RDPREFMP - ok
20:40:46.0749 4208 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
20:40:46.0849 4208 RDPWD - ok
20:40:46.0969 4208 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
20:40:46.0999 4208 rdyboost - ok
20:40:47.0079 4208 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:40:47.0179 4208 rspndr - ok
20:40:47.0209 4208 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:40:47.0249 4208 RTL8167 - ok
20:40:47.0299 4208 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:40:47.0319 4208 SASDIFSV - ok
20:40:47.0339 4208 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:40:47.0359 4208 SASKUTIL - ok
20:40:47.0399 4208 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:40:47.0429 4208 sbp2port - ok
20:40:47.0479 4208 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:40:47.0579 4208 scfilter - ok
20:40:47.0619 4208 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:40:47.0719 4208 secdrv - ok
20:40:47.0749 4208 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:40:47.0789 4208 Serenum - ok
20:40:47.0819 4208 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:40:47.0859 4208 Serial - ok
20:40:47.0889 4208 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:40:47.0919 4208 sermouse - ok
20:40:47.0999 4208 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:40:48.0039 4208 sffdisk - ok
20:40:48.0099 4208 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:40:48.0139 4208 sffp_mmc - ok
20:40:48.0159 4208 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:40:48.0199 4208 sffp_sd - ok
20:40:48.0219 4208 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:40:48.0259 4208 sfloppy - ok
20:40:48.0299 4208 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:40:48.0329 4208 SiSRaid2 - ok
20:40:48.0349 4208 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:40:48.0379 4208 SiSRaid4 - ok
20:40:48.0409 4208 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:40:48.0499 4208 Smb - ok
20:40:48.0629 4208 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:40:48.0659 4208 spldr - ok
20:40:48.0749 4208 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
20:40:48.0749 4208 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
20:40:48.0749 4208 sptd ( LockedFile.Multi.Generic ) - warning
20:40:48.0749 4208 sptd - detected LockedFile.Multi.Generic (1)
20:40:48.0789 4208 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
20:40:48.0839 4208 srv - ok
20:40:48.0889 4208 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
20:40:48.0929 4208 srv2 - ok
20:40:48.0959 4208 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
20:40:48.0999 4208 srvnet - ok
20:40:49.0089 4208 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
20:40:49.0119 4208 ssadbus - ok
20:40:49.0169 4208 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:40:49.0199 4208 stexstor - ok
20:40:49.0229 4208 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:40:49.0259 4208 swenum - ok
20:40:49.0319 4208 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
20:40:49.0349 4208 taphss - ok
20:40:49.0499 4208 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
20:40:49.0599 4208 Tcpip - ok
20:40:49.0749 4208 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
20:40:49.0849 4208 TCPIP6 - ok
20:40:49.0909 4208 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:40:49.0999 4208 tcpipreg - ok
20:40:50.0029 4208 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:40:50.0129 4208 TDPIPE - ok
20:40:50.0179 4208 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:40:50.0269 4208 TDTCP - ok
20:40:50.0309 4208 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:40:50.0399 4208 tdx - ok
20:40:50.0449 4208 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:40:50.0479 4208 TermDD - ok
20:40:50.0621 4208 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:40:50.0718 4208 tssecsrv - ok
20:40:50.0761 4208 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:40:50.0858 4208 tunnel - ok
20:40:50.0883 4208 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:40:50.0914 4208 uagp35 - ok
20:40:50.0947 4208 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
20:40:51.0049 4208 udfs - ok
20:40:51.0088 4208 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:40:51.0118 4208 uliagpkx - ok
20:40:51.0144 4208 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:40:51.0180 4208 umbus - ok
20:40:51.0231 4208 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:40:51.0268 4208 UmPass - ok
20:40:51.0333 4208 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
20:40:51.0378 4208 usbaudio - ok
20:40:51.0421 4208 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
20:40:51.0458 4208 usbccgp - ok
20:40:51.0483 4208 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:40:51.0529 4208 usbcir - ok
20:40:51.0603 4208 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
20:40:51.0638 4208 usbehci - ok
20:40:51.0681 4208 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
20:40:51.0724 4208 usbhub - ok
20:40:51.0779 4208 usbio (5c4219c10b5887dff85e1d2779aed55b) C:\Windows\system32\Drivers\dsiarhwprog_x64.sys
20:40:51.0811 4208 usbio - ok
20:40:51.0839 4208 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
20:40:51.0875 4208 usbohci - ok
20:40:51.0908 4208 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:40:51.0952 4208 usbprint - ok
20:40:51.0992 4208 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:40:52.0032 4208 USBSTOR - ok
20:40:52.0067 4208 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:40:52.0105 4208 usbuhci - ok
20:40:52.0171 4208 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
20:40:52.0216 4208 usb_rndisx - ok
20:40:52.0280 4208 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:40:52.0309 4208 vdrvroot - ok
20:40:52.0339 4208 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:40:52.0379 4208 vga - ok
20:40:52.0399 4208 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:40:52.0499 4208 VgaSave - ok
20:40:52.0529 4208 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:40:52.0559 4208 vhdmp - ok
20:40:52.0599 4208 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:40:52.0629 4208 viaide - ok
20:40:52.0649 4208 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:40:52.0679 4208 volmgr - ok
20:40:52.0719 4208 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:40:52.0759 4208 volmgrx - ok
20:40:52.0779 4208 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:40:52.0819 4208 volsnap - ok
20:40:52.0879 4208 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:40:52.0919 4208 vsmraid - ok
20:40:52.0939 4208 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:40:52.0989 4208 vwifibus - ok
20:40:53.0019 4208 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:40:53.0059 4208 WacomPen - ok
20:40:53.0079 4208 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:40:53.0179 4208 WANARP - ok
20:40:53.0189 4208 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:40:53.0279 4208 Wanarpv6 - ok
20:40:53.0369 4208 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:40:53.0399 4208 Wd - ok
20:40:53.0439 4208 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:40:53.0499 4208 Wdf01000 - ok
20:40:53.0599 4208 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:40:53.0689 4208 WfpLwf - ok
20:40:53.0709 4208 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:40:53.0739 4208 WIMMount - ok
20:40:53.0829 4208 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
20:40:53.0869 4208 WinUsb - ok
20:40:53.0949 4208 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:40:53.0979 4208 WmiAcpi - ok
20:40:54.0049 4208 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:40:54.0149 4208 ws2ifsl - ok
20:40:54.0199 4208 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
20:40:54.0289 4208 WudfPf - ok
20:40:54.0359 4208 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:40:54.0459 4208 WUDFRd - ok
20:40:54.0539 4208 X6va001 - ok
20:40:54.0559 4208 X6va002 - ok
20:40:54.0579 4208 X6va005 - ok
20:40:54.0639 4208 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:40:54.0879 4208 \Device\Harddisk0\DR0 - ok
20:40:54.0889 4208 Boot (0x1200) (5056998c04eb4f752cc6a1b9111e71d1) \Device\Harddisk0\DR0\Partition0
20:40:54.0889 4208 \Device\Harddisk0\DR0\Partition0 - ok
20:40:54.0909 4208 Boot (0x1200) (c49579dba4d0aff98866f967d3dd5414) \Device\Harddisk0\DR0\Partition1
20:40:54.0919 4208 \Device\Harddisk0\DR0\Partition1 - ok
20:40:54.0919 4208 ============================================================
20:40:54.0919 4208 Scan finished
20:40:54.0919 4208 ============================================================
20:40:54.0939 5492 Detected object count: 1
20:40:54.0939 5492 Actual detected object count: 1
20:41:02.0969 5492 sptd ( LockedFile.Multi.Generic ) - skipped by user
20:41:02.0969 5492 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
 
#9 ·
Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

eddie
 
#10 ·
ComboFix 12-01-31.01 - user 02/01/2012 0:45.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4092.2286 [GMT -5:00]
Running from: c:\users\user\Desktop\username123.exe
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Windows Searchqu Toolbar
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\imeshcode.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\manifest.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstallTB.exe
c:\programdata\Amazon.ico
c:\programdata\MercadoLivre.ico
c:\programdata\QuickStores.ico
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))))
.
.
2012-02-01 08:20 . 2012-02-01 08:20 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79A2E876-C2C2-4331-943A-45D35859BB72}\offreg.dll
2012-02-01 06:04 . 2012-02-01 06:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-02-01 06:04 . 2012-02-01 06:04 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-02-01 06:04 . 2012-02-01 06:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-31 18:58 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79A2E876-C2C2-4331-943A-45D35859BB72}\mpengine.dll
2012-01-29 23:18 . 2012-01-29 23:18 388096 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-29 23:18 . 2012-01-29 23:18 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-29 23:00 . 2012-01-29 23:00 -------- d-----w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com
2012-01-29 23:00 . 2012-01-29 23:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-29 23:00 . 2012-01-29 23:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-29 16:24 . 2012-01-29 16:24 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2012-01-29 16:23 . 2012-01-29 16:23 -------- d-----w- c:\programdata\Malwarebytes
2012-01-29 16:23 . 2012-01-29 16:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-29 16:23 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-28 21:26 . 2012-02-01 22:55 -------- d-----w- c:\program files (x86)\Steam
2012-01-22 21:51 . 2012-01-22 21:51 -------- d--h--w- c:\programdata\Common Files
2012-01-22 21:51 . 2012-01-22 21:51 -------- d-----w- c:\programdata\MFAData
2012-01-20 00:19 . 2012-01-20 00:19 -------- d-----w- c:\program files (x86)\WinDS PRO
2012-01-11 05:12 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 05:12 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 05:12 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 05:12 . 2011-10-26 04:28 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 05:12 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 05:12 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 05:12 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 05:12 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-03 19:38 . 2012-01-03 19:38 -------- d-----w- c:\programdata\boost_interprocess
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-30 20:54 . 2009-12-25 21:03 1682 --sha-w- c:\programdata\KGyGaAvL.sys
2011-12-07 15:39 . 2009-12-25 18:37 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-11-24 05:00 . 2011-12-14 06:45 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 10:54 . 2010-07-24 15:39 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-05 05:26 . 2011-12-14 06:45 1197568 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:23 . 2011-12-14 06:45 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-05 05:17 . 2011-12-14 06:44 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 06:45 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:34 . 2011-12-14 06:45 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-11-05 04:30 . 2011-12-14 06:44 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 04:07 . 2011-12-14 06:45 482816 ----a-w- c:\windows\system32\html.iec
2011-11-05 03:28 . 2011-12-14 06:45 386048 ----a-w- c:\windows\SysWow64\html.iec
2011-11-05 03:25 . 2011-12-14 06:45 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:55 . 2011-12-14 06:45 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-08-24 130864]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 23:21 1299248 ----a-w- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-06-03 18:25 194848 ------w- c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2010-03-08 3972440]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTProAgent.exe" [2009-12-18 427328]
"Xvid"="c:\program files (x86)\XviD\CheckUpdate.exe" [2011-01-17 8192]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-29 3077528]
"Akamai NetSession Interface"="c:\users\user\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-01-28 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Voobys!.lnk - c:\users\user\AppData\Roaming\Microsoft\Installer\{24EF2EDA-1224-4D3C-9C67-B45AF0C1D056}\_E81200C3A88A51B823FC48.exe [2011-9-9 3774]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\SEARCH~1\SEARCH~1\datamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-29 135664]
R3 dump_wmimmc;dump_wmimmc;c:\netmarbleglobal\MiniFighter\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-29 135664]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va001;X6va001;c:\users\user\AppData\Local\Temp\001583B.tmp [x]
R3 X6va002;X6va002;c:\users\user\AppData\Local\Temp\0027F1.tmp [x]
R3 X6va005;X6va005;c:\users\user\AppData\Local\Temp\005A9CF.tmp [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSP;avast! Self Protection; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-09-27 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-29 22:43]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-29 22:43]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2574968984-2760118976-3780075422-1001Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-25 18:45]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2574968984-2760118976-3780075422-1001UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-25 18:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-21 7981088]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-05-31 57928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\SEARCH~1\SEARCH~1\x64\datamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchqu.com/421
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\ConduitEngine.dll
BHO-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files (x86)\BitTorrentBar\tbBitT.dll
Toolbar-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files (x86)\BitTorrentBar\tbBitT.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\ConduitEngine.dll
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-4StoryPrePatch - c:\program files (x86)\Zemi Interactive\4Story_US\PrePatch.exe
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
Toolbar-10 - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-BitTorrentBar Toolbar - c:\progra~2\BITTOR~2\UNWISE.EXE
AddRemove-conduitEngine - c:\progra~2\CONDUI~1\ConduitEngineUninstall.exe
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-ESF - c:\users\user\Downloads\Counter-Strike 1.6 + Half-Life\esf\Uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_heroes.exe
AddRemove-Searchqu 421 MediaBar - c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstallTB.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files (x86)\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files (x86)\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\001583B.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va002]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\0027F1.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\005A9CF.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\asw6Noti.exe
c:\program files\Alwil Software\Avast4\asw6Noti.exe
c:\program files\Alwil Software\Avast4\asw6Noti.exe
c:\program files\Alwil Software\Avast4\asw6Noti.exe
c:\program files\Alwil Software\Avast4\asw6Noti.exe
c:\program files (x86)\Voobys\Voobys.exe
c:\program files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
c:\users\user\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\user\AppData\Local\Google\Chrome\Application\chrome.exe
c:\windows\SysWOW64\rundll32.exe
c:\users\user\AppData\Local\Google\Chrome\Application\chrome.exe
c:\windows\SysWOW64\DllHost.exe
.
**************************************************************************
.
Completion time: 2012-02-01 18:01:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-01 23:01
.
Pre-Run: 259,690,426,368 bytes free
Post-Run: 259,233,427,456 bytes free
.
- - End Of File - - E9CB906007F360FC5944F4024A582C53
 
#11 ·
Thanks :)

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

eddie
 
#12 ·
OTL logfile created on: 2/3/2012 3:07:25 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 55.43% Memory free
7.99 Gb Paging File | 5.99 Gb Available in Paging File | 74.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 241.16 Gb Free Space | 51.79% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/03 15:06:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2012/02/01 01:15:11 | 000,012,312 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\asw6Noti.exe
PRC - [2012/01/29 12:38:27 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\user\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/23 05:57:30 | 003,334,432 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/10/02 06:15:02 | 001,700,752 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
PRC - [2011/08/21 03:16:38 | 000,053,248 | ---- | M] (Voobys!) -- C:\Program Files (x86)\Voobys\Voobys.exe
PRC - [2011/08/15 15:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/05/25 01:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/04/29 15:16:26 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/03/08 16:04:49 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/03/06 03:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/12 13:47:27 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/12 13:47:18 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/12 13:47:15 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d71769228ebe7732ae31ac194fe00ff0\Accessibility.ni.dll
MOD - [2011/10/12 13:46:41 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/12 13:46:27 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010/03/08 16:00:11 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2009/12/03 19:17:25 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV:64bit: - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV:64bit: - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV:64bit: - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/31 18:16:09 | 003,342,112 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_e286960.dll -- (Akamai)
SRV - [2012/01/28 16:27:44 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/15 15:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/05/25 01:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/09/27 13:54:56 | 000,120,712 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2010/09/27 13:52:20 | 000,373,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/05/31 10:31:10 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/04/29 15:16:26 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/04/27 14:57:48 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/29 01:02:00 | 003,407,292 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 09:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/25 01:09:17 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/27 13:55:24 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2010/05/31 10:31:10 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/05/31 10:30:44 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/03/26 14:07:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010/02/18 04:25:57 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/11/24 18:50:25 | 000,089,680 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2009/11/24 18:50:05 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2009/11/24 18:49:56 | 000,065,616 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2009/11/24 18:49:10 | 000,053,840 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2009/11/24 18:49:00 | 000,027,216 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/02/08 08:48:04 | 000,051,600 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dsiarhwprog_x64.sys -- (usbio)
DRV - [2010/05/31 10:31:10 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/12/31 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\InprocServer32 File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/421
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 AD 6C A3 91 85 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@SparkplayMedia.com/Sparkplayer (Beta): C:\Users\user\Documents\Sparkplay Media\Sparkplayer (Beta)\npSparkPlayerNS.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\BYOND: C:\Program Files (x86)\BYOND\bin\npbyond.dll (BYOND)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

[2010/05/20 00:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2010/04/24 11:16:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions
[2010/04/24 11:16:30 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: BYOND stub plugin for Mozilla (Enabled) = C:\Program Files (x86)\BYOND\bin\npbyond.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Sparkplayer (Beta) (Enabled) = C:\Users\user\Documents\Sparkplay Media\Sparkplayer (Beta)\npSparkPlayerNS.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/02/01 17:55:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll渀搀漀眀猀 File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll File not found
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll File not found
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\XviD\CheckUpdate.exe ()
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voobys!.lnk = C:\Users\user\AppData\Roaming\Microsoft\Installer\{24EF2EDA-1224-4D3C-9C67-B45AF0C1D056}\_E81200C3A88A51B823FC48.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D3948F2-4C59-4A78-9B28-3E7278201FB8}: DhcpNameServer = 167.206.254.1 167.206.254.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll) -C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll) -C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/03 15:06:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/02/01 17:55:02 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/02/01 01:04:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/01 00:41:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/01 00:41:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/01 00:41:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/01 00:41:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/01 00:41:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/01 00:39:13 | 004,395,075 | R--- | C] (Swearware) -- C:\Users\user\Desktop\username123.exe
[2012/01/30 20:43:47 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\New folder
[2012/01/30 20:37:59 | 002,059,056 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2012/01/30 20:19:55 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2012/01/29 18:18:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/01/29 18:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/01/29 18:00:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com
[2012/01/29 18:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/01/29 18:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/01/29 18:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/29 11:24:07 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2012/01/29 11:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/29 11:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/29 11:23:58 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/29 11:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/29 11:00:41 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\RPGVXAce
[2012/01/28 16:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/01/28 16:26:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/01/22 16:51:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/01/22 16:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/01/20 01:26:44 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\New folder (5)
[2012/01/19 19:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDS PRO
[2012/01/19 19:19:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDS PRO
[2012/01/12 21:05:43 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Jeff Dunham
[2012/01/04 17:54:54 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\The Jeff Dunham Show - The Complete Season 1 [DVDRip & HDTV]
[2009/12/26 03:32:13 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/03 15:06:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/02/03 14:45:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2574968984-2760118976-3780075422-1001UA.job
[2012/02/03 14:40:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/03 12:44:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2574968984-2760118976-3780075422-1001Core.job
[2012/02/03 00:40:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/01 20:29:32 | 003,907,584 | ---- | M] () -- C:\Users\user\Desktop\End of the world.mp3
[2012/02/01 17:55:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/01 01:14:28 | 000,016,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/01 01:14:28 | 000,016,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/01 01:11:21 | 000,793,896 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/01 01:11:21 | 000,164,982 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/01 01:11:21 | 000,005,556 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/01 01:06:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/01 01:06:39 | 3217,772,544 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/01 00:39:19 | 004,395,075 | R--- | M] (Swearware) -- C:\Users\user\Desktop\username123.exe
[2012/01/31 02:47:37 | 000,000,512 | ---- | M] () -- C:\Users\user\Desktop\MBR.dat
[2012/01/30 20:38:08 | 002,059,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2012/01/30 20:20:17 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2012/01/30 15:56:46 | 000,000,900 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012/01/30 15:54:03 | 000,001,682 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/01/29 18:18:48 | 000,002,971 | ---- | M] () -- C:\Users\user\Desktop\HiJackThis.lnk
[2012/01/29 18:00:24 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/29 11:24:00 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/28 16:26:52 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/01/25 23:48:46 | 000,002,395 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2012/01/25 14:40:34 | 030,277,660 | ---- | M] () -- C:\Users\user\Desktop\Skyrim My Little Pony Dragon Mod.avi
[2012/01/22 16:50:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/01/20 15:28:41 | 785,235,514 | ---- | M] () -- C:\Users\user\Desktop\Ed, Edd N' Eddy's Big Picture Show.avi
[2012/01/09 21:25:14 | 005,030,638 | ---- | M] () -- C:\Users\user\Desktop\Winter in New York.avi
[2012/01/04 23:49:00 | 000,013,440 | ---- | M] () -- C:\Users\user\Desktop\Memory Book.odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/01 20:29:33 | 003,907,584 | ---- | C] () -- C:\Users\user\Desktop\End of the world.mp3
[2012/02/01 00:41:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/01 00:41:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/01 00:41:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/01 00:41:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/01 00:41:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/30 20:48:56 | 000,000,512 | ---- | C] () -- C:\Users\user\Desktop\MBR.dat
[2012/01/29 18:18:48 | 000,002,971 | ---- | C] () -- C:\Users\user\Desktop\HiJackThis.lnk
[2012/01/29 18:00:24 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/29 11:24:00 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/28 16:26:52 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/01/25 14:38:47 | 030,277,660 | ---- | C] () -- C:\Users\user\Desktop\Skyrim My Little Pony Dragon Mod.avi
[2012/01/20 15:13:17 | 785,235,514 | ---- | C] () -- C:\Users\user\Desktop\Ed, Edd N' Eddy's Big Picture Show.avi
[2012/01/20 01:29:57 | 134,217,728 | ---- | C] () -- C:\Users\user\Desktop\Pokemon Heart Gold.nds
[2012/01/19 19:10:12 | 134,217,728 | ---- | C] () -- C:\Users\user\Desktop\Gold.nds
[2012/01/09 21:25:06 | 005,030,638 | ---- | C] () -- C:\Users\user\Desktop\Winter in New York.avi
[2012/01/04 23:48:58 | 000,013,440 | ---- | C] () -- C:\Users\user\Desktop\Memory Book.odt
[2011/12/24 15:03:11 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/12/14 17:16:45 | 000,156,160 | ---- | C] () -- C:\Windows\SysWow64\WS_ContextMenu.dll
[2011/11/09 17:40:50 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/05/20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/01/13 05:38:05 | 000,000,066 | ---- | C] () -- C:\Windows\Easy MOV Converter.INI
[2011/01/07 00:20:55 | 000,000,593 | ---- | C] () -- C:\Users\user\AppData\Roaming\ClipExtractor-YouTube-Clip-ExtractorFlvConverterDefaultSettings.xml
[2010/10/20 16:30:48 | 000,000,132 | ---- | C] () -- C:\Users\user\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/06/19 03:25:25 | 000,000,092 | ---- | C] () -- C:\Users\user\AppData\Local\fusioncache.dat
[2010/06/19 03:07:28 | 000,743,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/18 21:00:36 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\Temp0cdab112c4a6e11872374c7bded4a529.lock
[2010/05/11 17:04:32 | 000,000,132 | ---- | C] () -- C:\Users\user\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/04/29 15:16:28 | 000,215,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/04/29 15:16:26 | 002,427,248 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_heroes.exe
[2010/04/29 15:16:26 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/02/17 22:39:19 | 000,007,605 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2010/01/29 12:04:16 | 000,087,040 | ---- | C] () -- C:\Windows\UnGins.exe
[2010/01/14 18:17:53 | 000,003,584 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/05 12:50:20 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\D9E9DCBFD8.sys
[2010/01/05 12:50:18 | 000,000,900 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/12/30 01:20:17 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/12/27 19:38:07 | 000,095,151 | ---- | C] () -- C:\Windows\SysWow64\wbers.dat.dmp
[2009/12/25 16:03:27 | 000,001,682 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/12/25 16:03:27 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5B5DB5DF3E.sys
[2009/12/11 01:40:16 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\nbzlib.dll
[2009/12/11 01:40:16 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\NBAsm.dll
[2009/12/03 19:14:38 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2009/08/23 10:06:44 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/08/23 09:43:46 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/03/18 08:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2005/08/30 00:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2005/08/30 00:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2005/08/30 00:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
[2001/06/21 13:13:48 | 000,081,332 | ---- | C] () -- C:\Windows\SysWow64\bass.dll

========== LOP Check ==========

[2009/12/29 17:37:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\acccore
[2011/12/14 17:26:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AnvSoft
[2011/06/07 21:48:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Audacity
[2011/08/09 04:48:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AUNSoft
[2010/02/12 03:23:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BitCometLite
[2012/01/30 20:26:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BitTorrent
[2011/02/25 20:02:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\CherryTree
[2010/02/18 07:50:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Pro
[2011/12/24 17:27:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FreeBurner
[2011/02/27 22:22:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GetRightToGo
[2010/10/05 22:23:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Gygan
[2010/11/24 19:30:59 | 000,000,000 | -H-D | M] -- C:\Users\user\AppData\Roaming\ijjigame
[2011/06/28 09:41:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leawo
[2011/06/30 16:49:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leawo Video2AVI v2
[2010/06/17 00:08:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient
[2011/08/16 04:05:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Macro Recorder
[2011/06/28 09:41:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Moyea
[2011/09/14 17:40:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MP42MOV
[2010/08/30 22:54:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mumble
[2010/02/17 06:02:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\NeopleLauncherDFO
[2010/02/15 18:36:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\NPLUTO Corporation
[2010/07/15 20:52:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2011/12/04 09:24:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Pokemon Online
[2010/03/28 22:43:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SecondLife
[2010/12/04 10:13:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Tibia
[2011/12/04 15:55:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Toon Boom Animation
[2010/06/19 03:25:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Turbine
[2011/02/18 23:04:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Unity
[2010/02/12 20:25:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2010/07/15 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WeatherBug
[2011/12/14 17:18:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Wondershare Video Converter Ultimate
[2011/11/28 17:24:11 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2012/01/29 11:00:04 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG????VX Ace ???) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPGツクールVX Ace 体験版
[2010/08/18 21:49:12 | 000,000,000 | ---D | M](C:\Users\user\Documents\?? ???) -- C:\Users\user\Documents\넥슨 플러그
[2010/08/18 21:49:12 | 000,000,000 | ---D | C](C:\Users\user\Documents\?? ???) -- C:\Users\user\Documents\넥슨 플러그

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:661DFA1C
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BEB15613

< End of report >

OTL Extras logfile created on: 2/3/2012 3:07:25 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 55.43% Memory free
7.99 Gb Paging File | 5.99 Gb Available in Paging File | 74.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 241.16 Gb Free Space | 51.79% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5A9B7F58-F8E7-4C72-BA4B-B70D24E84EEA}_is1" = Mp4 to Mov Converter 1.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BAF9E4D0-F3D1-4355-B973-1384CDF1941C}" = Hex Workshop v6.6
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR archiver
"XviD MPEG-4 Video Codec_is1" = XviD v1.2.0 CVS

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07771631-6FE6-4D78-A705-D146C0D328A1}_is1" = Aunsoft SWF Converter version 1.2.1.1
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24EF2EDA-1224-4D3C-9C67-B45AF0C1D056}" = Voobys
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 1.0.30 Patch 1
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{305A5A74-A839-403E-88D4-5E6E5F7EFE3E}" = Toon Boom Animate 2 PLE
"{30C01299-554C-4B62-BD0F-849F43E01C91}_is1" = Pokemon World Online version 1.81
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{417E8AF0-DAED-4807-82CD-0E4232EFA559}" = Rusty Hearts PWE
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B04C8A6-8282-420B-A9CD-62E68E8A47C2}" = URL.BIZ ip blocker 1.0
"{4EC1177C-E3E8-4CEE-8E9F-E6D4E6F7B2E2}_is1" = WinDS PRO DSi 2.2.1
"{52A4E146-A102-4ED0-970F-6B1715EB3C86}" = Quake Live Mozilla Plugin
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5D112C61-C8D0-4718-8DD7-B9115EB9AF90}" = LogMeIn
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714DAA5E-803F-44A2-8512-64F26E681030}_is1" = Gygan
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7D42B43A-EA63-4234-B00A-757C15B2B185}_is1" = Leawo AVI Converter version 4.0.0.0
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.3.120
"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B5408C28-8D1F-4D65-AA49-02FBD56136FF}" = WolfQuest
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C3234E43-10BF-470E-BD2B-2E36EA29D11C}" = League of Legends
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D33A04C3-61F3-45BE-B0B7-BF084A787B9C}_is1" = Eternal Grace Episode 1 Version 1.0 (64 bit)
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface Service
"Any Video Converter Professional_is1" = Any Video Converter Professional 3.3.1
"Any Video Converter_is1" = Any Video Converter 3.2.5
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"avast!" = avast! Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
"Burn4Free DVD Burning_is1" = Burn4Free DVD Burning 5.8.0.0
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Clip Extractor Toolbar" = Clip Extractor Toolbar
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"conduitEngine" = Conduit Engine
"CoView_is1" = CoView
"DealPly" = DealPly
"DragonNest" = DragonNest
"Drumaxx" = Drumaxx
"Easy MOV Converter_is1" = Easy MOV Converter 1.3.5
"ESF" = Earth's Special Forces
"FL Studio 9" = FL Studio 9
"Free Easy Burner_is1" = Free Easy Burner V 5.1
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"ips XP_is1" = ips XP 1.11.2600
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"MFZ0CODEC" = MFZ0 codec (Remove Only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MinecraftCrack1.0" = MinecraftCrack
"Mumble" = Mumble and Murmur
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"PFPortChecker" = PFPortChecker 1.0.36
"PoiZone" = PoiZone
"PROHYBRIDR" = 2007 Microsoft Office system
"PunkBusterSvc" = PunkBuster Services
"RPG Maker 2003_is1" = RPG Maker 2003 v1.08
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"RPGVXAce_J_Trial_is1" = RPGツクールVX Ace 体験版
"Sakura" = Sakura
"Sawer" = Sawer
"SearchCore for Browsers" = SearchCore for Browsers
"Searchqu 421 MediaBar" = Windows Searchqu Toolbar
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft II" = StarCraft II
"StencylWorks" = StencylWorks
"SystemRequirementsLab" = System Requirements Lab
"TMACv5.0R3" = Technitium MAC Address Changer v5.0 Release 3
"Toxic Biohazard" = Toxic Biohazard
"VLC media player" = VLC media player 1.0.1
"War of Conquest" = War of Conquest
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wondershare Video Converter Ultimate_is1" = Wondershare Video Converter Ultimate(Build 5.7.0.4)
"XviD Video Codec" = XviD Video Codec (remove only)
"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"09e5f34d09ff8c7d" = OCTGN
"Akamai" = Akamai NetSession Interface
"cae94a2eefe1185d" = Macro Recorder
"Google Chrome" = Google Chrome
"Sparkplayer (Beta)" = Sparkplayer (Beta)
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 1/22/2012 4:45:30 PM | Computer Name = user-PC | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 1/22/2012 4:45:30 PM | Computer Name = user-PC | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 1/22/2012 4:45:32 PM | Computer Name = user-PC | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

[ Application Events ]
Error - 1/31/2012 1:32:32 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 1/31/2012 1:35:36 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\winds
pro\NO$GBA\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\winds
pro\NO$GBA\DelZip179.dll" on line 8. The value "*" of attribute "language" in element
"assemblyIdentity" is invalid.

Error - 1/31/2012 6:21:59 PM | Computer Name = user-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 1/31/2012 6:21:59 PM | Computer Name = user-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 2/1/2012 2:11:18 AM | Computer Name = user-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 2/1/2012 2:11:18 AM | Computer Name = user-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 2/1/2012 2:38:22 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 2/1/2012 2:40:07 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\winds
pro\NO$GBA\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\winds
pro\NO$GBA\DelZip179.dll" on line 8. The value "*" of attribute "language" in element
"assemblyIdentity" is invalid.

Error - 2/2/2012 1:32:01 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 2/2/2012 1:34:38 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\winds
pro\NO$GBA\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\winds
pro\NO$GBA\DelZip179.dll" on line 8. The value "*" of attribute "language" in element
"assemblyIdentity" is invalid.

[ Media Center Events ]
Error - 5/15/2011 9:08:15 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 9:08:14 AM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

[ System Events ]
Error - 1/30/2012 9:35:16 PM | Computer Name = user-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:33:27 PM on ?1/?30/?2012 was unexpected.

Error - 1/30/2012 9:35:33 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The MySQL service failed to start due to the following error: %%2

Error - 1/31/2012 6:17:29 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The MySQL service failed to start due to the following error: %%2

Error - 2/1/2012 12:57:27 AM | Computer Name = user-PC | Source = ssadbus | ID = 1048578
Description = I/O timeout detected.

Error - 2/1/2012 1:40:53 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7031
Description = The Akamai NetSession Interface service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 1000
milliseconds: Restart the service.

Error - 2/1/2012 1:53:21 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/1/2012 1:59:37 AM | Computer Name = user-PC | Source = Application Popup | ID = 1060
Description = \??\C:\username123\catchme.sys has been blocked from loading due to
incompatibility with this system. Please contact your software vendor for a compatible
version of the driver.

Error - 2/1/2012 2:05:03 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/1/2012 2:07:07 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The MySQL service failed to start due to the following error: %%2

Error - 2/3/2012 3:41:49 PM | Computer Name = user-PC | Source = ssadbus | ID = 1048578
Description = I/O timeout detected.

< End of report >
 
#13 ·
Okay, can you uninstall these via AddRemove Programs or Start | Programs:

Voobys
BitTorrentBar Toolbar
Conduit Engine
DealPly
SearchCore for Browsers
Windows Searchqu Toolbar
Java 1.6.020


Then, can you do the following:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    PRC - [2011/10/02 06:15:02 | 001,700,752 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
    PRC - [2011/08/21 03:16:38 | 000,053,248 | ---- | M] (Voobys!) -- C:\Program Files (x86)\Voobys\Voobys.exe
    IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\InprocServer32 File not found
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/421
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    [2010/04/24 11:16:30 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
    O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll&#28160;&#25600;&#28416;&#30464;&#29440; File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll File not found
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll File not found
    O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (Bandoo Media, inc)
    O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voobys!.lnk = C:\Users\user\AppData\Roaming\Microsoft\Installer\{24EF2EDA-1224-4D3C-9C67-B45AF0C1D056}\_E81200C3A88A51B823FC48.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll (Bandoo Media, inc)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll) -C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll) -C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2010/05/18 21:00:36 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\Temp0cdab112c4a6e11872374c7bded4a529.lock
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:661DFA1C
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BEB15613
    :Files
    ipconfig /flushdns /c
    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp] 
    [emptyjava]
    [EMPTYFLASH] 
    [CREATERESTOREPOINT] 
    [Reboot]
  • Then click the Run Fix button at the top
  • Click OK.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

eddie
 
#14 ·
All processes killed
========== OTL ==========
No active process named datamngrUI.exe was found!
No active process named Voobys.exe was found!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\searchplugin folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\META-INF folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\lib folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\defaults folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\chrome folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR not found.
File C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe not found.
File move failed. C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voobys!.lnk scheduled to be moved on reboot.
File C:\Users\user\AppData\Roaming\Microsoft\Installer\{24EF2EDA-1224-4D3C-9C67-B45AF0C1D056}\_E81200C3A88A51B823FC48.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2574968984-2760118976-3780075422-1005\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll deleted successfully.
File C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll deleted successfully.
File C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll deleted successfully.
File pInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll) -C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll deleted successfully.
File pInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll) -C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Users\user\AppData\Local\Temp0cdab112c4a6e11872374c7bded4a529.lock moved successfully.
ADS C:\ProgramData\TEMP:661DFA1C deleted successfully.
ADS C:\ProgramData\TEMP:BEB15613 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 60804963 bytes
->Java cache emptied: 12119679 bytes
->Flash cache emptied: 2845 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: user
->Temp folder emptied: 44493549 bytes
->Temporary Internet Files folder emptied: 101499766 bytes
->Java cache emptied: 26510085 bytes
->Google Chrome cache emptied: 26703322 bytes
->Flash cache emptied: 5440725 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 75343 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 154935 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 265.00 mb

[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Guest
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

User: user
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 02062012_160735

Files\Folders moved on Reboot...
File\Folder C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voobys!.lnk not found!
C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
#15 ·
Thanks :)

Can you run this tool next....

Download FixIEDef by ShadowPuterDude to the Desktop.

Note: Please disable any real time protection that may interfere with FixIEDef, such as Microsoft Defender, Spybot Search and Destroy's Tea Timer and SUPERAntiSpyware. Make sure you enable this protection once your computer is cleaned.

Instructions:

Disable Windows Defender until the computer is clean
  • Open Windows Defender
  • Select Tools and then General Settings
  • Under Real Time Protection Options uncheck Turn on real-time protection
  • Select Save
Don't forget to re-enable it, when your computer is clean.

Disable SUPERAntiSpyware until the computer is clean
  • Right-click on the shortcut from the system tray
  • Choose View Control Center (preferences/options)
  • On the General and Startup tab, uncheck Start SUPERAntispyware when Windows starts.
  • Click Close to exit.
Don't forget to re-enable it, when your computer is clean.

Disable Teatimer
First:
  • Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
  • Choose Exit Spybot S&D Resident
Second:
  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • Uncheck the box labeled Resident Tea-Timer and OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.

Run FixIEDef:

Double-click FixIEDef


Click 'Accept'


Click 'Scan'


Wait for the scan to finish. It won't take very long.


WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running, during scanning. The icons and Start Menu on your Desktop will not be visible while FixIEDef is scanning. This is necessary to remove parts of the infection that would otherwise not be removed.

Everything will be restored to normal, once the malicious file is removed.

Click 'Exit' once FixIEDef displays the All Finished message.


Post the Results of the scan:

Post the FixIEDef log file, located on the Desktop.
 
#16 ·
********************************************************************************
* *
* FixIEDef Log *
* Version 1.8.33.7611 *
* *
********************************************************************************

Created at 17:50:17 on Thursday, February 09, 2012

Time Zone : (UTC-05:00) Eastern Time (US & Canada)

Logged On User : user

Operating System : Microsoft Windows 7 Home Premium
OS Architecture : X64
System Langauge : English (United States)
Keyboard Layout : English (United States)
Processor : X64 Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
File System : NTFS

System Drive : C:\
Windows Directory : C:\Windows
System Directory : C:\Windows\SysWOW64

System Drive Type : Fixed
System Drive Status : READY
System Drive Label :
System Drive Size : 476.84 GB
System Drive Free : 244.8 GB

Total Physical Memory: 4092 MB
Free Physical Memory : 2298 MB
Total Page File : 4092 MB
Free Page File : 6231 MB
Total Virtual Memory : 4096 MB
Free Virtual Memory : 3965 MB

Boot State : Normal boot

--------------------------------------------------------------------------------

!!! userinit.exe is Clean !!!

--------------------------------------------------------------------------------

!!! Hosts file entries that have been deleted !!!

No malicious Hosts entries found

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

No malicious files found

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!
 
#17 ·
Excellent, that parts clean :)

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :folderfind
    *MyWebSearch
    *Ask.com
    *ConduitEngine
    *BitTorrentBar
    *Searchqu
    *DealPly
    *Somoto
    *Tarma
    *SearchCore
    *Voobys
    *XfireXO
    *Hotspot
    :filefind
    *MyWebSearch
    *Ask.com
    *ConduitEngine
    *BitTorrentBar
    *Searchqu
    *DealPly
    *Somoto
    *Tarma
    *SearchCore
    *Voobys
    *XfireXO
    *Hotspot
    :regfind
    *MyWebSearch
    *Ask.com
    *ConduitEngine
    *BitTorrentBar
    *Searchqu
    *DealPly
    *Somoto
    *Tarma
    *SearchCore
    *Voobys
    *XfireXO
    *Hotspot
    :file
    C:\Windows\SysWow64\drivers\PciBus.sys
    c:\netmarbleglobal\MiniFighter\GameGuard\dump_wmimmc.sys
    :dir
    c:\users\user\AppData\Local\Temp
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
 
#18 ·
SystemLook 30.07.11 by jpshortstuff
Log created at 15:31 on 12/02/2012 by user
Administrator - Elevation successful

========== folderfind ==========

Searching for "*MyWebSearch"
C:\Users\Guest\AppData\LocalLow\MyWebSearch d------ [20:11 13/11/2011]
C:\Users\user\AppData\LocalLow\MyWebSearch d-a---- [09:55 03/07/2010]

Searching for "*Ask.com"
No folders found.

Searching for "*ConduitEngine"
C:\Users\Guest\AppData\LocalLow\ConduitEngine d------ [20:11 13/11/2011]
C:\Users\user\AppData\LocalLow\ConduitEngine d------ [03:00 28/11/2010]

Searching for "*BitTorrentBar"
C:\Users\Guest\AppData\LocalLow\BitTorrentBar d------ [20:11 13/11/2011]
C:\Users\user\AppData\LocalLow\BitTorrentBar d------ [03:00 28/11/2010]

Searching for "*Searchqu"
No folders found.

Searching for "*DealPly"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly d------ [09:46 09/08/2011]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\DealPly d------ [09:46 09/08/2011]

Searching for "*Somoto"
No folders found.

Searching for "*Tarma"
No folders found.

Searching for "*SearchCore"
No folders found.

Searching for "*Voobys"
No folders found.

Searching for "*XfireXO"
C:\Users\Guest\AppData\LocalLow\XfireXO d------ [10:37 29/04/2010]

Searching for "*Hotspot"
No folders found.

========== filefind ==========

Searching for "*MyWebSearch"
No files found.

Searching for "*Ask.com"
No files found.

Searching for "*ConduitEngine"
No files found.

Searching for "*BitTorrentBar"
No files found.

Searching for "*Searchqu"
No files found.

Searching for "*DealPly"
No files found.

Searching for "*Somoto"
No files found.

Searching for "*Tarma"
No files found.

Searching for "*SearchCore"
No files found.

Searching for "*Voobys"
No files found.

Searching for "*XfireXO"
No files found.

Searching for "*Hotspot"
No files found.

========== regfind ==========

Searching for "*MyWebSearch"
No data found.

Searching for "*Ask.com"
No data found.

Searching for "*ConduitEngine"
No data found.

Searching for "*BitTorrentBar"
No data found.

Searching for "*Searchqu"
No data found.

Searching for "*DealPly"
No data found.

Searching for "*Somoto"
No data found.

Searching for "*Tarma"
No data found.

Searching for "*SearchCore"
No data found.

Searching for "*Voobys"
No data found.

Searching for "*XfireXO"
No data found.

Searching for "*Hotspot"
No data found.

========== file ==========

C:\Windows\SysWow64\drivers\PciBus.sys - File found and opened.
MD5: D6829ACFA6315DB9A963D3EDE2BCBCFF
Created at 00:14 on 04/12/2009
Modified at 03:05 on 20/11/2001
Size: 3972 bytes
Attributes: --a----
No version information available.

c:\netmarbleglobal\MiniFighter\GameGuard\dump_wmimmc.sys - Unable to find/read file.

========== dir ==========

c:\users\user\AppData\Local\Temp - Parameters: "(none)"

---Files---
AdobeARM.log --a---- 16755 bytes [21:19 06/02/2012] [01:21 12/02/2012]
ArmUI.ini --a---- 142194 bytes [21:19 06/02/2012] [01:20 12/02/2012]
AUCHECK_CORE.txt --a---- 302 bytes [07:50 08/02/2012] [07:50 08/02/2012]
AUCHECK_PARSER.txt --a---- 74 bytes [07:50 08/02/2012] [07:50 08/02/2012]
bitrock_installer.log --a---- 165 bytes [21:19 06/02/2012] [21:19 06/02/2012]
bitrock_installer_1160.log --a---- 165 bytes [23:24 07/02/2012] [23:24 07/02/2012]
bitrock_installer_2260.log --a---- 165 bytes [09:45 10/02/2012] [09:45 10/02/2012]
bitrock_installer_2376.log --a---- 165 bytes [22:36 06/02/2012] [22:36 06/02/2012]
bitrock_installer_2588.log --a---- 165 bytes [01:21 12/02/2012] [01:21 12/02/2012]
bitrock_installer_3096.log --a---- 165 bytes [03:53 10/02/2012] [03:53 10/02/2012]
bitrock_installer_3180.log --a---- 165 bytes [00:42 12/02/2012] [00:42 12/02/2012]
bitrock_installer_3800.log --a---- 165 bytes [02:36 10/02/2012] [02:36 10/02/2012]
bitrock_installer_3924.log --a---- 165 bytes [00:04 07/02/2012] [00:04 07/02/2012]
bitrock_installer_4252.log --a---- 165 bytes [02:26 10/02/2012] [02:27 10/02/2012]
bitrock_installer_4372.log --a---- 165 bytes [21:11 07/02/2012] [21:11 07/02/2012]
bitrock_installer_5028.log --a---- 165 bytes [13:26 09/02/2012] [13:26 09/02/2012]
CFGF997.tmp --a---- 123 bytes [01:09 09/02/2012] [01:09 09/02/2012]
chrome_installer.log --a---- 448 bytes [07:45 09/02/2012] [12:30 09/02/2012]
etilqs_24cM3jGjjYCp8a1 --ah--- 4 bytes [22:14 06/02/2012] [22:14 06/02/2012]
etilqs_2f1MItsmZU6DK54 --ah--- 28704 bytes [22:21 06/02/2012] [22:21 06/02/2012]
etilqs_2OjUiDtbJQB3Iy1 --ah--- 12304 bytes [09:35 10/02/2012] [09:35 10/02/2012]
etilqs_4hmqLgbCxvuch3o --ah--- 12304 bytes [22:37 06/02/2012] [22:37 06/02/2012]
etilqs_5fOhSiDPnTb2ONc --ah--- 16400 bytes [21:20 06/02/2012] [21:20 06/02/2012]
etilqs_6GOjlfSt0xWjDGf --ah--- 0 bytes [20:39 12/02/2012] [20:39 12/02/2012]
etilqs_6HR8aaYIrxGe0h7 --ah--- 2056 bytes [09:28 10/02/2012] [09:28 10/02/2012]
etilqs_7rDNqRi7na8o1Ez --ah--- 0 bytes [19:14 07/02/2012] [19:14 07/02/2012]
etilqs_952hXLvpr6xjBaz --ah--- 6160 bytes [01:03 10/02/2012] [01:03 10/02/2012]
etilqs_9BrLznBEyybyDWR --ah--- 0 bytes [09:28 10/02/2012] [09:28 10/02/2012]
etilqs_9FvXPelg4OI6QVT --ah--- 4 bytes [21:51 07/02/2012] [21:51 07/02/2012]
etilqs_aD1A2RTKY9PeK8t --ah--- 0 bytes [09:28 10/02/2012] [09:28 10/02/2012]
etilqs_AdKmzt7bqbZyvqu --ah--- 12304 bytes [23:28 09/02/2012] [23:28 09/02/2012]
etilqs_AFAOUYhuVZh15be --ah--- 0 bytes [00:58 12/02/2012] [00:58 12/02/2012]
etilqs_agaLyzF09iciggg --ah--- 28704 bytes [22:37 06/02/2012] [22:37 06/02/2012]
etilqs_B3npWtSg5OGu3CZ --ah--- 12304 bytes [18:48 07/02/2012] [18:48 07/02/2012]
etilqs_BISuiRaEfEy8q8j --ah--- 4 bytes [22:30 06/02/2012] [22:30 06/02/2012]
etilqs_C30bCGBOmOo5SZK --ah--- 4 bytes [22:21 06/02/2012] [22:21 06/02/2012]
etilqs_Dk4whc3M1Osc6wK --ah--- 28704 bytes [21:51 07/02/2012] [21:51 07/02/2012]
etilqs_dKflA6fS5qUc7rg --ah--- 0 bytes [01:03 10/02/2012] [01:03 10/02/2012]
etilqs_DyU1xpgKtNYSUBr --ah--- 4 bytes [19:39 07/02/2012] [19:39 07/02/2012]
etilqs_FcU5di0Qod3oEhz --ah--- 0 bytes [20:40 12/02/2012] [20:40 12/02/2012]
etilqs_FgNG3IOyqBFdzmj --ah--- 4 bytes [23:28 09/02/2012] [23:28 09/02/2012]
etilqs_FJHiFoCKrvfOr9m --ah--- 12304 bytes [09:35 10/02/2012] [09:35 10/02/2012]
etilqs_G8tD6SIx5PeetjD --ah--- 1024 bytes [09:28 10/02/2012] [09:28 10/02/2012]
etilqs_HjTXhD4BVF9A6bF --ah--- 1024 bytes [01:03 10/02/2012] [01:03 10/02/2012]
etilqs_hPLb9za0LGTMopr --ah--- 0 bytes [20:40 12/02/2012] [20:40 12/02/2012]
etilqs_IOhADLNPzAPZoOn --ah--- 1024 bytes [20:40 12/02/2012] [20:40 12/02/2012]
etilqs_jvJxFlxAA9NNy4c --ah--- 16400 bytes [21:12 07/02/2012] [21:12 07/02/2012]
etilqs_lVQjqTbPk2Fc9rZ --ah--- 12304 bytes [00:52 10/02/2012] [00:52 10/02/2012]
etilqs_MzTqF1YHh1q1t1P --ah--- 1024 bytes [00:59 12/02/2012] [00:59 12/02/2012]
etilqs_o4qtAM0IChycKKb --ah--- 0 bytes [00:59 12/02/2012] [00:59 12/02/2012]
etilqs_s7wo7TktXwBISpx --ah--- 4 bytes [22:37 06/02/2012] [22:37 06/02/2012]
etilqs_SSkd6Myw0YS9Bmv --ah--- 127104 bytes [21:20 06/02/2012] [21:20 06/02/2012]
etilqs_T77KbTAXx5iM57O --ah--- 12304 bytes [00:58 12/02/2012] [00:58 12/02/2012]
etilqs_t7rBWLxVfFnoLd4 --ah--- 16400 bytes [21:12 07/02/2012] [21:12 07/02/2012]
etilqs_uDmoQmQzfkcsvHT --ah--- 12304 bytes [19:05 07/02/2012] [19:05 07/02/2012]
etilqs_vC1KyjHvApyz9fe --ah--- 0 bytes [20:40 12/02/2012] [20:40 12/02/2012]
etilqs_w8TbcvsPb94wTEw --ah--- 28704 bytes [19:39 07/02/2012] [19:39 07/02/2012]
etilqs_w9dfQlHZAgbdtTi --ah--- 2056 bytes [01:03 10/02/2012] [01:03 10/02/2012]
etilqs_wWWayNp5FMHtceu --ah--- 0 bytes [01:17 12/02/2012] [01:17 12/02/2012]
etilqs_y9rSnflB1FOilKV --ah--- 2056 bytes [00:58 12/02/2012] [00:58 12/02/2012]
etilqs_ytcuIrb5TGIE2JI --ah--- 12304 bytes [23:28 09/02/2012] [23:28 09/02/2012]
etilqs_yUN6c4FlgUwQ19G --ah--- 12304 bytes [00:59 12/02/2012] [00:59 12/02/2012]
fla4281.tmp --a---- 18978112 bytes [19:59 07/02/2012] [19:59 07/02/2012]
fla956B.tmp --a---- 481518 bytes [22:39 06/02/2012] [22:39 06/02/2012]
FXSAPIDebugLogFile.txt --a---- 0 bytes [21:18 06/02/2012] [21:18 06/02/2012]
jar_cache1456374832556020990.tmp --a---- 31644 bytes [06:41 10/02/2012] [06:42 10/02/2012]
jar_cache4684333042624171892.tmp --a---- 130675 bytes [06:41 10/02/2012] [06:42 10/02/2012]
jar_cache5355115282688867294.tmp --a---- 32267 bytes [04:19 10/02/2012] [04:23 10/02/2012]
jar_cache8007349891174337988.tmp --a---- 152813 bytes [04:19 10/02/2012] [04:23 10/02/2012]
jusched.log --a---- 5162 bytes [21:24 06/02/2012] [01:25 12/02/2012]
PDApp.log --a---- 25246 bytes [07:00 07/02/2012] [18:01 12/02/2012]
StructuredQuery.log --a---- 991 bytes [00:16 09/02/2012] [00:16 09/02/2012]
wmplog00.sqm --a---- 1486 bytes [20:12 12/02/2012] [20:12 12/02/2012]

---Folders---
be29e7f1-71ae-4703-50cb-1d52be512f51 d------ [21:19 06/02/2012]
CR_3C38F.tmp d------ [07:45 09/02/2012]
hsperfdata_user d------ [07:50 08/02/2012]
Low d------ [21:18 06/02/2012]
scoped_dir11910 d------ [00:04 07/02/2012]
scoped_dir12015 d------ [00:05 07/02/2012]
scoped_dir12450 d------ [21:19 06/02/2012]
scoped_dir12617 d------ [21:20 06/02/2012]
scoped_dir12619 d------ [13:27 09/02/2012]
scoped_dir12674 d------ [13:27 09/02/2012]
scoped_dir14883 d------ [23:25 07/02/2012]
scoped_dir1575 d------ [02:27 10/02/2012]
scoped_dir1582 d------ [02:27 10/02/2012]
scoped_dir1726 d------ [02:27 10/02/2012]
scoped_dir17898 d------ [09:45 10/02/2012]
scoped_dir18557 d------ [21:19 06/02/2012]
scoped_dir18569 d------ [03:53 10/02/2012]
scoped_dir18576 d------ [03:53 10/02/2012]
scoped_dir18658 d------ [03:54 10/02/2012]
scoped_dir19248 d------ [01:21 12/02/2012]
scoped_dir21241 d------ [00:43 12/02/2012]
scoped_dir21245 d------ [00:43 12/02/2012]
scoped_dir21372 d------ [00:44 12/02/2012]
scoped_dir21950 d------ [09:45 10/02/2012]
scoped_dir22127 d------ [09:46 10/02/2012]
scoped_dir24228 d------ [23:25 07/02/2012]
scoped_dir24333 d------ [23:25 07/02/2012]
scoped_dir24564 d------ [00:04 07/02/2012]
scoped_dir27596 d------ [22:37 06/02/2012]
scoped_dir27756 d------ [22:38 06/02/2012]
scoped_dir28631 d------ [01:21 12/02/2012]
scoped_dir28886 d------ [01:22 12/02/2012]
scoped_dir29538 d------ [22:37 06/02/2012]
scoped_dir30921 d------ [21:12 07/02/2012]
scoped_dir30924 d------ [21:12 07/02/2012]
scoped_dir31041 d------ [21:12 07/02/2012]
scoped_dir3567 d------ [02:37 10/02/2012]
scoped_dir3613 d------ [02:37 10/02/2012]
scoped_dir6823 d------ [02:37 10/02/2012]
scoped_dir9224 d------ [13:27 09/02/2012]
WPDNSE d------ [01:20 12/02/2012]

-= EOF =-
 
#19 ·
Sorry for the lateness, the past few days have been very hectic here.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\users\user\AppData\Local\Temp\001583B.tmp
c:\users\user\AppData\Local\Temp\0027F1.tmp
c:\users\user\AppData\Local\Temp\005A9CF.tmp
Folder::
C:\Users\Guest\AppData\LocalLow\MyWebSearch
C:\Users\user\AppData\LocalLow\MyWebSearch
C:\Users\Guest\AppData\LocalLow\ConduitEngine
C:\Users\user\AppData\LocalLow\ConduitEngine
C:\Users\Guest\AppData\LocalLow\BitTorrentBar
C:\Users\user\AppData\LocalLow\BitTorrentBar
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\DealPly
C:\Users\Guest\AppData\LocalLow\XfireXO
Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va002]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

-----------

Do you know what these are?

C:\Windows\SysWow64\D9E9DCBFD8.sys
C:\os604495.bin
C:\ProgramData\5B5DB5DF3E.sys


If you don't, can you run the following SystemLookUp code, and then the scan that follows:

Code:
:file
C:\os604495.bin
C:\Windows\SysWow64\D9E9DCBFD8.sys
C:\ProgramData\5B5DB5DF3E.sys
:reg
HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows /sub
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows /sub
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
    • C:\os604495.bin
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

And do the same for these:

C:\Windows\SysWow64\D9E9DCBFD8.sys
C:\ProgramData\5B5DB5DF3E.sys
 
#20 ·
ComboFix 12-02-17.02 - user 02/17/2012 13:58:18.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4092.2496 [GMT -5:00]
Running from: c:\users\user\Downloads\ComboFix.exe
Command switches used :: c:\users\user\Desktop\CFScript.txt
AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\user\AppData\Local\Temp\001583B.tmp"
"c:\users\user\AppData\Local\Temp\0027F1.tmp"
"c:\users\user\AppData\Local\Temp\005A9CF.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\DealPly
c:\programdata\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk
c:\users\All Users\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.lnk
c:\users\All Users\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.lnk
c:\users\All Users\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk
c:\users\Guest\AppData\LocalLow\BitTorrentBar
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634220815653506250_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634220879921318750_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634220880607100000_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634225278165850000_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634225279692725000_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634225279948156250_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634225280304131250_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634225280526593750_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634225280643975000_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634225281436162500_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634225281783662500_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634225284383662500_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634225284881631250_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634225287181631250_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634225287547412500_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634226702545975000_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634226713903631250_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634244833256762500_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___Storage_conduit_com_BankImages_ConduitEngine_ContextMenu_Upgrade_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Events_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Friends_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Groups_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Home_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Inbox_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Logout_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Photos_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Profile_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Settings_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Share_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Status_png.png
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_searchengines_go_btn_new_gif.gif
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif
c:\users\Guest\AppData\LocalLow\BitTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif
c:\users\Guest\AppData\LocalLow\BitTorrentBar\EmailNotifier\AccountTypes.xml
c:\users\Guest\AppData\LocalLow\BitTorrentBar\EmailNotifier\aol.com.xml
c:\users\Guest\AppData\LocalLow\BitTorrentBar\EmailNotifier\yahoo.com.xml
c:\users\Guest\AppData\LocalLow\BitTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml
c:\users\Guest\AppData\LocalLow\BitTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml
c:\users\Guest\AppData\LocalLow\BitTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml
c:\users\Guest\AppData\LocalLow\BitTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml
c:\users\Guest\AppData\LocalLow\BitTorrentBar\Repository\conduit_CT2790392_CT2790392\AppsMetaData\data.bck.txt
c:\users\Guest\AppData\LocalLow\BitTorrentBar\Repository\conduit_CT2790392_CT2790392\AppsMetaData\data.txt
c:\users\Guest\AppData\LocalLow\BitTorrentBar\Repository\conduit_CT2790392_CT2790392\ToolbarLogin\data.bck.txt
c:\users\Guest\AppData\LocalLow\BitTorrentBar\Repository\conduit_CT2790392_CT2790392\ToolbarLogin\data.txt
c:\users\Guest\AppData\LocalLow\BitTorrentBar\Repository\conduit_CT2790392_CT2790392\ToolbarSettings\data.bck.txt
c:\users\Guest\AppData\LocalLow\BitTorrentBar\Repository\conduit_CT2790392_CT2790392\ToolbarSettings\data.txt
c:\users\Guest\AppData\LocalLow\BitTorrentBar\Repository\conduit_CT2790392_en\ToolbarTranslation\data.txt
c:\users\Guest\AppData\LocalLow\BitTorrentBar\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml.xml
c:\users\Guest\AppData\LocalLow\BitTorrentBar\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml_structured.xml
c:\users\Guest\AppData\LocalLow\BitTorrentBar\Rss\http___feeds_reuters_com_reuters_topNews.xml
c:\users\Guest\AppData\LocalLow\BitTorrentBar\Rss\http___feeds_reuters_com_reuters_topNews_structured.xml
c:\users\Guest\AppData\LocalLow\BitTorrentBar\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml.xml
c:\users\Guest\AppData\LocalLow\BitTorrentBar\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml_structured.xml
c:\users\Guest\AppData\LocalLow\BitTorrentBar\Rss\http___rss_cbc_ca_lineup_latest_xml.xml
c:\users\Guest\AppData\LocalLow\BitTorrentBar\Rss\http___rss_cbc_ca_lineup_latest_xml_structured.xml
c:\users\Guest\AppData\LocalLow\BitTorrentBar\Rss\http___rss_cnn_com_rss_cnn_latest_rss.xml
c:\users\Guest\AppData\LocalLow\BitTorrentBar\Rss\http___rss_cnn_com_rss_cnn_latest_rss_structured.xml
c:\users\Guest\AppData\LocalLow\BitTorrentBar\Rss\http___rss_news_yahoo_com_rss_world.xml
c:\users\Guest\AppData\LocalLow\BitTorrentBar\Rss\http___rss_news_yahoo_com_rss_world_structured.xml
c:\users\Guest\AppData\LocalLow\BitTorrentBar\Rss\http___worldpress_org_feeds_topstories_xml.xml
c:\users\Guest\AppData\LocalLow\BitTorrentBar\Rss\http___worldpress_org_feeds_topstories_xml_structured.xml
c:\users\Guest\AppData\LocalLow\BitTorrentBar\SearchInNewTab\SearchInNewTabContent.xml
c:\users\Guest\AppData\LocalLow\BitTorrentBar\ThirdPartyComponents.xml
c:\users\Guest\AppData\LocalLow\ConduitEngine
c:\users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
c:\users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
c:\users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
c:\users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
c:\users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png
c:\users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
c:\users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
c:\users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveLeft_png.png
c:\users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveRight_png.png
c:\users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
c:\users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
c:\users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
c:\users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png
c:\users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png
c:\users\Guest\AppData\LocalLow\ConduitEngine\EngineSettings.json
c:\users\Guest\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu&locale=en-us.xml
c:\users\Guest\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu2_0&locale=en-us.xml
c:\users\Guest\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu&locale=en-us.xml
c:\users\Guest\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu2_0&locale=en-us.xml
c:\users\Guest\AppData\LocalLow\MyWebSearch
c:\users\Guest\AppData\LocalLow\MyWebSearch\bar\Cache\0F924EEB
c:\users\Guest\AppData\LocalLow\MyWebSearch\bar\Cache\0F925467.bin
c:\users\Guest\AppData\LocalLow\MyWebSearch\bar\Cache\0F925503.bmp
c:\users\Guest\AppData\LocalLow\MyWebSearch\bar\Cache\0F9255DE.bin
c:\users\Guest\AppData\LocalLow\MyWebSearch\bar\Cache\0F9256C8.bin
c:\users\Guest\AppData\LocalLow\MyWebSearch\bar\Cache\0F9257C1.bin
c:\users\Guest\AppData\LocalLow\MyWebSearch\bar\Cache\0F925986.bin
c:\users\Guest\AppData\LocalLow\MyWebSearch\bar\Cache\0F925C73.exe
c:\users\Guest\AppData\LocalLow\MyWebSearch\bar\Cache\files.ini
c:\users\Guest\AppData\LocalLow\MyWebSearch\bar\History\search3
c:\users\Guest\AppData\LocalLow\MyWebSearch\bar\Settings\prevcfg2.htm
c:\users\Guest\AppData\LocalLow\XfireXO
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___a3_twimg_com_profile_images_482025389_xfire_community_icon_2_normal_png.png
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___storage_conduit_com_57_230_CT2304157_Images_633794962138031250_gif.gif
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___storage_conduit_com_57_230_CT2304157_Images_633794965749437500_gif.gif
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___storage_conduit_com_57_230_CT2304157_Images_633838253696237500_gif.gif
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___storage_conduit_com_57_230_CT2304157_Images_633892646739743750_gif.gif
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___storage_conduit_com_57_230_ct2304157_images_634006746487566250_png.png
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___storage_conduit_com_57_230_ct2304157_images_634006747399441250_png.png
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___storage_conduit_com_57_230_ct2304157_images_634006747881160000_png.png
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___storage_conduit_com_57_230_ct2304157_images_634006748298503750_png.png
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___storage_conduit_com_57_230_ct2304157_images_634006748700847500_png.png
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___storage_conduit_com_57_230_CT2304157_Images_Rss_xml-0-rssIcons-634006743763750000_gif.gif
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___storage_conduit_com_57_230_CT2304157_Images_Twitter_xml-3-Twitter-633990355896717500_gif.gif
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif
c:\users\Guest\AppData\LocalLow\XfireXO\CacheIcons\http___storage_conduit_com_images_SearchEngines_site_search_gif.gif
c:\users\Guest\AppData\LocalLow\XfireXO\LanguagePack\en\LanguagePack.xml
c:\users\Guest\AppData\LocalLow\XfireXO\Repository\conduit_CT2304157_CT2304157\ToolbarLogin\data.txt
c:\users\Guest\AppData\LocalLow\XfireXO\Repository\conduit_CT2304157_CT2304157\ToolbarSettings\data.txt
c:\users\Guest\AppData\LocalLow\XfireXO\Rss\http___twitter_com_statuses_user_timeline_21817319_rss.xml
c:\users\Guest\AppData\LocalLow\XfireXO\Rss\http___twitter_com_statuses_user_timeline_21817319_rss_structured.xml
c:\users\Guest\AppData\LocalLow\XfireXO\Rss\http___www_xfire_com_blog_theblog_rss_.xml
c:\users\Guest\AppData\LocalLow\XfireXO\Rss\http___www_xfire_com_blog_theblog_rss__structured.xml
c:\users\Guest\AppData\LocalLow\XfireXO\ThirdPartyComponents.xml
c:\users\Guest\AppData\LocalLow\XfireXO\Twitter\21817319.xml
c:\users\user\AppData\Local\TempDIR
c:\users\user\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\user\AppData\LocalLow\BitTorrentBar
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634220815653506250_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634220879921318750_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634220880607100000_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634225278165850000_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634225279692725000_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634225279948156250_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634225280304131250_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634225280526593750_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634225280643975000_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634225281436162500_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634225281783662500_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634225284383662500_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634225284881631250_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634225287181631250_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634225287547412500_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634226696708787500_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634226702545975000_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634226713903631250_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_92_279_CT2790392_Images_634244833256762500_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Events_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Friends_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Groups_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Home_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Inbox_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Logout_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Photos_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Profile_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Settings_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Share_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Status_png.png
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_searchengines_go_btn_new_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_site_search_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_videosurf_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_cloudy_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_drizzle_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_hazy_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_hazy_night_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_night_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_rain_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_night_gif.gif
c:\users\user\AppData\LocalLow\BitTorrentBar\EmailNotifier\AccountTypes.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\EmailNotifier\aol.com.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\EmailNotifier\comcast.net.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\EmailNotifier\google.com.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\EmailNotifier\hotmail.com.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\EmailNotifier\yahoo.com.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGong_16.png
c:\users\user\AppData\LocalLow\BitTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll
c:\users\user\AppData\LocalLow\BitTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\manifest.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\Repository\conduit_CT2790392_CT2790392\AppsMetaData\data.bck.txt
c:\users\user\AppData\LocalLow\BitTorrentBar\Repository\conduit_CT2790392_CT2790392\AppsMetaData\data.txt
c:\users\user\AppData\LocalLow\BitTorrentBar\Repository\conduit_CT2790392_CT2790392\ToolbarLogin\data.bck.txt
c:\users\user\AppData\LocalLow\BitTorrentBar\Repository\conduit_CT2790392_CT2790392\ToolbarLogin\data.txt
c:\users\user\AppData\LocalLow\BitTorrentBar\Repository\conduit_CT2790392_CT2790392\ToolbarSettings\data.bck.txt
c:\users\user\AppData\LocalLow\BitTorrentBar\Repository\conduit_CT2790392_CT2790392\ToolbarSettings\data.txt
c:\users\user\AppData\LocalLow\BitTorrentBar\Repository\conduit_CT2790392_en\ToolbarTranslation\data.bck.txt
c:\users\user\AppData\LocalLow\BitTorrentBar\Repository\conduit_CT2790392_en\ToolbarTranslation\data.txt
c:\users\user\AppData\LocalLow\BitTorrentBar\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml_history.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml_structured.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\Rss\http___feeds_reuters_com_reuters_topNews.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\Rss\http___feeds_reuters_com_reuters_topNews_history.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\Rss\http___feeds_reuters_com_reuters_topNews_structured.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml_history.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml_structured.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\Rss\http___rss_cbc_ca_lineup_latest_xml.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\Rss\http___rss_cbc_ca_lineup_latest_xml_history.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\Rss\http___rss_cbc_ca_lineup_latest_xml_structured.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\Rss\http___rss_cnn_com_rss_cnn_latest_rss.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\Rss\http___rss_cnn_com_rss_cnn_latest_rss_history.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\Rss\http___rss_cnn_com_rss_cnn_latest_rss_structured.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\Rss\http___rss_news_yahoo_com_rss_world.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\Rss\http___rss_news_yahoo_com_rss_world_history.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\Rss\http___rss_news_yahoo_com_rss_world_structured.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\Rss\http___worldpress_org_feeds_topstories_xml.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\Rss\http___worldpress_org_feeds_topstories_xml_history.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\Rss\http___worldpress_org_feeds_topstories_xml_structured.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\Rss\http___www_thesun_co_uk_sol_homepage_feeds_rss_article312900_ece.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\Rss\http___www_thesun_co_uk_sol_homepage_feeds_rss_article312900_ece_history.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\Rss\http___www_thesun_co_uk_sol_homepage_feeds_rss_article312900_ece_structured.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\SearchInNewTab\SearchInNewTabContent.xml
c:\users\user\AppData\LocalLow\BitTorrentBar\ThirdPartyComponents.xml
c:\users\user\AppData\LocalLow\ConduitEngine
c:\users\user\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
c:\users\user\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
c:\users\user\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
c:\users\user\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
c:\users\user\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png
c:\users\user\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
c:\users\user\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
c:\users\user\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveLeft_png.png
c:\users\user\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveRight_png.png
c:\users\user\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
c:\users\user\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
c:\users\user\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
c:\users\user\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png
c:\users\user\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png
c:\users\user\AppData\LocalLow\ConduitEngine\EngineSettings.json
c:\users\user\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu&locale=en-us.xml
c:\users\user\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu2_0&locale=en-us.xml
c:\users\user\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu&locale=en-us.xml
c:\users\user\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu2_0&locale=en-us.xml
c:\users\user\AppData\LocalLow\MyWebSearch
.
.
((((((((((((((((((((((((( Files Created from 2012-01-17 to 2012-02-17 )))))))))))))))))))))))))))))))
.
.
2012-02-17 19:10 . 2012-02-17 19:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-02-17 19:10 . 2012-02-17 19:10 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-02-17 19:10 . 2012-02-17 19:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-17 08:53 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{26D3AAAD-A8F5-47BF-A10B-10F0E097FE89}\mpengine.dll
2012-02-14 21:50 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-14 21:50 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-14 21:50 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-14 21:50 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-14 21:50 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 21:50 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-14 21:50 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 21:50 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-10 02:27 . 2012-02-10 02:27 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-02-09 12:28 . 2012-02-09 12:28 -------- d-----w- C:\ERDNT
2012-02-09 12:28 . 2012-02-09 12:28 -------- d-----w- c:\windows\ERUNT
2012-02-09 12:28 . 2012-02-09 12:28 -------- d-----w- C:\!FixIEDef
2012-02-06 21:07 . 2012-02-06 21:07 -------- d-----w- C:\_OTL
2012-02-04 15:19 . 2012-02-04 15:19 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar
2012-02-04 15:19 . 2012-02-04 15:19 -------- d-----w- c:\program files (x86)\Application Updater
2012-02-04 15:19 . 2012-02-04 15:19 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-02-04 15:19 . 2012-02-04 15:19 -------- d-----w- c:\programdata\YouTube Downloader
2012-02-04 15:19 . 2012-02-04 15:19 -------- d-----w- c:\program files (x86)\YouTube Downloader
2012-01-29 23:18 . 2012-01-29 23:18 388096 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-29 23:18 . 2012-01-29 23:18 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-29 23:00 . 2012-01-29 23:00 -------- d-----w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com
2012-01-29 23:00 . 2012-01-29 23:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-29 23:00 . 2012-01-29 23:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-29 16:24 . 2012-01-29 16:24 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2012-01-29 16:23 . 2012-01-29 16:23 -------- d-----w- c:\programdata\Malwarebytes
2012-01-29 16:23 . 2012-01-29 16:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-29 16:23 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-28 21:26 . 2012-02-17 22:17 -------- d-----w- c:\program files (x86)\Steam
2012-01-22 21:51 . 2012-01-22 21:51 -------- d--h--w- c:\programdata\Common Files
2012-01-22 21:51 . 2012-01-22 21:51 -------- d-----w- c:\programdata\MFAData
2012-01-20 00:19 . 2012-01-20 00:19 -------- d-----w- c:\program files (x86)\WinDS PRO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-04 20:41 . 2009-12-25 21:03 1682 --sha-w- c:\programdata\KGyGaAvL.sys
2012-01-27 05:52 . 2009-12-25 18:37 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-01_22.55.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-12-14 06:45 . 2011-11-05 04:34 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2012-02-14 21:49 . 2011-12-16 07:59 67072 c:\windows\SysWOW64\mshtmled.dll
- 2011-12-14 06:45 . 2011-11-05 04:32 12800 c:\windows\SysWOW64\msfeedssync.exe
+ 2012-02-14 21:49 . 2011-12-16 07:56 12800 c:\windows\SysWOW64\msfeedssync.exe
- 2011-12-14 06:45 . 2011-11-05 04:34 64512 c:\windows\SysWOW64\msfeedsbs.dll
+ 2012-02-14 21:49 . 2011-12-16 07:59 64512 c:\windows\SysWOW64\msfeedsbs.dll
- 2011-12-14 06:45 . 2011-11-05 04:35 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-02-14 21:49 . 2011-12-16 08:02 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-02-14 21:49 . 2011-12-16 07:58 44544 c:\windows\SysWOW64\licmgr10.dll
- 2011-12-14 06:45 . 2011-11-05 04:34 44544 c:\windows\SysWOW64\licmgr10.dll
+ 2012-02-14 21:49 . 2011-12-16 07:58 48128 c:\windows\SysWOW64\jsproxy.dll
- 2011-12-14 06:45 . 2011-11-05 04:34 48128 c:\windows\SysWOW64\jsproxy.dll
- 2009-07-14 04:54 . 2012-02-01 22:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-17 19:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-01 22:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-17 19:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-17 19:12 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-07 17:53 . 2012-02-12 00:44 54182 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-15 02:26 48134 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-04 00:22 . 2012-02-15 02:26 18682 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2574968984-2760118976-3780075422-1001_UserData.bin
+ 2012-02-14 21:49 . 2011-12-16 08:42 97280 c:\windows\system32\mshtmled.dll
- 2011-12-14 06:45 . 2011-11-05 05:23 97280 c:\windows\system32\mshtmled.dll
- 2011-12-14 06:45 . 2011-11-05 05:19 12288 c:\windows\system32\msfeedssync.exe
+ 2012-02-14 21:49 . 2011-12-16 08:38 12288 c:\windows\system32\msfeedssync.exe
+ 2012-02-14 21:49 . 2011-12-16 08:42 82944 c:\windows\system32\msfeedsbs.dll
- 2011-12-14 06:45 . 2011-11-05 05:23 82944 c:\windows\system32\msfeedsbs.dll
+ 2012-02-14 21:49 . 2011-12-16 08:45 95232 c:\windows\system32\migration\WininetPlugin.dll
- 2011-12-14 06:45 . 2011-11-05 05:26 95232 c:\windows\system32\migration\WininetPlugin.dll
- 2011-12-14 06:45 . 2011-11-05 05:23 57856 c:\windows\system32\licmgr10.dll
+ 2012-02-14 21:49 . 2011-12-16 08:41 57856 c:\windows\system32\licmgr10.dll
- 2011-12-14 06:45 . 2011-11-05 05:22 64512 c:\windows\system32\jsproxy.dll
+ 2012-02-14 21:49 . 2011-12-16 08:41 64512 c:\windows\system32\jsproxy.dll
+ 2010-03-29 15:10 . 2009-03-18 21:35 33856 c:\windows\system32\hamachi.sys
- 2010-03-29 15:10 . 2010-02-03 19:56 33856 c:\windows\system32\hamachi.sys
+ 2009-12-25 18:23 . 2012-02-17 19:08 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-25 18:23 . 2012-01-31 22:17 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-25 18:23 . 2012-01-31 22:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-25 18:23 . 2012-02-17 19:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-17 19:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-31 22:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-04 00:10 . 2012-02-17 19:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-04 00:10 . 2012-02-01 06:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:46 . 2012-02-01 06:14 89008 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-02-15 02:32 89008 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-12-04 00:10 . 2012-02-01 06:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-04 00:10 . 2012-02-17 19:14 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-04 00:10 . 2012-02-17 19:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-04 00:10 . 2012-02-01 06:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-04 00:21 . 2012-02-01 22:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-04 00:21 . 2012-02-17 22:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-04 00:21 . 2012-02-01 22:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-04 00:21 . 2012-02-17 22:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-14 22:08 . 2012-02-14 22:08 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-01-10 22:04 . 2012-01-10 22:04 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-01-10 22:04 . 2012-01-10 22:04 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-01-10 22:04 . 2012-01-10 22:04 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-01-10 22:04 . 2012-01-10 22:04 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-01-10 22:03 . 2012-01-10 22:03 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-04 15:19 . 2012-02-04 15:19 53248 c:\windows\Installer\{FD66AF34-C18A-4cea-8421-2F3B39E9B07E}\ARPPRODUCTICON.exe
+ 2009-12-04 00:17 . 2012-02-14 22:04 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-12-04 00:17 . 2012-01-11 22:01 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-12-04 00:17 . 2012-01-11 22:01 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-12-04 00:17 . 2012-02-14 22:04 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-12-04 00:17 . 2012-02-14 22:04 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-12-04 00:17 . 2012-01-11 22:01 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-06-07 07:04 . 2012-02-14 22:05 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-07 07:04 . 2011-10-12 10:16 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-02-15 01:26 . 2012-02-15 01:26 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\42d44cc48edbf4d5b19af6d6afc6cd62\System.Windows.Presentation.ni.dll
+ 2012-02-15 01:25 . 2012-02-15 01:25 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\5c5a54c265c044f359659e6eeff29171\System.Web.ApplicationServices.ni.dll
+ 2012-02-14 22:54 . 2012-02-14 22:54 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\e9f294ccd724852eaef199ff147c00f3\System.Windows.Presentation.ni.dll
+ 2012-02-14 22:53 . 2012-02-14 22:53 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\a618f2bf552e97953bb5a58217cce18f\System.Web.DynamicData.Design.ni.dll
+ 2012-02-14 22:51 . 2012-02-14 22:51 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\c58f009127ea2a9d60be2f8902e9cf75\PresentationFontCache.ni.exe
+ 2012-02-14 22:32 . 2012-02-14 22:32 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\6b5b7285e73ded10e6b378aa3c953aa4\PresentationCFFRasterizer.ni.dll
+ 2012-02-14 22:51 . 2012-02-14 22:51 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\6b55b29d347c0022cc0044f93754e9fd\Microsoft.WSMan.Runtime.ni.dll
+ 2012-02-14 22:51 . 2012-02-14 22:51 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\ae04a98ddbb0473e21bd3e60ab157a6f\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-02-14 22:51 . 2012-02-14 22:51 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\aaa25d1f0af3347f48691c17f8569057\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-02-14 22:51 . 2012-02-14 22:51 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\47091dabbdb72b5f3b313b8022e3a0c6\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-02-14 22:51 . 2012-02-14 22:51 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\425ba6d1a0b4c23cbc0fbeb56bf44376\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-02-14 22:47 . 2012-02-14 22:47 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\1d1065b38d27215e74d22b23acbc0e73\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2012-02-14 22:49 . 2012-02-14 22:49 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\781ea72a6c2c2373fbee45f4d0c6b1d2\LoadMxf.ni.exe
+ 2012-02-14 22:47 . 2012-02-14 22:47 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\f5abc5c8d77436ad8b7eecf6d6e80c12\ehiTVMSMusic.ni.dll
+ 2012-02-15 01:33 . 2012-02-15 01:33 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\1cd4052146cc9bb01abadc777c7f44b2\System.Windows.Presentation.ni.dll
+ 2012-02-15 01:33 . 2012-02-15 01:33 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\cc9cbb64a4d1dce2bd2074ea9d352d6e\System.Web.DynamicData.Design.ni.dll
+ 2012-02-15 01:30 . 2012-02-15 01:30 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\60d88a8af5cdd8999b44bb7a05a411ee\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-15 01:30 . 2012-02-15 01:30 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\b9becc8d608b41214c1e302bf83b70ce\PresentationFontCache.ni.exe
+ 2012-02-14 22:44 . 2012-02-14 22:44 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\b669ed26c27a26dbe32110e21034faa7\PresentationCFFRasterizer.ni.dll
+ 2012-02-15 01:30 . 2012-02-15 01:30 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\754eef9c651d1a06b45bc6d77e3e97d8\Microsoft.WSMan.Runtime.ni.dll
+ 2012-02-15 01:30 . 2012-02-15 01:30 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\e09e4e73414cd51143ae71a81b58a00e\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-02-15 01:30 . 2012-02-15 01:30 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\dc17472b33ff221824e6eb83a6c1808f\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-02-15 01:30 . 2012-02-15 01:30 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\c88fea1db58bb41c35c10d72773717fb\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-02-15 01:30 . 2012-02-15 01:30 86016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\c46d36fb6cd9f690f4dae90183c414f8\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-02-15 01:30 . 2012-02-15 01:30 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\514cd9895cb848643af450b42406bcc5\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-02-15 01:29 . 2012-02-15 01:29 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\7966d0ae949f0d97d94970256b9bf455\Microsoft.Vsa.ni.dll
- 2012-02-01 06:06 . 2012-02-01 06:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-17 19:12 . 2012-02-17 19:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-01 06:06 . 2012-02-01 06:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-17 19:12 . 2012-02-17 19:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-14 06:45 . 2011-11-05 04:35 981504 c:\windows\SysWOW64\wininet.dll
+ 2012-02-14 21:49 . 2011-12-16 08:02 981504 c:\windows\SysWOW64\wininet.dll
- 2011-12-14 06:45 . 2011-11-05 04:35 132096 c:\windows\SysWOW64\url.dll
+ 2012-02-14 21:49 . 2011-12-16 08:02 132096 c:\windows\SysWOW64\url.dll
+ 2012-02-14 21:49 . 2011-12-16 07:59 606208 c:\windows\SysWOW64\mstime.dll
- 2011-12-14 06:45 . 2011-11-05 04:34 606208 c:\windows\SysWOW64\mstime.dll
- 2011-12-14 06:45 . 2011-11-05 04:34 599552 c:\windows\SysWOW64\msfeeds.dll
+ 2012-02-14 21:49 . 2011-12-16 07:59 599552 c:\windows\SysWOW64\msfeeds.dll
+ 2012-02-14 21:49 . 2011-12-16 07:58 176640 c:\windows\SysWOW64\ieui.dll
- 2011-12-14 06:45 . 2011-11-11 05:50 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-02-14 21:49 . 2011-12-16 07:58 185856 c:\windows\SysWOW64\iepeers.dll
- 2011-12-14 06:45 . 2011-11-05 04:34 185856 c:\windows\SysWOW64\iepeers.dll
- 2011-12-14 06:45 . 2011-11-05 04:33 381440 c:\windows\SysWOW64\iedkcs32.dll
+ 2012-02-14 21:49 . 2011-12-16 07:58 381440 c:\windows\SysWOW64\iedkcs32.dll
- 2011-12-14 06:45 . 2011-11-05 05:26 134144 c:\windows\system32\url.dll
+ 2012-02-14 21:49 . 2011-12-16 08:45 134144 c:\windows\system32\url.dll
+ 2009-07-14 02:36 . 2012-02-15 02:30 236144 c:\windows\system32\perfc009.dat
- 2011-12-14 06:45 . 2011-11-05 05:23 703488 c:\windows\system32\msfeeds.dll
+ 2012-02-14 21:49 . 2011-12-16 08:42 703488 c:\windows\system32\msfeeds.dll
- 2011-12-14 06:45 . 2011-11-11 06:41 247808 c:\windows\system32\ieui.dll
+ 2012-02-14 21:49 . 2011-12-16 08:40 247808 c:\windows\system32\ieui.dll
- 2011-12-14 06:45 . 2011-11-05 05:22 256000 c:\windows\system32\iepeers.dll
+ 2012-02-14 21:49 . 2011-12-16 08:40 256000 c:\windows\system32\iepeers.dll
+ 2012-02-14 21:49 . 2011-12-16 08:40 445952 c:\windows\system32\iedkcs32.dll
- 2011-12-14 06:45 . 2011-11-05 05:22 445952 c:\windows\system32\iedkcs32.dll
+ 2009-07-14 05:12 . 2012-02-14 22:29 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-12-03 23:33 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-12-04 00:10 . 2012-01-29 17:06 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-12-04 00:10 . 2012-02-14 22:31 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-02-01 06:05 638892 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-17 19:10 638892 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-29 10:07 . 2012-02-17 19:10 959328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2574968984-2760118976-3780075422-1001-8192.dat
- 2010-10-29 10:07 . 2012-02-01 06:05 959328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2574968984-2760118976-3780075422-1001-8192.dat
+ 2012-02-14 22:08 . 2012-02-14 22:08 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-01-10 22:04 . 2012-01-10 22:04 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2009-12-04 00:17 . 2012-02-14 22:04 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-12-04 00:17 . 2012-01-11 22:01 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-12-04 00:17 . 2012-02-14 22:04 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
- 2009-12-04 00:17 . 2012-01-11 22:01 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
- 2009-12-04 00:17 . 2012-01-11 22:01 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-12-04 00:17 . 2012-02-14 22:04 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
- 2009-12-04 00:17 . 2012-01-11 22:01 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-12-04 00:17 . 2012-02-14 22:04 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
- 2009-12-04 00:17 . 2012-01-11 22:01 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
+ 2009-12-04 00:17 . 2012-02-14 22:04 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
+ 2010-02-15 22:24 . 2005-10-20 21:00 157696 c:\windows\ERUNT\ERUNT.EXE
+ 2012-02-15 01:26 . 2012-02-15 01:26 336896 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\6bdb6c455153a223a2180c883ea5a06c\WindowsFormsIntegration.ni.dll
+ 2012-02-15 01:26 . 2012-02-15 01:26 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\8df6331b51fe3ae5b9d0cf8c582d3f84\UIAutomationClient.ni.dll
+ 2012-02-14 22:58 . 2012-02-14 22:58 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\6bc2cf9d31ae7e22349af3ddb1306c96\System.Xml.Linq.ni.dll
+ 2012-02-14 22:59 . 2012-02-14 22:59 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\f9e5fcb862d898327924fcac2ff47c4d\System.Windows.Input.Manipulations.ni.dll
+ 2012-02-14 22:58 . 2012-02-14 22:58 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\5f61f0305f22aed705e0680f58fc5d89\System.Transactions.ni.dll
+ 2012-02-15 01:25 . 2012-02-15 01:25 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\6afb4b90a21aae2e499f577b92102b85\System.ServiceProcess.ni.dll
+ 2012-02-15 01:25 . 2012-02-15 01:25 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\bfb5e1c0961fe330c89c043a188cc807\System.ServiceModel.Routing.ni.dll
+ 2012-02-15 01:25 . 2012-02-15 01:25 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\671c48760746239f2dfb0b64a7413624\System.ServiceModel.Channels.ni.dll
+ 2012-02-14 22:55 . 2012-02-14 22:55 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\d8342f4b914e190a9e5c89c7703dd11f\System.Security.ni.dll
+ 2012-02-14 22:58 . 2012-02-14 22:58 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\9426384a1d2d2e815e093a0fe88da585\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-14 22:58 . 2012-02-14 22:58 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\73d3849c909668636452b43f54edb54e\System.Runtime.Remoting.ni.dll
+ 2012-02-15 01:24 . 2012-02-15 01:24 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\21fa922f90a47d10fd11107efff5ea4f\System.Net.ni.dll
+ 2012-02-15 01:24 . 2012-02-15 01:24 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\c07fc2256ec2210bfd7f7abf1639833e\System.Messaging.ni.dll
+ 2012-02-15 01:23 . 2012-02-15 01:23 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\655c314109b3ab211e13b88d0769651b\System.Management.Instrumentation.ni.dll
+ 2012-02-15 01:23 . 2012-02-15 01:23 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\cf1c0c4152c5548179dd3e2870f25cc4\System.IO.Log.ni.dll
+ 2012-02-15 01:23 . 2012-02-15 01:23 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\d8dc2ea040e12c679b5d779370a19e58\System.IdentityModel.Selectors.ni.dll
+ 2012-02-14 22:58 . 2012-02-14 22:58 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\fef2650a5b3bf39527150b4058762611\System.EnterpriseServices.Wrapper.dll
+ 2012-02-14 22:55 . 2012-02-14 22:55 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\994e60f26b11755207e9c7ebb9fd688b\System.Dynamic.ni.dll
+ 2012-02-15 01:23 . 2012-02-15 01:23 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\bc62e3c6c42db6e63c18038e9bac5a5c\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-15 01:23 . 2012-02-15 01:23 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\5373b5adf6f12ca3ac8806827259a986\System.Device.ni.dll
+ 2012-02-15 01:22 . 2012-02-15 01:22 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\938f42c2d694b3935ca890fee7d0c8a7\System.Data.DataSetExtensions.ni.dll
+ 2012-02-15 01:22 . 2012-02-15 01:22 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\cde466cd9b88dc7857c40ac43bf7632c\System.Configuration.Install.ni.dll
+ 2012-02-15 01:22 . 2012-02-15 01:22 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\081bebeff0574ed1969b05eafab5b342\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-15 01:22 . 2012-02-15 01:22 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\e88489a8cc6a68a7ebb4617d1a20e5e7\System.AddIn.ni.dll
+ 2012-02-14 23:00 . 2012-02-14 23:00 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\ba36345815c2011c3f054ebee01a0569\System.Activities.DurableInstancing.ni.dll
+ 2012-02-14 22:54 . 2012-02-14 22:54 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\70edc7fbf7505880ab1652b35f6e9517\SMSvcHost.ni.exe
+ 2012-02-14 22:58 . 2012-02-14 22:58 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\9d160b8d7c69ce50ac1db59a8fa2bcb5\SMDiagnostics.ni.dll
+ 2012-02-14 22:58 . 2012-02-14 22:58 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\dbb2bb145d0bac0d0615f52739ad2702\PresentationFramework.Aero.ni.dll
+ 2012-02-14 22:58 . 2012-02-14 22:58 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\4d9a6f376f83a6ea5b71a678566ee1de\PresentationFramework.Royale.ni.dll
+ 2012-02-14 22:58 . 2012-02-14 22:58 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\3ec560f5f3b643e02b6025363034d624\PresentationFramework.Luna.ni.dll
+ 2012-02-14 22:58 . 2012-02-14 22:58 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\1767cdd5d245b5087045d1ad2fbdd8fd\PresentationFramework.Classic.ni.dll
+ 2012-02-14 22:55 . 2012-02-14 22:55 422400 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\66354d15846ee311cb5a749de631b829\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-02-14 22:55 . 2012-02-14 22:55 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\385ffb17c4890d76682d1d0c81f39e09\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\35b997b2652f8f564b062e6a6e59055f\System.Xml.Linq.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\b16aace2ac6c7e7d6849f3a683776cd1\System.Windows.Input.Manipulations.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\07db951fbbd939fc70b0b91a8fa83185\System.Transactions.ni.dll
+ 2012-02-14 22:09 . 2012-02-14 22:09 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\f7ddf9585d0b4b46437dc07b50955b64\System.Security.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\012cb4a4bd973425eac0dbe52cdcc721\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e558d70a5dbc430b5a2904eec156749d\System.Runtime.Remoting.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\06c498e1b0e11e9de295c02f1519b8ff\System.EnterpriseServices.Wrapper.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\06c498e1b0e11e9de295c02f1519b8ff\System.EnterpriseServices.ni.dll
+ 2012-02-14 22:10 . 2012-02-14 22:10 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\746a79ac47809d2658daf85f2b5a2ad9\System.Dynamic.ni.dll
+ 2012-02-14 22:09 . 2012-02-14 22:09 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1702c5e18cdd96c022d87c38561f19c9\System.Configuration.ni.dll
+ 2012-02-14 22:10 . 2012-02-14 22:10 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\a58dbf4346bc2bd65df689cb6b25326c\System.ComponentModel.Composition.ni.dll
+ 2012-02-14 22:25 . 2012-02-14 22:25 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\89c1fb7b7684036e32dafff798d1a744\System.Activities.DurableInstancing.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\2dca989632203f2bc603d76492aff1f3\SMSvcHost.ni.exe
+ 2012-02-14 22:24 . 2012-02-14 22:24 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3ed5c98553688c7bd5fa0459ddc629bf\SMDiagnostics.ni.dll
+ 2012-02-14 22:10 . 2012-02-14 22:10 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9dbdf77b1208ccfea1b67b50084c3f1a\PresentationFramework.Aero.ni.dll
+ 2012-02-14 22:10 . 2012-02-14 22:10 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\870a3f81e3fa889dfd5f63ea813d1bb5\PresentationFramework.Royale.ni.dll
+ 2012-02-14 22:09 . 2012-02-14 22:09 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\5bf1ff80129ae0bca17f47ccf3dbc0c4\PresentationFramework.Classic.ni.dll
+ 2012-02-14 22:09 . 2012-02-14 22:09 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\590ab08a24d15cb6891608c80fdebb1a\PresentationFramework.Luna.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e490e00323f6c05659cdf24dde69eee4\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\4a9409b232987a471b8437cd0a35a3ea\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-14 22:54 . 2012-02-14 22:54 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\02479fdb8796f3467d2813668058013a\WsatConfig.ni.exe
+ 2012-02-14 22:54 . 2012-02-14 22:54 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\57f4ab9013cd1319e5a9d6b8f7057c6e\WindowsFormsIntegration.ni.dll
+ 2012-02-14 22:51 . 2012-02-14 22:51 653312 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\aa5be24026d0dc9d7b2e51a745193c60\UIAutomationClient.ni.dll
+ 2012-02-14 22:54 . 2012-02-14 22:54 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\164c2cfa491721e4223837cfbca79ae8\TaskScheduler.ni.dll
+ 2012-02-14 22:53 . 2012-02-14 22:53 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\d888a727d865b1f8d7a83154102cbc1d\System.Xml.Linq.ni.dll
+ 2012-02-14 22:53 . 2012-02-14 22:53 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\ea4822a400bd5ff38b103865d4f1e3d7\System.Web.Routing.ni.dll
+ 2012-02-14 22:36 . 2012-02-14 22:36 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\c0aa83a72a8736fde1e50cac57dab718\System.Web.RegularExpressions.ni.dll
+ 2012-02-14 22:54 . 2012-02-14 22:54 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\b21a77586a291eb288955000326494e9\System.Web.Entity.ni.dll
+ 2012-02-14 22:54 . 2012-02-14 22:54 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\7804841372f1a61f7c36b99f338b7b4f\System.Web.Entity.Design.ni.dll
+ 2012-02-14 22:53 . 2012-02-14 22:53 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\f0c4d76c59e017fcd4abd95356f67956\System.Web.DynamicData.ni.dll
+ 2012-02-14 22:53 . 2012-02-14 22:53 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\0049cf9e127ccafef6f33882a3b74d03\System.Web.Abstractions.ni.dll
+ 2012-02-14 22:35 . 2012-02-14 22:35 921600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\45a8f4049e925c853f633f5ba4cd72d2\System.Transactions.ni.dll
+ 2012-02-14 22:36 . 2012-02-14 22:36 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\41e4e08e8273cda3bbcbb82ef2e35c70\System.ServiceProcess.ni.dll
+ 2012-02-14 22:30 . 2012-02-14 22:30 928768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\39b7d0b607d4ace2d1a55ae6f9b0e917\System.Security.ni.dll
+ 2012-02-14 22:32 . 2012-02-14 22:32 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\f210e4782ed03b5b50061a045c22e8cf\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-14 22:53 . 2012-02-14 22:53 916480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\81b2f785e9a232737c72998423fa62bb\System.Net.ni.dll
+ 2012-02-14 22:47 . 2012-02-14 22:47 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\70900b6f83edec5dcbeed17437f4db82\System.Messaging.ni.dll
+ 2012-02-14 22:53 . 2012-02-14 22:53 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\c45d1dde7bf4066ce103d6b8678f19de\System.Management.Instrumentation.ni.dll
+ 2012-02-14 22:53 . 2012-02-14 22:53 569344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\9caef795f0bc35c26f65564ff6e320d9\System.IO.Log.ni.dll
+ 2012-02-14 22:47 . 2012-02-14 22:47 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\22ca604fec161530e9e4c0ab02d0ff1e\System.IdentityModel.Selectors.ni.dll
+ 2012-02-14 22:35 . 2012-02-14 22:35 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\fd857ce0790fdcc2e50537c57dbbc7cc\System.EnterpriseServices.Wrapper.dll
+ 2012-02-14 22:36 . 2012-02-14 22:36 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\6de8d042a6a0dba2d83d540c0c3ca96e\System.Drawing.Design.ni.dll
+ 2012-02-14 22:36 . 2012-02-14 22:36 649728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\58e03908fbfa47440f46c030496e7088\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-14 22:53 . 2012-02-14 22:53 493056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\5d0fb4c78cf05616d8431649786fff0c\System.Data.Services.Design.ni.dll
+ 2012-02-14 22:52 . 2012-02-14 22:52 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\909b4f5e352b7565d749f962c01d025c\System.Data.DataSetExtensions.ni.dll
+ 2012-02-14 22:36 . 2012-02-14 22:36 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\ca6f2ff8271ee7d36af4530105cc6665\System.Configuration.Install.ni.dll
+ 2012-02-14 22:51 . 2012-02-14 22:51 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\eef42f6591fefccfd1ab3c0bf1fcce1c\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-14 22:51 . 2012-02-14 22:51 889344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\99243d571ccb4b70896191908de731fc\System.AddIn.ni.dll
+ 2012-02-14 22:51 . 2012-02-14 22:51 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\88dff55e2296ef5bd0e416bc16f47381\SMSvcHost.ni.exe
+ 2012-02-14 22:46 . 2012-02-14 22:46 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\dc5cafe55b9d035e940c9f27fa14f537\SMDiagnostics.ni.dll
+ 2012-02-14 22:36 . 2012-02-14 22:36 279040 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\a0a43ea786642a9526b33ca2b41c6752\PresentationFramework.Classic.ni.dll
+ 2012-02-14 22:36 . 2012-02-14 22:36 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\364b11a05fd005f87b48516198a132a5\PresentationFramework.Aero.ni.dll
+ 2012-02-14 22:36 . 2012-02-14 22:36 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\0601f0db50b01246eb7609170572dd96\PresentationFramework.Luna.ni.dll
+ 2012-02-14 22:36 . 2012-02-14 22:36 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\01237b493b547a4354809dcab56693b1\PresentationFramework.Royale.ni.dll
+ 2012-02-14 22:51 . 2012-02-14 22:51 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\14f77e08a43ca0132689e8a5f539dca8\napsnap.ni.dll
+ 2012-02-14 22:51 . 2012-02-14 22:51 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\1fb014a3775a87ea9713446809cc5f10\napinit.ni.dll
+ 2012-02-14 22:51 . 2012-02-14 22:51 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\f3cb8dae5567dbf08daa81d51424c5c1\MSBuild.ni.exe
+ 2012-02-14 22:49 . 2012-02-14 22:49 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\8c131b90d66af84d65e5bfb73fca09ac\MMCFxCommon.ni.dll
+ 2012-02-14 22:51 . 2012-02-14 22:51 681472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\d6ed8faac09ad64a649c8cfcedab520d\Microsoft.WSMan.Management.ni.dll
+ 2012-02-14 22:51 . 2012-02-14 22:51 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\47811fe9bfdcf71d0e447f8402b6265d\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-02-14 22:50 . 2012-02-14 22:50 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\29a1bc1403bcd07755545125a6923fa4\Microsoft.Vsa.ni.dll
+ 2012-02-14 22:51 . 2012-02-14 22:51 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\3bfdad2d1f12c9befeadad4745d56565\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-14 22:51 . 2012-02-14 22:51 237056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\fac9af958e890da8468929827f3328b9\Microsoft.PowerShell.Security.ni.dll
+ 2012-02-14 22:50 . 2012-02-14 22:50 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\f84836d9f5358478fb60399de687494a\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-02-14 22:50 . 2012-02-14 22:50 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\d1b039892f3d31116e2e2bbf80908b8e\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-02-14 22:51 . 2012-02-14 22:51 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\16335fee875c1d8d1054b3a9e73f3a87\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-02-14 22:48 . 2012-02-14 22:48 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\e53a91506e983c81963c830802220601\Microsoft.MediaCenter.Playback.ni.dll
+ 2012-02-14 22:48 . 2012-02-14 22:48 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\85588e3f0b3a5021cc015678b5b71c96\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-02-14 22:48 . 2012-02-14 22:48 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\657dff1dba93d43e5bb8edbdd12db6f8\Microsoft.MediaCenter.Sports.ni.dll
+ 2012-02-14 22:49 . 2012-02-14 22:49 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\4b85fa9800a0fe39997629cf2a264e77\Microsoft.MediaCenter.Mheg.ni.dll
+ 2012-02-14 22:48 . 2012-02-14 22:48 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\471c948bc2d5092a6622ca5f5774e44c\Microsoft.MediaCenter.Interop.ni.dll
+ 2012-02-14 22:49 . 2012-02-14 22:49 797696 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\0f37f34efc81e55b66557ba60d885c78\Microsoft.ManagementConsole.ni.dll
+ 2012-02-14 22:49 . 2012-02-14 22:49 244224 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\b56b95eac805c77e7935787d5bde0354\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-14 22:49 . 2012-02-14 22:49 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\70519d89257a1c4319deafda04041276\Microsoft.Build.Utilities.ni.dll
+ 2012-02-14 22:49 . 2012-02-14 22:49 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\a0eb52d70bc9d46142d926d74115a16f\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-14 22:48 . 2012-02-14 22:48 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\178466b242dae65b75d196bf7c71cc41\Mcx2Dvcs.ni.dll
+ 2012-02-14 22:49 . 2012-02-14 22:49 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\45e7b14e800bf2a22eeae61b25785f89\mcupdate.ni.exe
+ 2012-02-14 22:47 . 2012-02-14 22:47 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\4bc51d1b3ddceab62753711ab808aab5\mcstoredb.ni.dll
+ 2012-02-14 22:49 . 2012-02-14 22:49 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\e92f86c4f83d2a73bd6397b427a6bea2\mcplayerinterop.ni.dll
+ 2012-02-14 22:49 . 2012-02-14 22:49 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\983c77dced7a2bf3f2935b59b11d4094\mcGlidHostObj.ni.dll
+ 2012-02-14 22:49 . 2012-02-14 22:49 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\6d9d461495df61360679c71c8a153b60\MCESidebarCtrl.ni.dll
+ 2012-02-14 22:48 . 2012-02-14 22:48 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\de6cee53c76d0a8eb19455f4a8603d1f\EventViewer.ni.dll
+ 2012-02-14 22:47 . 2012-02-14 22:47 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\96d3057a984cd7fb3fa00fd04915ba5e\ehRecObj.ni.dll
+ 2012-02-14 22:47 . 2012-02-14 22:47 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\38ae2dbc06bd8b1f70c71df04b0e0143\ehExtHost.ni.exe
+ 2012-02-14 22:47 . 2012-02-14 22:47 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\95c3c095e4aff9487209d21544a8ce49\ehCIR.ni.dll
+ 2012-02-14 22:45 . 2012-02-14 22:45 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\1c0716049a69a6f09842c95e39c88aad\ComSvcConfig.ni.exe
+ 2012-02-14 22:45 . 2012-02-14 22:45 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\5281fe12f02153a0fdf4a2a9485d00fb\BDATunePIA.ni.dll
+ 2012-02-15 01:33 . 2012-02-15 01:33 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\ebacd33f47bf395f66af1ca53c2a1c8a\WsatConfig.ni.exe
+ 2012-02-15 01:33 . 2012-02-15 01:33 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a0cec0099a537e10af5be76457a27db1\WindowsFormsIntegration.ni.dll
+ 2012-02-15 01:29 . 2012-02-15 01:29 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\ba4e07d92829d993edf510cc0930b005\UIAutomationClient.ni.dll
+ 2012-02-15 01:33 . 2012-02-15 01:33 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\fd21cc9e7282991a5b315da08555a533\TaskScheduler.ni.dll
+ 2012-02-15 01:32 . 2012-02-15 01:32 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\37d2f9198ad4e605f216bee3d1f58691\System.Xml.Linq.ni.dll
+ 2012-02-15 01:33 . 2012-02-15 01:33 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\abc5f2bd15f0a4a8a957c296e62e6d5d\System.Web.Routing.ni.dll
+ 2012-02-14 22:45 . 2012-02-14 22:45 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\3235b159c025406d8b626db1aa09fad3\System.Web.RegularExpressions.ni.dll
+ 2012-02-15 01:33 . 2012-02-15 01:33 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\9be3d9596ac08d280da3d7a978e802bd\System.Web.Extensions.Design.ni.dll
+ 2012-02-15 01:33 . 2012-02-15 01:33 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\3c34f6f1ac7f04f832d1964692020fb4\System.Web.Entity.ni.dll
+ 2012-02-15 01:33 . 2012-02-15 01:33 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\df3587fb6492bbcc91d28d5eac3d0515\System.Web.Entity.Design.ni.dll
+ 2012-02-15 01:33 . 2012-02-15 01:33 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\2c47055ec299deef83c2c93680ed3aef\System.Web.DynamicData.ni.dll
+ 2012-02-15 01:32 . 2012-02-15 01:32 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\cbb814a6e75310a62c6bf57d0220fa0b\System.Web.Abstractions.ni.dll
+ 2012-02-14 22:45 . 2012-02-14 22:45 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f08bed8a99fdeed5f4ec538947851e29\System.Transactions.ni.dll
+ 2012-02-14 22:45 . 2012-02-14 22:45 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5ca17001998a75ca774d2b80eead5579\System.ServiceProcess.ni.dll
+ 2012-02-14 22:43 . 2012-02-14 22:43 680960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\2726e2ab6218f17a1bef5fe81130078c\System.Security.ni.dll
+ 2012-02-14 22:44 . 2012-02-14 22:44 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c9ba9c9f4251a1978433fb8a5b8b0e01\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-14 22:45 . 2012-02-14 22:45 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll
+ 2012-02-15 01:33 . 2012-02-15 01:33 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\e62d625a59508410f047266f3377a447\System.Net.ni.dll
+ 2012-02-15 01:27 . 2012-02-15 01:27 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\184feff3d7c15c27ec0345d27c954cab\System.Messaging.ni.dll
+ 2012-02-15 01:29 . 2012-02-15 01:29 997888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\0794d7af09099432ebfb51af1d7f15ae\System.Management.ni.dll
+ 2012-02-15 01:32 . 2012-02-15 01:32 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\5487c4ce39dfd1712c6acbe72d74da8f\System.Management.Instrumentation.ni.dll
+ 2012-02-15 01:32 . 2012-02-15 01:32 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\603780605b24668dfd6e85d01b301459\System.IO.Log.ni.dll
+ 2012-02-15 01:27 . 2012-02-15 01:27 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\e5a4bc827a371428406fbc0a743bdbfe\System.IdentityModel.Selectors.ni.dll
+ 2012-02-14 22:45 . 2012-02-14 22:45 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\d32385362373fc2e4a60e0c1df1d313c\System.EnterpriseServices.Wrapper.dll
+ 2012-02-14 22:45 . 2012-02-14 22:45 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\d32385362373fc2e4a60e0c1df1d313c\System.EnterpriseServices.ni.dll
+ 2012-02-14 22:45 . 2012-02-14 22:45 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\1585bd27d37caf0c4becb2a94107c5e9\System.Drawing.Design.ni.dll
+ 2012-02-15 01:32 . 2012-02-15 01:32 887808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a3ae72a9ded7bcee59d30e816554f410\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-14 22:45 . 2012-02-14 22:45 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\798a88768617a3dc4436b1194a05c694\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-15 01:32 . 2012-02-15 01:32 946176 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d2629270057a355635f4c31c00aaf07a\System.Data.Services.Client.ni.dll
+ 2012-02-15 01:32 . 2012-02-15 01:32 356864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1beb76511b6a67e342d65f42ff0815bd\System.Data.Services.Design.ni.dll
+ 2012-02-15 01:32 . 2012-02-15 01:32 762880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\ec27ef869e1af9a4352594708b7cd7fb\System.Data.Entity.Design.ni.dll
+ 2012-02-15 01:30 . 2012-02-15 01:30 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\5c88e22009cc6ffa451cb1ccd4a4b47e\System.Data.DataSetExtensions.ni.dll
+ 2012-02-14 22:43 . 2012-02-14 22:43 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
+ 2012-02-14 22:45 . 2012-02-14 22:45 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\76f83cdfb08ecbdd557d94aecae04faa\System.Configuration.Install.ni.dll
+ 2012-02-15 01:30 . 2012-02-15 01:30 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\64b7e2fa8a11164f2ae27b40e964907c\System.AddIn.ni.dll
+ 2012-02-15 01:30 . 2012-02-15 01:30 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d071f953feda1b725369da479830eb88\SMSvcHost.ni.exe
+ 2012-02-15 01:27 . 2012-02-15 01:27 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb46ff3a7098925dd3f0552901668735\SMDiagnostics.ni.dll
+ 2012-02-14 22:45 . 2012-02-14 22:45 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcb224eff8a955d6e50c4c101a101c4a\PresentationFramework.Classic.ni.dll
+ 2012-02-14 22:45 . 2012-02-14 22:45 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6954c7f14ea634672cdacf2cd793497e\PresentationFramework.Aero.ni.dll
+ 2012-02-14 22:45 . 2012-02-14 22:45 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\46e0bdf49703779e61f23d3654733369\PresentationFramework.Royale.ni.dll
+ 2012-02-14 22:45 . 2012-02-14 22:45 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1450308c4daa43ac886a5daffda0fbf8\PresentationFramework.Luna.ni.dll
+ 2012-02-15 01:30 . 2012-02-15 01:30 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\ced701a3a48f6fca9e9fb48dbaff2ca9\napsnap.ni.dll
+ 2012-02-15 01:30 . 2012-02-15 01:30 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\5f5e10bc18ec53327b8541d461be01d3\napinit.ni.dll
+ 2012-02-15 01:30 . 2012-02-15 01:30 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\570958f58a7b129cd0144f68a729affe\MSBuild.ni.exe
+ 2012-02-15 01:28 . 2012-02-15 01:28 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\921c5ac836dabe56ffcaaed760b641f7\MMCFxCommon.ni.dll
+ 2012-02-15 01:30 . 2012-02-15 01:30 531456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\5c36d28013ebf02deffc516dbac752ce\Microsoft.WSMan.Management.ni.dll
+ 2012-02-15 01:29 . 2012-02-15 01:29 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\4c35f544bfe27946fa0813c2334799ff\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-15 01:29 . 2012-02-15 01:29 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ce2d651576a77738d881834836f9caf0\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-02-15 01:29 . 2012-02-15 01:29 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\aa066d912933afa738b7f35a1833f212\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-02-15 01:29 . 2012-02-15 01:29 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\53587eeda1839a02cbe0843aab741c3c\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-02-15 01:29 . 2012-02-15 01:29 785920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\30182b7642e5de6fe66d65768c20ee41\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-02-15 01:29 . 2012-02-15 01:29 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\18bcd4040b8e664cf9d8e5a7b8bd91ba\Microsoft.PowerShell.Security.ni.dll
+ 2012-02-15 01:28 . 2012-02-15 01:28 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\19f3e4fa2162474ccd21e4cae5349a0a\Microsoft.ManagementConsole.ni.dll
+ 2012-02-15 01:28 . 2012-02-15 01:28 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\f83d51fbc59eb8cbf1c9cd8046ce105a\Microsoft.Build.Utilities.ni.dll
+ 2012-02-15 01:28 . 2012-02-15 01:28 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\7dcdedb09ce98ee880a1b4c5cc394b9f\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-15 01:28 . 2012-02-15 01:28 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\895f4724a7b8c51c57262b9ee6ada525\Microsoft.Build.Engine.ni.dll
+ 2012-02-15 01:28 . 2012-02-15 01:28 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\aa4ad0c8b50f5ae1304223cc464e335f\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-15 01:28 . 2012-02-15 01:28 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\2aa4e27292ee3bb5eb469162491ca79c\mcstoredb.ni.dll
+ 2012-02-15 01:28 . 2012-02-15 01:28 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\b9e704d4f0a24ceffd38f7c3da8c154e\EventViewer.ni.dll
+ 2012-02-15 01:28 . 2012-02-15 01:28 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\ce6bbabce153f04b967e48974dce3e46\ehRecObj.ni.dll
+ 2012-02-15 01:27 . 2012-02-15 01:27 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\4e67fa064c2e0480e78a0bfd0d64be4a\ehExtHost32.ni.exe
+ 2012-02-15 01:26 . 2012-02-15 01:26 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\3700bd4fd9d1acf376ed8ac435b49b68\ComSvcConfig.ni.exe
+ 2012-02-15 01:26 . 2012-02-15 01:26 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\6c7304676a603cecc92657a0d23c8306\BDATunePIA.ni.dll
- 2011-12-14 06:45 . 2011-11-05 04:35 1230336 c:\windows\SysWOW64\urlmon.dll
+ 2012-02-14 21:49 . 2011-12-16 08:02 1230336 c:\windows\SysWOW64\urlmon.dll
+ 2012-02-14 21:50 . 2011-12-16 07:59 5999104 c:\windows\SysWOW64\mshtml.dll
- 2011-12-14 06:45 . 2011-11-05 04:34 2072576 c:\windows\SysWOW64\iertutil.dll
+ 2012-02-14 21:49 . 2011-12-16 07:58 2072576 c:\windows\SysWOW64\iertutil.dll
+ 2012-02-14 21:49 . 2011-12-16 08:45 1197568 c:\windows\system32\wininet.dll
- 2011-12-14 06:45 . 2011-11-05 05:26 1197568 c:\windows\system32\wininet.dll
- 2011-12-14 06:45 . 2011-11-05 05:26 1501184 c:\windows\system32\urlmon.dll
+ 2012-02-14 21:49 . 2011-12-16 08:45 1501184 c:\windows\system32\urlmon.dll
+ 2009-07-14 02:36 . 2012-02-15 02:30 1004390 c:\windows\system32\perfh009.dat
- 2011-12-14 06:45 . 2011-11-05 05:23 1026560 c:\windows\system32\mstime.dll
+ 2012-02-14 21:49 . 2011-12-16 08:42 1026560 c:\windows\system32\mstime.dll
+ 2012-02-14 21:50 . 2011-12-16 08:42 9335296 c:\windows\system32\mshtml.dll
+ 2012-02-14 21:49 . 2011-12-16 08:40 2458624 c:\windows\system32\iertutil.dll
- 2011-12-14 06:45 . 2011-11-05 05:22 2458624 c:\windows\system32\iertutil.dll
- 2009-07-14 04:45 . 2011-12-15 06:28 5153656 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-02-14 22:28 5153656 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-02-14 22:31 3958236 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-01-31 22:19 3958236 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-10-26 19:46 . 2011-10-26 19:46 3511880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
+ 2012-02-14 21:50 . 2011-10-31 23:16 3182592 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2011-10-26 19:46 . 2011-10-26 19:46 3511880 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2012-02-14 21:50 . 2011-10-31 23:17 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 3511880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-01-10 22:03 . 2012-01-10 22:03 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-02-14 22:08 . 2012-02-14 22:08 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-10-26 21:36 . 2011-10-26 21:36 2829312 c:\windows\Installer\910e370.msp
+ 2012-02-03 20:13 . 2012-02-03 20:13 4988928 c:\windows\Installer\910e35d.msp
+ 2012-02-10 02:25 . 2012-02-10 02:25 3849216 c:\windows\Installer\149fa.msi
+ 2012-02-04 15:19 . 2012-02-04 15:19 3860480 c:\windows\Installer\116da7c3.msi
- 2009-12-04 00:17 . 2012-01-11 22:01 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-12-04 00:17 . 2012-02-14 22:04 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-12-04 00:17 . 2012-01-11 22:01 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-12-04 00:17 . 2012-02-14 22:04 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-02-14 22:56 . 2012-02-14 22:56 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\9d5feeb6727e222673d5bd89f0620ddd\WindowsBase.ni.dll
+ 2012-02-15 01:26 . 2012-02-15 01:26 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\68f44d619637fac197ee6c8ac9f2aec9\UIAutomationClientsideProviders.ni.dll
+ 2012-02-14 22:55 . 2012-02-14 22:55 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\ff247393a6deb90d63811aa88c84dc7e\System.Xml.ni.dll
+ 2012-02-14 22:58 . 2012-02-14 22:58 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\e158bd31f13cbc20f6fc7c7f426113d7\System.Xaml.ni.dll
+ 2012-02-15 01:26 . 2012-02-15 01:26 5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\843d0370292b7b124f9b9231f87e8e6a\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-02-15 01:25 . 2012-02-15 01:25 2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\be0e793afecb54a67a688e4528676e70\System.Web.Services.ni.dll
+ 2012-02-15 01:25 . 2012-02-15 01:25 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\ae3a837b63de8d3f3fc63a7bfc16589a\System.Speech.ni.dll
+ 2012-02-15 01:25 . 2012-02-15 01:25 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\aec154cbfb0eec1497fb89ebd6deb344\System.ServiceModel.Discovery.ni.dll
+ 2012-02-15 01:25 . 2012-02-15 01:25 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\80b8b6324a73493227b2672b2d6820d3\System.ServiceModel.Activities.ni.dll
+ 2012-02-14 22:58 . 2012-02-14 22:58 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\717540eea541a2769a6cf621fd948678\System.Runtime.Serialization.ni.dll
+ 2012-02-14 22:58 . 2012-02-14 22:58 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\dc7fbde064d5710780a6b8f27554dc57\System.Runtime.DurableInstancing.ni.dll
+ 2012-02-14 22:59 . 2012-02-14 22:59 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\31c34917df5f24f1ffdd62bfa23f2fb7\System.Printing.ni.dll
+ 2012-02-15 01:23 . 2012-02-15 01:23 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\15112a35e0e355fc344792e49c41628f\System.Management.ni.dll
+ 2012-02-15 01:23 . 2012-02-15 01:23 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\bffc049b6775c3f6f144917a4387a0be\System.IdentityModel.ni.dll
+ 2012-02-14 22:58 . 2012-02-14 22:58 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\fef2650a5b3bf39527150b4058762611\System.EnterpriseServices.ni.dll
+ 2012-02-14 22:58 . 2012-02-14 22:58 2290688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\0443ad47a6be56beca12a7a13261c8ed\System.Drawing.ni.dll
+ 2012-02-15 01:23 . 2012-02-15 01:23 1217536 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\d94ef12e883b2354af26f19ec7e25110\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-14 22:58 . 2012-02-14 22:58 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\026c74ff72ba4fce837134953778e755\System.DirectoryServices.ni.dll
+ 2012-02-14 22:59 . 2012-02-14 22:59 2402816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\e8e5fcc8e7eb9ce898be3c22e8902ee4\System.Deployment.ni.dll
+ 2012-02-14 22:59 . 2012-02-14 22:59 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\8d734fe538fe6f226eab465c8d8e3d5c\System.Data.ni.dll
+ 2012-02-14 22:55 . 2012-02-14 22:55 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\83aa1c4f17f57067d3be29e560331349\System.Data.SqlXml.ni.dll
+ 2012-02-15 01:23 . 2012-02-15 01:23 1798656 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\6a0bcd0e756819ea795b161d2156e9a8\System.Data.Services.Client.ni.dll
+ 2012-02-15 01:23 . 2012-02-15 01:23 3386368 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\1548624d8ec5142825864c5f59be9b49\System.Data.Linq.ni.dll
+ 2012-02-14 22:55 . 2012-02-14 22:55 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\2672be84bcad1c772163d15db0e2864e\System.Configuration.ni.dll
+ 2012-02-15 01:22 . 2012-02-15 01:22 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\228bb21cab2c9ce2f69d5e24a9352a3f\System.ComponentModel.Composition.ni.dll
+ 2012-02-14 23:00 . 2012-02-14 23:00 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\36f5aa69b510e3aeb24ef402d12c20e0\System.Activities.ni.dll
+ 2012-02-15 01:22 . 2012-02-15 01:22 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\7be5ac01354a0c03d5587607687de1e1\System.Activities.Presentation.ni.dll
+ 2012-02-14 23:00 . 2012-02-14 23:00 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\8d549e47084ec2661c944a1eeb9a2be5\System.Activities.Core.Presentation.ni.dll
+ 2012-02-14 23:00 . 2012-02-14 23:00 4232704 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\8d8f46afc9b2b65144f29a609f63398e\ReachFramework.ni.dll
+ 2012-02-14 22:58 . 2012-02-14 22:58 2056192 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\735f127d0957bacdfe6522f0b8a2dcb0\PresentationUI.ni.dll
+ 2012-02-14 22:55 . 2012-02-14 22:55 1843200 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\710482e876a08aaf596a1418b13eb349\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-02-14 22:55 . 2012-02-14 22:55 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\6b82e7a7001a661cb712067b75b7c5ec\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-02-14 22:55 . 2012-02-14 22:55 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\60ff6c1510fb0e2d70e616650eb7ae47\Microsoft.VisualBasic.ni.dll
+ 2012-02-14 22:55 . 2012-02-14 22:55 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2e6537fafd64c81032b0aaebb7d3180a\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-15 01:24 . 2012-02-15 01:24 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\f38dbc9d7ebe981a7c22b72dffb4a2af\Microsoft.JScript.ni.dll
+ 2012-02-14 22:55 . 2012-02-14 22:55 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\1cf22b5ea0ef63e71b6416a36b656b8a\Microsoft.CSharp.ni.dll
+ 2012-02-14 22:10 . 2012-02-14 22:10 3857920 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6be8cdc102f384653338279eff1f78fd\WindowsBase.ni.dll
+ 2012-02-14 22:09 . 2012-02-14 22:09 9091584 c:\windows\assembly\NativeImages_v4.0.30319_32\System\9c4788acc8f93c33214865395cee2e1c\System.ni.dll
+ 2012-02-14 22:10 . 2012-02-14 22:10 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a588133985ef7510d4cc8cc7924f8ec3\System.Xml.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b74e1ad9110a39851b12cb46b3954163\System.Xaml.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\7aa036e91909e1bc5e1d35b673defab2\System.Runtime.Serialization.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a2011e79b6ef1c5381d110f75685008c\System.Runtime.DurableInstancing.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\dcbff6c9c548b51344cc4ad4893646b2\System.Printing.ni.dll
+ 2012-02-14 22:10 . 2012-02-14 22:10 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9d5b252266a6084a611b2be84fac9e1c\System.Drawing.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\94f406f804865ec1ef81acaf426e48ca\System.DirectoryServices.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\d612e5ab6df30b2018730c781e979ce8\System.Deployment.ni.dll
+ 2012-02-14 22:10 . 2012-02-14 22:10 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\25a90057cd6623c3b3cc07e53c8de77a\System.Data.ni.dll
+ 2012-02-14 22:10 . 2012-02-14 22:10 2549760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\79ff5fcb68fc0f3dce4571f8fa950a51\System.Data.SqlXml.ni.dll
+ 2012-02-14 22:10 . 2012-02-14 22:10 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\ae45172466a99ef79ed2ab3ae5ad0ef9\System.Data.Linq.ni.dll
+ 2012-02-14 22:10 . 2012-02-14 22:10 7069696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\b6ac99f2787a9a672d7a696ef25588ee\System.Core.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\3d60413b16725524801275d92249169b\System.Activities.ni.dll
+ 2012-02-14 22:25 . 2012-02-14 22:25 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\d92c6df050f16ca2610191d283d826bb\System.Activities.Core.Presentation.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 2907136 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\6f94955023126311d6aaa840f8852023\ReachFramework.ni.dll
+ 2012-02-14 22:24 . 2012-02-14 22:24 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\a593524fad58317c70d237d214a25204\PresentationUI.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\70a16497eb1cc16502203fb15014fd35\Microsoft.VisualBasic.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\5c70caccfbb0d9706fc30b6cd9fc05f2\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2308d9bc9e1b4fa300140d447aa34d51\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-02-14 22:23 . 2012-02-14 22:23 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\38b6c0eb820c7b8ce3efb4bdfb6ba480\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-14 22:10 . 2012-02-14 22:10 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\bc7e22b7991a4f23c6bb9e83e2241d05\Microsoft.CSharp.ni.dll
+ 2012-02-14 22:31 . 2012-02-14 22:31 4927488 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\72f21f61357658b9c6b7b4b1a1e33987\WindowsBase.ni.dll
+ 2012-02-14 22:54 . 2012-02-14 22:54 1458688 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\a10c9fe07d5fe5e8c9aef9d7fff8b95a\UIAutomationClientsideProviders.ni.dll
+ 2012-02-14 22:30 . 2012-02-14 22:30 6948864 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\e27a134ab834ece4ba174b926a825e15\System.Xml.ni.dll
+ 2012-02-14 22:54 . 2012-02-14 22:54 1817600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\9850a0978d0b56231a7f36f1f4ec9e1f\System.WorkflowServices.ni.dll
+ 2012-02-14 22:37 . 2012-02-14 22:37 2707456 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\c64b813d144af3db528b000e06fafde9\System.Workflow.Runtime.ni.dll
+ 2012-02-14 22:36 . 2012-02-14 22:36 5955072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\617108e375db2d547ec78e8b6337a5ac\System.Workflow.ComponentModel.ni.dll
+ 2012-02-14 22:36 . 2012-02-14 22:36 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\5481345c079323560b9ae19499b7e273\System.Workflow.Activities.ni.dll
+ 2012-02-14 22:35 . 2012-02-14 22:35 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\f8fa4f0a541be982825536ceec34fa1a\System.Web.Services.ni.dll
+ 2012-02-14 22:54 . 2012-02-14 22:54 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\145e7ebef796c4b653664f377b07ae7a\System.Web.Mobile.ni.dll
+ 2012-02-14 22:53 . 2012-02-14 22:53 3043840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\8dbb8f75d927391774fc50117e201a6d\System.Web.Extensions.ni.dll
+ 2012-02-14 22:54 . 2012-02-14 22:54 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\699488179469a2284ab33c4f0df1b103\System.Web.Extensions.Design.ni.dll
+ 2012-02-14 22:53 . 2012-02-14 22:53 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\965933e74d0cf876cef852295edff553\System.Speech.ni.dll
+ 2012-02-14 22:53 . 2012-02-14 22:53 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\8155601451adac7127bf5a8607fd0138\System.ServiceModel.Web.ni.dll
+ 2012-02-14 22:47 . 2012-02-14 22:47 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\32e23c5bb537840b23429b439afe35cd\System.Runtime.Serialization.ni.dll
+ 2012-02-14 22:35 . 2012-02-14 22:35 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\fb3749ebeb93d2a57a15e08ab6bb2180\System.Runtime.Remoting.ni.dll
+ 2012-02-14 22:34 . 2012-02-14 22:34 1453568 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\69658ce81a377802fdaf0f95f8cbd8f2\System.Printing.ni.dll
+ 2012-02-14 22:50 . 2012-02-14 22:50 1408512 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\0e9fbb272174b8bba217665ef24ce7a3\System.Management.ni.dll
+ 2012-02-14 22:47 . 2012-02-14 22:47 1433088 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\4f40e646586dea662bd7370f3fe09d53\System.IdentityModel.ni.dll
+ 2012-02-14 22:35 . 2012-02-14 22:35 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\fd857ce0790fdcc2e50537c57dbbc7cc\System.EnterpriseServices.ni.dll
+ 2012-02-14 22:32 . 2012-02-14 22:32 2311168 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\e0f753de983bb53fd10baac20fd9fe01\System.Drawing.ni.dll
+ 2012-02-14 22:53 . 2012-02-14 22:53 1229824 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\94d9c7f1fb8a33779f2754b03d615bdf\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-14 22:34 . 2012-02-14 22:34 1640448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\7cf15503b61829d997a83449555294c9\System.DirectoryServices.ni.dll
+ 2012-02-14 22:31 . 2012-02-14 22:31 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\1b329a61a6b477b45ee00f74a596ba4b\System.Deployment.ni.dll
+ 2012-02-14 22:34 . 2012-02-14 22:34 8692736 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\e0b90ee6ea2cfef9d25eec6cbbb2db58\System.Data.ni.dll
+ 2012-02-14 22:30 . 2012-02-14 22:30 3461632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\8c61d77dc5e3268679be4cc2a15bedc8\System.Data.SqlXml.ni.dll
+ 2012-02-14 22:53 . 2012-02-14 22:53 1846272 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\3bd05ae6ad3ee5adb0868dc04a28fea7\System.Data.Services.ni.dll
+ 2012-02-14 22:53 . 2012-02-14 22:53 1289728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\4beaa66f063c5ae7384f31e26d476e21\System.Data.Services.Client.ni.dll
+ 2012-02-14 22:36 . 2012-02-14 22:36 1506816 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\a159fbb6848157ea51b5c8923f53a173\System.Data.OracleClient.ni.dll
+ 2012-02-14 22:53 . 2012-02-14 22:53 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\e58c9f2d66916bb8f7da21d85f706415\System.Data.Linq.ni.dll
+ 2012-02-14 22:53 . 2012-02-14 22:53 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\9b2610bab980ce42d8a145c8c2af532b\System.Data.Entity.Design.ni.dll
+ 2012-02-14 22:50 . 2012-02-14 22:50 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\7b94dfe397b4626f568ff83bd2b6e54e\System.Core.ni.dll
+ 2012-02-14 22:30 . 2012-02-14 22:30 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\b5fd9e39d77eac8135fc948b57bcbecc\System.Configuration.ni.dll
+ 2012-02-14 22:34 . 2012-02-14 22:34 3101696 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\f520e5f7757a233a8c744e8d3227463f\ReachFramework.ni.dll
+ 2012-02-14 22:34 . 2012-02-14 22:34 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\afd06bd9843b44728c48309c43fde52b\PresentationUI.ni.dll
+ 2012-02-14 22:51 . 2012-02-14 22:51 1881088 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\0eee18014e7cc8f4f6fcb4a322657089\PresentationBuildTasks.ni.dll
+ 2012-02-14 22:51 . 2012-02-14 22:51 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\6b653a2d89621c5b293aa3f4c159373d\Narrator.ni.exe
+ 2012-02-14 22:51 . 2012-02-14 22:51 2327040 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\65bfcd307102d6b2f559ea944a831257\MMCEx.ni.dll
+ 2012-02-14 22:49 . 2012-02-14 22:49 7966208 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\a4118bee5b662208c3da06151117f899\MIGUIControls.ni.dll
+ 2012-02-14 22:51 . 2012-02-14 22:51 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\3b1e06a06617fec4e5c4708987ae64b9\Microsoft.VisualBasic.ni.dll
+ 2012-02-14 22:47 . 2012-02-14 22:47 1598464 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\678bdf64864ecb76402731097d597f1a\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-14 22:50 . 2012-02-14 22:50 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\d4f3f3c87447de665525f51a9c510add\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-02-14 22:51 . 2012-02-14 22:51 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\99beef2cf536672c1f3f79fa275c85a6\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-02-14 22:50 . 2012-02-14 22:50 2175488 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\8f2cb5e410460b417295d3dd64e2531a\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-02-14 22:51 . 2012-02-14 22:51 5351424 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\534900fb6ae887976feb70a3e4d11a5b\Microsoft.PowerShell.Editor.ni.dll
+ 2012-02-14 22:49 . 2012-02-14 22:49 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f60ec0a7332d364d0920a43d933120ba\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-02-14 22:47 . 2012-02-14 22:47 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\d354d4143a28c3763fdfd7328db806bb\Microsoft.MediaCenter.UI.ni.dll
+ 2012-02-14 22:47 . 2012-02-14 22:47 1516032 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\a2b32a67efe6f8996a315b344e97c072\Microsoft.MediaCenter.ni.dll
+ 2012-02-14 22:48 . 2012-02-14 22:48 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7eec424ec594f976e2b5312be9e9fd28\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
+ 2012-02-14 22:48 . 2012-02-14 22:48 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5baca0c11e1180954822ecc71f423bb9\Microsoft.MediaCenter.Shell.ni.dll
+ 2012-02-14 22:50 . 2012-02-14 22:50 3208192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\84c24afb9fa89d5f52e53bd89c28dbb6\Microsoft.JScript.ni.dll
+ 2012-02-14 22:49 . 2012-02-14 22:49 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\7dcd5f7bbba84aff028b37e2791ecd9c\Microsoft.Ink.ni.dll
+ 2012-02-14 22:49 . 2012-02-14 22:49 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\cb1eb215189e73c8e6954c832af877cf\Microsoft.Build.Tasks.ni.dll
+ 2012-02-14 22:49 . 2012-02-14 22:49 2677760 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\99ca04fed6d48227fc547696d35ff210\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-14 22:49 . 2012-02-14 22:49 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\53e48fdc63b81bf2bcff912f2a21d1c0\Microsoft.Build.Engine.ni.dll
+ 2012-02-14 22:49 . 2012-02-14 22:49 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\15b1d9918d92e454a92d78b38817e324\Microsoft.Build.Engine.ni.dll
+ 2012-02-14 22:47 . 2012-02-14 22:47 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\02ccd3463707886826337c5e436d9990\mcstore.ni.dll
+ 2012-02-14 22:47 . 2012-02-14 22:47 4086784 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\c7c81899395ce306902b4483483646cb\mcepg.ni.dll
+ 2012-02-14 22:43 . 2012-02-14 22:43 3325952 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll
+ 2012-02-15 01:33 . 2012-02-15 01:33 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\7302baafd6c169c170e4cb9946cf8744\UIAutomationClientsideProviders.ni.dll
+ 2012-02-14 22:43 . 2012-02-14 22:43 7952384 c:\windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
+ 2012-02-14 22:43 . 2012-02-14 22:43 5452800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
+ 2012-02-15 01:33 . 2012-02-15 01:33 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\83e604a790d14f761b938491d842e505\System.WorkflowServices.ni.dll
+ 2012-02-14 22:45 . 2012-02-14 22:45 1914880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\bb367de311a5a667d190a6692c712500\System.Workflow.Runtime.ni.dll
+ 2012-02-14 22:45 . 2012-02-14 22:45 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\0bbafbdfda6fd92b7fb4f73eea8232ee\System.Workflow.ComponentModel.ni.dll
+ 2012-02-14 22:45 . 2012-02-14 22:45 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6ad8759175f1d88baaecf3778254ede8\System.Workflow.Activities.ni.dll
+ 2012-02-14 22:45 . 2012-02-14 22:45 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e0dbdfca9d4a65b1189481a168295866\System.Web.Services.ni.dll
+ 2012-02-15 01:33 . 2012-02-15 01:33 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\08da6943f50dc536ac83d9412c9467a0\System.Web.Mobile.ni.dll
+ 2012-02-15 01:32 . 2012-02-15 01:32 2403840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\295c56a93b0e0870aebea1e1ff6c8a1c\System.Web.Extensions.ni.dll
+ 2012-02-15 01:33 . 2012-02-15 01:33 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\4fd17a17a3491ac0900ce695e0accd05\System.Speech.ni.dll
+ 2012-02-15 01:32 . 2012-02-15 01:32 1705984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\dbe077c5cdcef7f2165db3d73265272c\System.ServiceModel.Web.ni.dll
+ 2012-02-15 01:27 . 2012-02-15 01:27 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a221123a83601a4a964218b3bd3f4fa6\System.Runtime.Serialization.ni.dll
+ 2012-02-14 22:44 . 2012-02-14 22:44 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\378d6092f62088bb4c6df0c3b08738b8\System.Printing.ni.dll
+ 2012-02-15 01:29 . 2012-02-15 01:29 8871936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\8fcf38adbfd33eef8396282da128b0e8\System.Management.Automation.ni.dll
+ 2012-02-15 01:27 . 2012-02-15 01:27 1072128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\44d15a5bcd3143d53fd67b871c728616\System.IdentityModel.ni.dll
+ 2012-02-14 22:44 . 2012-02-14 22:44 1586688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll
+ 2012-02-14 22:44 . 2012-02-14 22:44 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\63dc10cf90c6a9c70c95d21d15f20a96\System.DirectoryServices.ni.dll
+ 2012-02-14 22:44 . 2012-02-14 22:44 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\633c6734669cdde71728a7d59f1ed1a6\System.Deployment.ni.dll
+ 2012-02-14 22:45 . 2012-02-14 22:45 6618624 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\c06a0517281bb4a9c7fcaeb58d38cd63\System.Data.ni.dll
+ 2012-02-14 22:43 . 2012-02-14 22:43 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\24df52cfcb704a481e21428788c7dc22\System.Data.SqlXml.ni.dll
+ 2012-02-15 01:32 . 2012-02-15 01:32 1328640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\dce37eabe9bb4bd40a8393179071d3b5\System.Data.Services.ni.dll
+ 2012-02-14 22:45 . 2012-02-14 22:45 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\d2dff86b5456eccada29a351a227ba44\System.Data.OracleClient.ni.dll
+ 2012-02-15 01:32 . 2012-02-15 01:32 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\dfb2b5f2ce8da373b076adcf6fc39f47\System.Data.Linq.ni.dll
+ 2012-02-15 01:32 . 2012-02-15 01:32 9921024 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\433bb06af0bef1a0b4c275c5c126eb04\System.Data.Entity.ni.dll
+ 2012-02-15 01:29 . 2012-02-15 01:29 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\a25e06e527720656434230d3ee420427\System.Core.ni.dll
+ 2012-02-14 22:44 . 2012-02-14 22:44 2147328 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\98f8b2daee55f5bfbd8dbb0b54e4d9a6\ReachFramework.ni.dll
+ 2012-02-14 22:44 . 2012-02-14 22:44 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bb6c78075c09c3687df6d5de89e4dfad\PresentationUI.ni.dll
+ 2012-02-15 01:30 . 2012-02-15 01:30 1449984 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\ce4a36b917a8cd24d1424e179ce7f36f\PresentationBuildTasks.ni.dll
+ 2012-02-15 01:30 . 2012-02-15 01:30 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\66f20ce02a8f1e7a694573367a7eddb9\Narrator.ni.exe
+ 2012-02-15 01:30 . 2012-02-15 01:30 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\a51531417c51271078f842827a26c99c\MMCEx.ni.dll
+ 2012-02-15 01:28 . 2012-02-15 01:28 6434304 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\acdc9c9f34623e58e9acca16034b0512\MIGUIControls.ni.dll
+ 2012-02-15 01:29 . 2012-02-15 01:29 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4745cd79cd87ef98af5163b152088e28\Microsoft.VisualBasic.ni.dll
+ 2012-02-15 01:27 . 2012-02-15 01:27 1092608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c614532b38e34d7f4b952819f8bfa7c8\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-15 01:29 . 2012-02-15 01:29 1705472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d3f39090f2a2686fd971970183e3ae49\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-02-15 01:29 . 2012-02-15 01:29 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8ec0afbea5cbd2ce072ced4b778e50b9\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-02-15 01:29 . 2012-02-15 01:29 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\03416bdce17405414c3cc8fab96c70bb\Microsoft.PowerShell.Editor.ni.dll
+ 2012-02-15 01:27 . 2012-02-15 01:27 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\db9d6e283344291ab71cb94015294a39\Microsoft.MediaCenter.ni.dll
+ 2012-02-15 01:27 . 2012-02-15 01:27 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\a9d9608aba73e52c1163523848a54e9b\Microsoft.MediaCenter.UI.ni.dll
+ 2012-02-15 01:29 . 2012-02-15 01:29 2332672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\dd8c9dad457c919a28c818d5f6f2d457\Microsoft.JScript.ni.dll
+ 2012-02-15 01:28 . 2012-02-15 01:28 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\fc50bce0e1ed23371ece4d8863086c25\Microsoft.Ink.ni.dll
+ 2012-02-15 01:28 . 2012-02-15 01:28 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c70384fb53daf2c28d8a641f76c06d0e\Microsoft.Build.Tasks.ni.dll
+ 2012-02-15 01:28 . 2012-02-15 01:28 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9bea316c60079f4ac7ce0353f312874f\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-15 01:28 . 2012-02-15 01:28 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\154f4214ffb1488ed7fadf6381100569\Microsoft.Build.Engine.ni.dll
+ 2012-02-15 01:28 . 2012-02-15 01:28 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\c76b5554d3df1691a29c8916ca722104\mcstore.ni.dll
+ 2012-02-15 01:28 . 2012-02-15 01:28 3025920 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\2e569d0399135f239df7fd3f4d51c956\mcepg.ni.dll
+ 2012-02-14 21:50 . 2011-10-31 23:17 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-02-14 21:50 . 2012-01-04 09:03 12868096 c:\windows\SysWOW64\shell32.dll
+ 2012-02-14 21:49 . 2011-12-16 07:58 10991104 c:\windows\SysWOW64\ieframe.dll
+ 2009-07-14 02:34 . 2012-02-17 20:00 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-02-01 14:04 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-02-14 21:50 . 2012-01-04 09:59 14164480 c:\windows\system32\shell32.dll
+ 2009-12-28 07:46 . 2012-02-14 22:01 54585368 c:\windows\system32\MRT.exe
+ 2012-02-14 21:49 . 2011-12-16 08:40 12372480 c:\windows\system32\ieframe.dll
+ 2012-02-14 22:04 . 2012-02-14 22:04 20333056 c:\windows\Installer\910e368.msp
+ 2012-02-14 22:09 . 2012-02-14 22:09 11879936 c:\windows\assembly\NativeImages_v4.0.30319_64\System\bbcac65b1d0045229354424a7595e258\System.ni.dll
+ 2012-02-14 22:59 . 2012-02-14 22:59 17290752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\97347a1967260991cca95e94b5ba2d41\System.Windows.Forms.ni.dll
+ 2012-02-15 01:25 . 2012-02-15 01:25 24551936 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\49314ff27e3a21bbb1fb675a295f6571\System.ServiceModel.ni.dll
+ 2012-02-15 01:23 . 2012-02-15 01:23 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\78e35b4bf12ee4833ed720a490e958f2\System.Data.Entity.ni.dll
+ 2012-02-14 22:54 . 2012-02-14 22:54 10439168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\fcefa2871c7dc4d397ff8c6f92abf0d5\System.Core.ni.dll
+ 2012-02-14 22:57 . 2012-02-14 22:57 24406528 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\d0dddbe96a81cd6869f9643fa2809d71\PresentationFramework.ni.dll
+ 2012-02-14 22:56 . 2012-02-14 22:56 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\efb6d518bb284cdc29a96068726320c0\PresentationCore.ni.dll
+ 2012-02-14 22:10 . 2012-02-14 22:10 13138432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\edfa0f31cc4950e16011ecb549f553f7\System.Windows.Forms.ni.dll
+ 2012-02-14 22:11 . 2012-02-14 22:11 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bdf555b4cfed144a3b0b60e0308cbf2b\PresentationFramework.ni.dll
+ 2012-02-14 22:10 . 2012-02-14 22:10 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\37cfa5ae8473995db30414fa29167c28\PresentationCore.ni.dll
+ 2012-02-15 04:02 . 2012-02-15 04:02 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
- 2011-10-12 10:11 . 2011-10-12 10:11 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
+ 2012-02-14 22:30 . 2012-02-14 22:30 10605056 c:\windows\assembly\NativeImages_v2.0.50727_64\System\3d69c3a887aa1a4b35fdeea64aa5735b\System.ni.dll
+ 2012-02-14 22:32 . 2012-02-14 22:32 17379328 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\3f482a320c87a6050710168acb9a85b4\System.Windows.Forms.ni.dll
+ 2012-02-14 22:35 . 2012-02-14 22:35 15252992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\b990f6f7a10900a8a9c0b622db77c4d2\System.Web.ni.dll
+ 2012-02-14 22:46 . 2012-02-14 22:46 23812096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\9ffd6cb4f54f017fe6363aa29f9e2644\System.ServiceModel.ni.dll
+ 2012-02-14 22:50 . 2012-02-14 22:50 11898880 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\7eb9adb90ac86e12ed7dfa7065ba12f9\System.Management.Automation.ni.dll
+ 2012-02-14 22:36 . 2012-02-14 22:36 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\331539212c3e3b69d3a9d273fec2571e\System.Design.ni.dll
+ 2012-02-14 22:52 . 2012-02-14 22:52 13757952 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\d68eaefb3b0177f5e655fdb7fe1c3470\System.Data.Entity.ni.dll
+ 2012-02-14 22:34 . 2012-02-14 22:34 19169792 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\51b3b6c7f4e6e53b583906f88427581b\PresentationFramework.ni.dll
+ 2012-02-14 22:31 . 2012-02-14 22:31 16513024 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\c97b9ddcb9464742d0739ccef20f1b9c\PresentationCore.ni.dll
+ 2012-02-14 22:48 . 2012-02-14 22:48 25462272 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\ccf66ac146c031f1461896a142954c9c\ehshell.ni.dll
+ 2012-02-14 22:44 . 2012-02-14 22:44 12431360 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll
+ 2012-02-14 22:45 . 2012-02-14 22:45 11824128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\2df79ab909c782d3796e4107d040327d\System.Web.ni.dll
+ 2012-02-15 01:27 . 2012-02-15 01:27 17400320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3623247db0c19cd14589e6f4d6cfb290\System.ServiceModel.ni.dll
+ 2012-02-14 22:45 . 2012-02-14 22:45 10578432 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\2de1178a4e6c8d13ae1994dc67ba657a\System.Design.ni.dll
+ 2012-02-14 22:44 . 2012-02-14 22:44 14322688 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8435718626a24beaeefc98d45ae77127\PresentationFramework.ni.dll
+ 2012-02-14 22:44 . 2012-02-14 22:44 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c0508b05f5c28e37711f447a66368e75\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-08-24 130864]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 23:21 1299248 ----a-w- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-06-03 18:25 194848 ------w- c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2010-03-08 3972440]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTProAgent.exe" [2009-12-18 427328]
"Xvid"="c:\program files (x86)\XviD\CheckUpdate.exe" [2011-01-17 8192]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-29 3077528]
"Akamai NetSession Interface"="c:\users\user\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-01-28 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-12-13 922976]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-07 1987976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-29 135664]
R3 dump_wmimmc;dump_wmimmc;c:\netmarbleglobal\MiniFighter\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-29 135664]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSP;avast! Self Protection; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-12-14 748440]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-07 2343816]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-09-27 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-29 22:43]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-29 22:43]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2574968984-2760118976-3780075422-1001Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-25 18:45]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2574968984-2760118976-3780075422-1001UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-25 18:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-21 7981088]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-05-31 57928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-!{F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files (x86)\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files (x86)\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\asw6Noti.exe
.
**************************************************************************
.
Completion time: 2012-02-17 17:22:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-17 22:22
ComboFix2.txt 2012-02-01 23:01
.
Pre-Run: 246,449,881,088 bytes free
Post-Run: 246,488,227,840 bytes free
.
- - End Of File - - 08A5EEA2407592A282E98FEC15FA8EF8

SystemLook 30.07.11 by jpshortstuff
Log created at 23:43 on 17/02/2012 by user
Administrator - Elevation successful

========== file ==========

C:\os604495.bin - File found and opened.
MD5: A785A2DD4815B243524EB08B34F50C2F
Created at 17:01 on 26/01/2010
Modified at 19:56 on 06/12/2011
Size: 652 bytes
Attributes: --ah---
No version information available.

C:\Windows\SysWow64\D9E9DCBFD8.sys - File found and opened.
MD5: C4DC8608B7F69431CD1D928572ADBCE7
Created at 17:50 on 05/01/2010
Modified at 17:50 on 05/01/2010
Size: 56 bytes
Attributes: -r-hs--
No version information available.

C:\ProgramData\5B5DB5DF3E.sys - File found and opened.
MD5: 06C4CA6806C607317456A5C8A3A8E02E
Created at 21:03 on 25/12/2009
Modified at 06:02 on 26/12/2009
Size: 88 bytes
Attributes: -r-hs--
No version information available.

========== reg ==========

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"IconServiceLib"="IconCodecService.dll"
"DdeSendTimeout"= 0x0000000000 (0)
"DesktopHeapLogging"= 0x0000000001 (1)
"GDIProcessHandleQuota"= 0x0000002710 (10000)
"ShutdownWarningDialogTimeout"= 0x00ffffffff (-1)
"USERNestedWindowLimit"= 0x0000000032 (50)
"USERPostMessageLimit"= 0x0000002710 (10000)
"USERProcessHandleQuota"= 0x0000002710 (10000)
@="mnmsrvc"
"DeviceNotSelectedTimeout"="15"
"Spooler"="yes"
"TransmissionRetryTimeout"="90"
"RequireSignedAppInit_DLLs"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"IconServiceLib"="IconCodecService.dll"
"DdeSendTimeout"= 0x0000000000 (0)
"DesktopHeapLogging"= 0x0000000001 (1)
"GDIProcessHandleQuota"= 0x0000002710 (10000)
"ShutdownWarningDialogTimeout"= 0x00ffffffff (-1)
"USERNestedWindowLimit"= 0x0000000032 (50)
"USERPostMessageLimit"= 0x0000002710 (10000)
"USERProcessHandleQuota"= 0x0000002710 (10000)
@="mnmsrvc"
"DeviceNotSelectedTimeout"="15"
"Spooler"="yes"
"TransmissionRetryTimeout"="90"
"RequireSignedAppInit_DLLs"= 0x0000000001 (1)

-= EOF =-

When I went to Virscan.org the page wouldn't load
 
#21 ·
Okay, as Virscan is having problems, can you see if you can scan the files here instead:

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • C:\os604495.bin
  • Click on the submit button
  • Please post the results in your next reply.

And try again with these two:

C:\Windows\SysWow64\D9E9DCBFD8.sys
C:\ProgramData\5B5DB5DF3E.sys


---------

Can you also uninstall YouTube Downloader Toolbar and YouTube Downloader from AddRemove programs.

Then, can you run Systemlook again, with the following code:

Code:
:filefind
*YouTube Downloader
:folderfind
*YouTube Downloader
:regfind
*YouTube Downloader
----

Also, can you scan OTL again but this time it will only produce the one log, if you can post that :)

eddie
 
#22 ·
Jottie didn't find anything

OTL logfile created on: 2/25/2012 10:50:16 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 48.80% Memory free
7.99 Gb Paging File | 5.63 Gb Available in Paging File | 70.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 228.88 Gb Free Space | 49.15% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/14 18:02:15 | 000,481,064 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/02/07 13:18:30 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/02/03 15:06:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2012/02/02 02:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/01/28 16:27:00 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/10/04 16:11:44 | 001,015,808 | ---- | M] () -- C:\Program Files (x86)\BYOND\bin\byond.exe
PRC - [2011/08/01 14:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2011/05/25 01:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/11/27 22:00:21 | 000,397,176 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2010/04/29 15:16:26 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/03/08 16:04:49 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/03/06 03:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/15 00:03:36 | 000,429,040 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
MOD - [2012/02/15 00:03:34 | 003,772,912 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
MOD - [2012/02/15 00:02:10 | 000,122,880 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\17.0.963.56\avutil-51.dll
MOD - [2012/02/15 00:02:08 | 000,220,672 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\17.0.963.56\avformat-53.dll
MOD - [2012/02/15 00:02:07 | 001,747,456 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\17.0.963.56\avcodec-53.dll
MOD - [2012/02/14 21:00:24 | 008,593,568 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
MOD - [2012/02/14 21:00:24 | 008,593,568 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\APPLIC~1\170963~1.56\gcswf32.dll
MOD - [2012/02/14 18:02:13 | 014,415,144 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/02/14 18:02:05 | 000,857,896 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/02/14 18:02:04 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2012/02/14 18:02:04 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2012/02/14 18:02:04 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2011/10/04 16:11:44 | 001,015,808 | ---- | M] () -- C:\Program Files (x86)\BYOND\bin\byond.exe
MOD - [2011/10/04 16:11:14 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\BYOND\bin\byondwin.dll
MOD - [2011/10/04 16:10:56 | 001,941,504 | ---- | M] () -- C:\Program Files (x86)\BYOND\bin\byondcore.dll
MOD - [2011/10/04 16:10:18 | 001,900,544 | ---- | M] () -- C:\Program Files (x86)\BYOND\bin\byondext.dll
MOD - [2010/03/08 16:00:11 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV:64bit: - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV:64bit: - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV:64bit: - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/02/14 18:02:15 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/10 15:04:48 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/02/07 13:18:30 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/25 01:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/09/27 13:54:56 | 000,120,712 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2010/09/27 13:52:20 | 000,373,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/05/31 10:31:10 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/04/29 15:16:26 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/04/27 14:57:48 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/29 01:02:00 | 003,407,292 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 09:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/25 01:09:17 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/27 13:55:24 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2010/05/31 10:31:10 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/05/31 10:30:44 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/03/26 14:07:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010/02/18 04:25:57 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/11/24 18:50:25 | 000,089,680 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2009/11/24 18:50:05 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2009/11/24 18:49:56 | 000,065,616 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2009/11/24 18:49:10 | 000,053,840 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2009/11/24 18:49:00 | 000,027,216 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/02/08 08:48:04 | 000,051,600 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dsiarhwprog_x64.sys -- (usbio)
DRV - [2010/05/31 10:31:10 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/12/31 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FD BC 83 20 0A F0 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@SparkplayMedia.com/Sparkplayer (Beta): C:\Users\user\Documents\Sparkplay Media\Sparkplayer (Beta)\npSparkPlayerNS.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\BYOND: C:\Program Files (x86)\BYOND\bin\npbyond.dll (BYOND)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

[2010/05/20 00:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012/02/06 16:07:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: answers.yahoo.com (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=937811&p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: BYOND stub plugin for Mozilla (Enabled) = C:\Program Files (x86)\BYOND\bin\npbyond.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Sparkplayer (Beta) (Enabled) = C:\Users\user\Documents\Sparkplay Media\Sparkplayer (Beta)\npSparkPlayerNS.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/02/17 17:17:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\XviD\CheckUpdate.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab (Battlefield Heroes Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.2 167.206.254.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D3948F2-4C59-4A78-9B28-3E7278201FB8}: DhcpNameServer = 167.206.254.2 167.206.254.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/24 05:45:28 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Phoenix
[2012/02/23 15:33:35 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\VXA Scripts
[2012/02/22 20:46:49 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Chibi XP
[2012/02/22 20:30:28 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\RPGVXAce_RTP100
[2012/02/22 20:01:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Enterbrain
[2012/02/22 19:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG Maker VX Ace
[2012/02/22 19:58:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RPG Maker VX Ace
[2012/02/22 19:49:34 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\RPG Maker VX Ace Full
[2012/02/19 19:05:51 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\LSX
[2012/02/17 17:17:06 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/02/15 05:25:47 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\New folder (7)
[2012/02/14 16:50:34 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/14 16:50:21 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/14 16:50:20 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/14 16:50:10 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/14 16:49:49 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/14 16:49:49 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/14 16:49:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/14 16:49:48 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/14 16:49:48 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/14 16:49:48 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/14 16:49:48 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/14 16:49:47 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/14 16:49:47 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/14 16:49:47 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/14 16:49:46 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/14 16:49:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/14 16:49:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/14 16:49:45 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/14 16:49:45 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/11 11:54:59 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\sdf c
[2012/02/11 10:55:53 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\New folder (6)
[2012/02/09 21:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/02/09 21:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/02/09 21:27:13 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/02/09 13:52:38 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\New folder (4)
[2012/02/09 07:28:41 | 000,000,000 | ---D | C] -- C:\ERDNT
[2012/02/09 07:28:40 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012/02/09 07:28:21 | 000,000,000 | ---D | C] -- C:\!FixIEDef
[2012/02/09 07:23:27 | 001,093,459 | ---- | C] (Zoll Technologies) -- C:\Users\user\Desktop\FixIEDef.exe
[2012/02/07 14:25:42 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\343-368[Vanillapunk]HD
[2012/02/07 14:22:46 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\299-342[Vegapunk]HD
[2012/02/06 16:07:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/03 15:06:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/02/01 01:04:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/01 00:41:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/01 00:41:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/01 00:41:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/01 00:41:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/01 00:41:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/01 00:39:13 | 004,395,075 | R--- | C] (Swearware) -- C:\Users\user\Desktop\username123.exe
[2012/01/31 04:05:26 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/31 04:05:25 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/31 04:05:25 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/31 04:05:25 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/31 04:05:25 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/31 04:05:25 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/30 20:43:47 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\New folder
[2012/01/30 20:37:59 | 002,059,056 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2012/01/30 20:19:55 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2012/01/29 18:18:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/01/29 18:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/01/29 18:00:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com
[2012/01/29 18:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/01/29 18:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/01/29 18:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/29 11:24:07 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2012/01/29 11:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/29 11:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/29 11:23:58 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/29 11:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/29 11:00:41 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\RPGVXAce
[2012/01/28 16:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/01/28 16:26:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2009/12/26 03:32:13 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll

========== Files - Modified Within 30 Days ==========

[2012/02/25 10:45:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2574968984-2760118976-3780075422-1001UA.job
[2012/02/25 10:40:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/25 09:39:15 | 183,310,434 | ---- | M] () -- C:\Users\user\Desktop\Raising.Hope.S02E15.HDTV.XviD-LOL.avi
[2012/02/25 00:40:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/24 14:28:06 | 000,016,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/24 14:28:06 | 000,016,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/24 14:19:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/24 14:18:54 | 3217,772,544 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/24 13:14:25 | 000,000,900 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012/02/24 12:44:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2574968984-2760118976-3780075422-1001Core.job
[2012/02/23 15:51:31 | 000,001,682 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/02/22 19:58:47 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\RPG Maker VX Ace.lnk
[2012/02/22 08:42:27 | 002,091,322 | ---- | M] () -- C:\Users\user\Desktop\Battlefield 3 - Jet Swap.3gp
[2012/02/21 21:27:56 | 183,257,152 | ---- | M] () -- C:\Users\user\Desktop\Raising.Hope.S02E14.HDTV.XviD-LOL.avi
[2012/02/18 18:36:59 | 000,166,484 | ---- | M] () -- C:\Users\user\Desktop\HbszQ.png
[2012/02/18 18:17:36 | 001,262,851 | ---- | M] () -- C:\Users\user\Desktop\MssEff-Rev_www.nladevilz.info.pdf
[2012/02/17 17:17:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/17 13:53:31 | 000,001,453 | ---- | M] () -- C:\Users\user\Desktop\ComboFix - Shortcut.lnk
[2012/02/17 01:46:36 | 000,002,395 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2012/02/15 05:56:46 | 000,951,467 | ---- | M] () -- C:\Users\user\Desktop\Nerds can never love.3gp
[2012/02/15 05:51:10 | 001,733,095 | ---- | M] () -- C:\Users\user\Desktop\An Apartment 51 Valentine.3gp
[2012/02/15 05:09:05 | 2178,900,632 | ---- | M] () -- C:\Users\user\Desktop\Elder Scrolls V Skyrim [PC] Full Game 2011.rar
[2012/02/15 04:53:51 | 001,079,795 | ---- | M] () -- C:\Users\user\Desktop\Zelda Timeline.jpg
[2012/02/15 04:29:18 | 005,655,446 | ---- | M] () -- C:\Users\user\Desktop\(Skyrim) Macho Dragon Mod.3gp
[2012/02/14 22:09:25 | 000,460,709 | ---- | M] () -- C:\Users\user\Desktop\Come at me Bro.png
[2012/02/14 21:30:28 | 001,004,390 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/14 21:30:28 | 000,236,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/14 21:30:28 | 000,005,556 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/14 17:28:48 | 005,153,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/13 20:41:41 | 873,902,080 | ---- | M] () -- C:\Users\user\Desktop\Pokemon Movie 14 - Black - Victini and Reshiram {C_P}.avi
[2012/02/12 17:22:25 | 981,773,908 | ---- | M] () -- C:\Users\user\Desktop\Pokemon Movie 13 Zoroark Master of Illusions [720p][C-W].mkv
[2012/02/12 16:07:13 | 183,052,916 | ---- | M] () -- C:\Users\user\Desktop\Raising.Hope.S02E13.HDTV.XviD-LOL.avi
[2012/02/12 08:25:44 | 002,418,646 | ---- | M] () -- C:\Users\user\Desktop\I'm Raving.mp3
[2012/02/12 08:18:55 | 002,551,296 | ---- | M] () -- C:\Users\user\Desktop\Runaway.mp3
[2012/02/12 07:08:17 | 000,165,376 | ---- | M] () -- C:\Users\user\Desktop\SystemLook_x64.exe
[2012/02/11 12:31:03 | 009,195,018 | ---- | M] () -- C:\Users\user\Desktop\469175_15._flying_n_stuff_.mp3
[2012/02/11 11:28:11 | 014,940,920 | ---- | M] () -- C:\Users\user\Desktop\DU 10.894.zip
[2012/02/10 14:46:35 | 000,000,204 | ---- | M] () -- C:\Users\user\Documents\PWOOptions.ini
[2012/02/10 01:41:25 | 010,467,078 | ---- | M] () -- C:\Users\user\Desktop\Super Smash.3gp
[2012/02/09 23:19:45 | 011,970,592 | ---- | M] () -- C:\Users\user\Desktop\Link to the Future Fan Film.3gp
[2012/02/09 20:03:14 | 003,846,185 | ---- | M] () -- C:\Users\user\Desktop\467018_Avast_.mp3
[2012/02/09 07:23:29 | 001,093,459 | ---- | M] (Zoll Technologies) -- C:\Users\user\Desktop\FixIEDef.exe
[2012/02/08 19:04:48 | 002,145,719 | ---- | M] () -- C:\Users\user\Desktop\85046_newgrounds_parago.mp3
[2012/02/05 17:22:56 | 000,926,131 | ---- | M] () -- C:\Users\user\Desktop\Drums.jpg
[2012/02/05 09:32:27 | 013,223,003 | ---- | M] () -- C:\Users\user\Desktop\One Piece in 6 Minutes.3gp
[2012/02/05 09:01:50 | 025,542,755 | ---- | M] () -- C:\Users\user\Documents\Magikarp vs Magikarp.flv
[2012/02/04 12:48:50 | 005,542,914 | ---- | M] () -- C:\Users\user\Documents\Tangled - Film Clip - Maximus and Flynn.flv
[2012/02/03 15:06:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/02/01 20:29:32 | 003,907,584 | ---- | M] () -- C:\Users\user\Desktop\End of the world.mp3
[2012/02/01 00:39:19 | 004,395,075 | R--- | M] (Swearware) -- C:\Users\user\Desktop\username123.exe
[2012/01/31 02:47:37 | 000,000,512 | ---- | M] () -- C:\Users\user\Desktop\MBR.dat
[2012/01/30 20:38:08 | 002,059,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2012/01/30 20:20:17 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2012/01/29 18:18:48 | 000,002,971 | ---- | M] () -- C:\Users\user\Desktop\HiJackThis.lnk
[2012/01/29 18:00:24 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/29 11:24:00 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/28 16:26:52 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk

========== Files Created - No Company Name ==========

[2012/02/25 09:36:27 | 183,310,434 | ---- | C] () -- C:\Users\user\Desktop\Raising.Hope.S02E15.HDTV.XviD-LOL.avi
[2012/02/22 19:58:47 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\RPG Maker VX Ace.lnk
[2012/02/22 08:42:26 | 002,091,322 | ---- | C] () -- C:\Users\user\Desktop\Battlefield 3 - Jet Swap.3gp
[2012/02/21 21:20:06 | 183,257,152 | ---- | C] () -- C:\Users\user\Desktop\Raising.Hope.S02E14.HDTV.XviD-LOL.avi
[2012/02/18 18:37:03 | 000,166,484 | ---- | C] () -- C:\Users\user\Desktop\HbszQ.png
[2012/02/18 18:17:33 | 001,262,851 | ---- | C] () -- C:\Users\user\Desktop\MssEff-Rev_www.nladevilz.info.pdf
[2012/02/17 13:53:31 | 000,001,453 | ---- | C] () -- C:\Users\user\Desktop\ComboFix - Shortcut.lnk
[2012/02/15 05:56:45 | 000,951,467 | ---- | C] () -- C:\Users\user\Desktop\Nerds can never love.3gp
[2012/02/15 05:51:09 | 001,733,095 | ---- | C] () -- C:\Users\user\Desktop\An Apartment 51 Valentine.3gp
[2012/02/15 04:53:46 | 001,079,795 | ---- | C] () -- C:\Users\user\Desktop\Zelda Timeline.jpg
[2012/02/15 04:49:39 | 2178,900,632 | ---- | C] () -- C:\Users\user\Desktop\Elder Scrolls V Skyrim [PC] Full Game 2011.rar
[2012/02/15 04:29:15 | 005,655,446 | ---- | C] () -- C:\Users\user\Desktop\(Skyrim) Macho Dragon Mod.3gp
[2012/02/14 22:09:25 | 000,460,709 | ---- | C] () -- C:\Users\user\Desktop\Come at me Bro.png
[2012/02/13 20:24:26 | 873,902,080 | ---- | C] () -- C:\Users\user\Desktop\Pokemon Movie 14 - Black - Victini and Reshiram {C_P}.avi
[2012/02/12 17:01:26 | 981,773,908 | ---- | C] () -- C:\Users\user\Desktop\Pokemon Movie 13 Zoroark Master of Illusions [720p][C-W].mkv
[2012/02/12 16:02:27 | 183,052,916 | ---- | C] () -- C:\Users\user\Desktop\Raising.Hope.S02E13.HDTV.XviD-LOL.avi
[2012/02/12 08:25:42 | 002,418,646 | ---- | C] () -- C:\Users\user\Desktop\I'm Raving.mp3
[2012/02/12 08:18:53 | 002,551,296 | ---- | C] () -- C:\Users\user\Desktop\Runaway.mp3
[2012/02/12 07:08:16 | 000,165,376 | ---- | C] () -- C:\Users\user\Desktop\SystemLook_x64.exe
[2012/02/11 12:30:50 | 009,195,018 | ---- | C] () -- C:\Users\user\Desktop\469175_15._flying_n_stuff_.mp3
[2012/02/11 10:32:03 | 014,940,920 | ---- | C] () -- C:\Users\user\Desktop\DU 10.894.zip
[2012/02/10 01:41:19 | 010,467,078 | ---- | C] () -- C:\Users\user\Desktop\Super Smash.3gp
[2012/02/09 23:19:37 | 011,970,592 | ---- | C] () -- C:\Users\user\Desktop\Link to the Future Fan Film.3gp
[2012/02/09 20:03:10 | 003,846,185 | ---- | C] () -- C:\Users\user\Desktop\467018_Avast_.mp3
[2012/02/08 19:04:45 | 002,145,719 | ---- | C] () -- C:\Users\user\Desktop\85046_newgrounds_parago.mp3
[2012/02/05 16:24:29 | 000,926,131 | ---- | C] () -- C:\Users\user\Desktop\Drums.jpg
[2012/02/05 09:32:20 | 013,223,003 | ---- | C] () -- C:\Users\user\Desktop\One Piece in 6 Minutes.3gp
[2012/02/05 08:56:23 | 025,542,755 | ---- | C] () -- C:\Users\user\Documents\Magikarp vs Magikarp.flv
[2012/02/05 07:15:38 | 134,217,728 | ---- | C] () -- C:\Users\user\Desktop\5719_-_Yu_Gi_Oh_5Ds_World_Championship_2011_Over_The_Nexus_USA_NDS-PLAYTHIS.nds
[2012/02/04 12:48:32 | 005,542,914 | ---- | C] () -- C:\Users\user\Documents\Tangled - Film Clip - Maximus and Flynn.flv
[2012/02/01 20:29:33 | 003,907,584 | ---- | C] () -- C:\Users\user\Desktop\End of the world.mp3
[2012/02/01 00:41:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/01 00:41:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/01 00:41:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/01 00:41:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/01 00:41:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/30 20:48:56 | 000,000,512 | ---- | C] () -- C:\Users\user\Desktop\MBR.dat
[2012/01/29 18:18:48 | 000,002,971 | ---- | C] () -- C:\Users\user\Desktop\HiJackThis.lnk
[2012/01/29 18:00:24 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/29 11:24:00 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/28 16:26:52 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/12/24 15:03:11 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/12/14 17:16:45 | 000,156,160 | ---- | C] () -- C:\Windows\SysWow64\WS_ContextMenu.dll
[2011/11/09 17:40:50 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/05/20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/01/13 05:38:05 | 000,000,066 | ---- | C] () -- C:\Windows\Easy MOV Converter.INI
[2011/01/07 00:20:55 | 000,000,593 | ---- | C] () -- C:\Users\user\AppData\Roaming\ClipExtractor-YouTube-Clip-ExtractorFlvConverterDefaultSettings.xml
[2010/10/20 16:30:48 | 000,000,132 | ---- | C] () -- C:\Users\user\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/06/19 03:25:25 | 000,000,092 | ---- | C] () -- C:\Users\user\AppData\Local\fusioncache.dat
[2010/06/19 03:07:28 | 000,743,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/11 17:04:32 | 000,000,132 | ---- | C] () -- C:\Users\user\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/04/29 15:16:28 | 000,215,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/04/29 15:16:26 | 002,427,248 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_heroes.exe
[2010/04/29 15:16:26 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/02/17 22:39:19 | 000,007,605 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2010/01/29 12:04:16 | 000,087,040 | ---- | C] () -- C:\Windows\UnGins.exe
[2010/01/14 18:17:53 | 000,003,584 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/05 12:50:20 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\D9E9DCBFD8.sys
[2010/01/05 12:50:18 | 000,000,900 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/12/30 01:20:17 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/12/27 19:38:07 | 000,095,151 | ---- | C] () -- C:\Windows\SysWow64\wbers.dat.dmp
[2009/12/25 16:03:27 | 000,001,682 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/12/25 16:03:27 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5B5DB5DF3E.sys
[2009/12/11 01:40:16 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\nbzlib.dll
[2009/12/11 01:40:16 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\NBAsm.dll
[2009/12/03 19:14:38 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2009/08/23 10:06:44 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/08/23 09:43:46 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/03/18 08:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2005/08/30 00:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2005/08/30 00:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2005/08/30 00:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
[2001/06/21 13:13:48 | 000,081,332 | ---- | C] () -- C:\Windows\SysWow64\bass.dll

========== Files - Unicode (All) ==========
[2012/01/29 11:00:04 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG????VX Ace ???) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPGツクールVX Ace 体験版
[2010/08/18 21:49:12 | 000,000,000 | ---D | M](C:\Users\user\Documents\?? ???) -- C:\Users\user\Documents\넥슨 플러그
[2010/08/18 21:49:12 | 000,000,000 | ---D | C](C:\Users\user\Documents\?? ???) -- C:\Users\user\Documents\넥슨 플러그

< End of report >
 
#23 ·
Do you know what these are? If so, that's fine, I'll leave them alone :)

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG????VX Ace ???) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPGツクールVX Ace 体験版
C:\Users\user\Documents\넥슨 플러그
C:\Users\user\Documents\넥슨 플러그

Apart from that, its looking good so can you run this tool for me now :)

Download OTS to your Desktop and double-click on it to run it
  • Make sure you close all other programs and don't use the PC while the scan runs.
  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top