Redirect My Redirect Bug

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Redirect My Redirect Bug Have redirect virus and fake security warnings

#1 Cornetto

Member

Group: Members
Posts: 25
Joined: 18-June 11

Posted 03 August 2011 - 11:00 PM

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by KGH at 22:34:51 on 2011-08-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3949.2680 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\geswall\gswserv.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
F:\A LAUNCHER\Internet and Email\uTorrent\PSI\PSIA.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
F:\A LAUNCHER\Internet and Email\uTorrent\PSI\sua.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\ASUS Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\ASCOMP Software\BackUp Maker\bkmaker.exe
C:\Users\KGH\Documents\Documents\My EverNote Files\Program Files\UniClipper.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\PicPick\picpick.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\system32\SearchIndexer.exe
F:\A LAUNCHER\Internet and Email\uTorrent\PSI\psi_tray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\PROGRA~2\FREEDO~1\fdm.exe
C:\Program Files (x86)\zabkat\xplorer2_lite\xplorer2_lite.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearch.exe
C:\PROGRA~2\COPERN~1\DESKTO~3.EXE
C:\Users\KGH\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
C:\Users\KGH\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://http://www.ask.com?o=15784&l=dis
uDefault_Page_URL = hxxp://asus.msn.com
uInternet Settings,ProxyServer = 0.0.0.0:80
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe,C:\Program Files (x86)\geswall\gswui.exe,
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - C:\Users\KGH\AppData\Roaming\Complitly\AutocompletePro.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: Copernic Desktop Search - Home Toolbar: {4a1c6093-14f9-44d7-860e-5d265cfca9d9} - C:\Program Files (x86)\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000325.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Copernic Desktop Search - Home Toolbar: {4a1c6093-14f9-44d7-860e-5d265cfca9d9} - C:\Program Files (x86)\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000325.dll
EB: Copernic Desktop Search - Home: {9c3fca1f-99e3-48f2-a7f4-dd3931b2f99a} - C:\Program Files (x86)\Copernic Desktop Search - Home\DeskbandIntegration304000026.dll
uRun: [UniClipper] "C:\Users\KGH\Documents\Documents\My EverNote Files\Program Files\UniClipper.exe"
uRun: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
uRun: [Google Update] "C:\Users\KGH\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [IpSharkk] "C:\Program Files\IpSharkk\IpSharkk.exe" /auto
uRun: [TorrentEasy_2c35212376e63764a543f9f1d0984690f778e0a6] "C:\Users\KGH\Desktop\TorrentEasy-padi-enriched-air-diving-dvd-2006.exe"
uRun: [Copernic Desktop Search - Home] "C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray
uRun: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [RockMelt Update] "C:\Users\KGH\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Antiphishing Domain Advisor] "C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\KGH\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\KGH\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - F:\A LAUNCHER\Internet and Email\uTorrent\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Download all with Free Download Manager - file://C:\ProgramFiles (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://C:\ProgramFiles (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\ProgramFiles (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\ProgramFiles (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: LastPass - file://C:\ProgramFiles (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\ProgramFiles (x86)\LastPass\context.html?cmd=fillforms
IE: {4713C0DC-8162-411D-B5BC-CB7D24E17770} - C:\Program Files (x86)\Video Ads Blocker\addblocker.exe
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 172.16.1.254
TCP: Interfaces\{6BFF321F-441D-4B1C-9B96-01E81499D1C4} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{6BFF321F-441D-4B1C-9B96-01E81499D1C4} : DhcpNameServer = 172.16.1.254
TCP: Interfaces\{6BFF321F-441D-4B1C-9B96-01E81499D1C4}\3505C4F5A43575F5055524 : DhcpNameServer = 10.191.224.2 10.191.239.1
TCP: Interfaces\{6BFF321F-441D-4B1C-9B96-01E81499D1C4}\4454E4F59405143535 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{6BFF321F-441D-4B1C-9B96-01E81499D1C4}\4454E4F59405143535 : DhcpNameServer = 172.19.255.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Users\KGH\AppData\Local\Microsoft\Windows Sidebar\Gadgets\SkypeGadget1.3.gadget\wrapper\Skype4COM.dll
SEH: GeSWall Shell Extension: {f6acc71c-420b-4a95-905c-c7534706813c} - C:\Program Files (x86)\geswall\gswshext.dll
BHO-X64: AC-Pro: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\KGH\AppData\Roaming\Complitly\AutocompletePro.dll
BHO-X64: AC-Pro - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB-X64: Copernic Desktop Search - Home Toolbar: {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files (x86)\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000325.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No File
EB-X64: {9C3FCA1F-99E3-48F2-A7F4-DD3931B2F99A} - No File
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Antiphishing Domain Advisor] "C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {4713C0DC-8162-411D-B5BC-CB7D24E17770} - C:\Program Files (x86)\Video Ads Blocker\addblocker.exe
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: GeSWall Shell Extension: {F6ACC71C-420B-4a95-905C-C7534706813C} - C:\Program Files (x86)\geswall\gswshext.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://http://www.google.ca/
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: C:\Program Files (x86)\Copernic Desktop Search - Home\Firefox36Connector\components\CSPXPCOMBridge.dll
FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Users\KGH\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Users\KGH\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
FF - plugin: C:\Users\KGH\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\KGH\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Gish It!: gish-it.ffext@gishpuppy - %profile%\extensions\gish-it.ffext@gishpuppy
FF - Ext: LastPass:support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Split Browser: {29c4afe1-db19-4298-8785-fcc94d1d6c1d} - %profile%\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
FF - Ext: Stop Autoplay: {2e61e246-e640-4c56-b1ed-f146dbed48cd} - %profile%\extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}
FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Ext: Empty Cache Button: {4cc4a13b-94a6-7568-370d-5f9de54a9c7f} - %profile%\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
FF - Ext: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - %profile%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - %profile%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: AVG Security Toolbar em:version=7.005.030.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com>: avg@igeared - C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF - Ext: CopernicDesktop Search - Home Connector: {E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0} - C:\Program Files (x86)\Copernic Desktop Search - Home\Firefox36Connector
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys --> C:\Windows\system32\DRIVERS\hotcore3.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 gswserv;GeSWall service;C:\Program Files (x86)\geswall\gswserv.exe [2010-12-6 970752]
R2 Secunia PSI Agent;Secunia PSI Agent;F:\A LAUNCHER\Internet and Email\uTorrent\PSI\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;F:\A LAUNCHER\Internet and Email\uTorrent\PSI\sua.exe [2011-1-10 399416]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-4-11 2314240]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
R3 bbcap;bb_capture_driver;C:\Windows\system32\DRIVERS\bbcap.sys --> C:\Windows\system32\DRIVERS\bbcap.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-1-12 147048]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-11 135664]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
S3 AthDfu;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-17 1025352]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-4-6 14216]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-4-6 8456]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-11 135664]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-08-03 23:44:32 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4683678F-BFA8-4FBE-B38A-CCE22743EF52}\mpengine.dll
2011-08-02 08:00:58 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-08-02 08:00:41 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-19 22:01:59 -------- d-----w- C:\Users\KGH\AppData\Local\RockMelt
2011-07-19 21:32:01 -------- d-----w- C:\Program Files\CCleaner
2011-07-13 01:53:56 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2011-07-13 01:53:56 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2011-07-13 01:53:54 3137536 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2011-07-14 08:54:59 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2011-07-07 00:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-07 00:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-30 04:49:02 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-21 03:20:14 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-06-16 06:19:58 121681 ----a-w- C:\Windows\File Renamer - Basic Uninstaller.exe
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-16 07:52:37 5632 ----a-w- C:\Windows\System32\bbchlp.dll
2011-05-16 07:52:37 4608 ----a-w- C:\Windows\System32\drivers\bbcap.sys
2011-05-16 07:52:37 37376 ----a-w- C:\Windows\System32\bbcap.dll
2011-05-14 07:25:06 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-05-14 07:25:06 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-05-14 07:25:06 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-05-14 07:24:33 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-05-14 07:22:25 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-05-14 07:16:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-05-14 06:28:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-05-14 06:24:36 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-05-14 06:24:08 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-05-14 06:22:24 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-05-14 04:20:05 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-05-14 04:20:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 22:35:33.10 ===============

#2 Elise

Bleepin' Blonde

Group: Malware Study Hall Admin
Posts: 38,999
Joined: 05-October 07
Gender:Female
Location:Romania

Posted 10 August 2011 - 04:27 AM

Hello ,
And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
A detailed description of your problems
A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton

Follow BleepingComputer on: Facebook | Twitter | Google+

#3 Cornetto

Member

Group: Members
Posts: 25
Joined: 18-June 11

Posted 11 August 2011 - 11:58 PM

Hello Elise, :thumbsup:

Thank you very much for taking my problem. Your help is greatly appreciated.

Here are the materials you requested.

Problems: Note: This problem began while working on a post involving my PC called "XP ANTIVIRUS 2011 Trojan.Qhost.lxe I can't remove this stuff" http://www.bleepingcomputer.com/forums/index.php?app=members&module=messaging&section=view&do=showConversation&topicID=119790

1.My laptop has started to redirect my searches. Unlike the problem I had with my PC, the screen never actually says "redirect". The rogue page just shows up.

2. There was a one-time flash of the "you are infected with *ware click here, vibrating message." It looked like a Microsoft Essentials message. I didn't click anything and it seems to have gone away.

3. I cannot log into Bleeping Computer on the laptop. It just hangs.

4. Just now I tried to use Evernote to write this summary. Pressing the Evernote icon yielded a large black square with Windows Security on a very narrow red frame. http://www.bleepingcomputer.com/forums/public/style_emoticons/default/wacko.gif

5. I tried opening Evernote another way and got a hopeless mess.

6. I have tried nothing else to see if anything else is going on .

7. I just ran this fresh dds.

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by KGH at 17:06:51 on 2011-08-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3949.2930 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files (x86)\geswall\gswserv.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
F:\A LAUNCHER\Internet and Email\uTorrent\PSI\PSIA.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
F:\A LAUNCHER\Internet and Email\uTorrent\PSI\sua.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASCOMP Software\BackUp Maker\bkmaker.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\ASUS Bluetooth Suite\BtvStack.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files (x86)\PicPick\picpick.exe
C:\Users\KGH\Documents\Documents\My EverNote Files\Program Files\UniClipper.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
F:\A LAUNCHER\Internet and Email\uTorrent\PSI\psi_tray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\KGH\Documents\Documents\My EverNote Files\Program Files\EverNote.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com?o=15784&l=dis
uInternet Settings,ProxyServer = 0.0.0.0:80
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - C:\Users\KGH\AppData\Roaming\Complitly\AutocompletePro.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: Copernic Desktop Search - Home Toolbar: {4a1c6093-14f9-44d7-860e-5d265cfca9d9} - C:\Program Files (x86)\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000325.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe
uRun: [UniClipper] "C:\Users\KGH\Documents\Documents\My EverNote Files\Program Files\UniClipper.exe"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Antiphishing Domain Advisor] "C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - F:\A LAUNCHER\Internet and Email\uTorrent\PSI\psi_tray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {4713C0DC-8162-411D-B5BC-CB7D24E17770} - C:\Program Files (x86)\Video Ads Blocker\addblocker.exe
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 172.16.1.254
TCP: Interfaces\{6BFF321F-441D-4B1C-9B96-01E81499D1C4} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{6BFF321F-441D-4B1C-9B96-01E81499D1C4} : DhcpNameServer = 172.16.1.254
TCP: Interfaces\{6BFF321F-441D-4B1C-9B96-01E81499D1C4}\3505C4F5A43575F5055524 : DhcpNameServer = 10.191.224.2 10.191.239.1
TCP: Interfaces\{6BFF321F-441D-4B1C-9B96-01E81499D1C4}\4454E4F59405143535 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{6BFF321F-441D-4B1C-9B96-01E81499D1C4}\4454E4F59405143535 : DhcpNameServer = 172.19.255.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Users\KGH\AppData\Local\Microsoft\Windows Sidebar\Gadgets\SkypeGadget1.3.gadget\wrapper\Skype4COM.dll
SEH: GeSWall Shell Extension: {f6acc71c-420b-4a95-905c-c7534706813c} - C:\Program Files (x86)\geswall\gswshext.dll
BHO-X64: AC-Pro: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\KGH\AppData\Roaming\Complitly\AutocompletePro.dll
BHO-X64: AC-Pro - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB-X64: Copernic Desktop Search - Home Toolbar: {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files (x86)\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000325.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Antiphishing Domain Advisor] "C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe"
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
IE-X64: {4713C0DC-8162-411D-B5BC-CB7D24E17770} - C:\Program Files (x86)\Video Ads Blocker\addblocker.exe
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: GeSWall Shell Extension: {F6ACC71C-420B-4a95-905C-C7534706813C} - C:\Program Files (x86)\geswall\gswshext.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Users\KGH\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Users\KGH\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
FF - plugin: C:\Users\KGH\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\KGH\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Split Browser: {29c4afe1-db19-4298-8785-fcc94d1d6c1d} - %profile%\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
FF - Ext: Stop Autoplay: {2e61e246-e640-4c56-b1ed-f146dbed48cd} - %profile%\extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Complitly - Speed up your search with your personal search suggestions tool: {33e0daa6-3af3-d8b5-6752-10e949c61516} - %profile%\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys --> C:\Windows\system32\DRIVERS\hotcore3.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 gswserv;GeSWall service;C:\Program Files (x86)\geswall\gswserv.exe [2010-12-6 970752]
R2 Secunia PSI Agent;Secunia PSI Agent;F:\A LAUNCHER\Internet and Email\uTorrent\PSI\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;F:\A LAUNCHER\Internet and Email\uTorrent\PSI\sua.exe [2011-1-10 399416]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-4-11 2314240]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
R3 bbcap;bb_capture_driver;C:\Windows\system32\DRIVERS\bbcap.sys --> C:\Windows\system32\DRIVERS\bbcap.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-1-12 147048]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-11 135664]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
S3 AthDfu;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-17 1025352]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-4-6 14216]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-4-6 8456]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-11 135664]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-08-11 22:48:01 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3A92CE7D-1E74-4252-9208-80B3A623FC1D}\mpengine.dll
2011-08-10 19:29:20 -------- d-----w- C:\Program Files (x86)\CodeStuff
2011-08-10 19:11:42 -------- d--h--w- C:\ASUS.DAT
2011-08-10 08:44:05 -------- d-sh--w- C:\$RECYCLE.BIN
2011-08-10 08:01:17 98816 ----a-w- C:\Windows\sed.exe
2011-08-10 08:01:17 518144 ----a-w- C:\Windows\SWREG.exe
2011-08-10 08:01:17 256000 ----a-w- C:\Windows\PEV.exe
2011-08-10 08:01:17 208896 ----a-w- C:\Windows\MBR.exe
2011-08-10 08:00:42 -------- d-----w- C:\ComboFix
2011-08-10 07:36:57 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-08-02 08:00:58 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-08-02 08:00:41 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-19 22:01:59 -------- d-----w- C:\Users\KGH\AppData\Local\RockMelt
2011-07-19 21:32:01 -------- d-----w- C:\Program Files\CCleaner
2011-07-13 01:53:56 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2011-07-13 01:53:56 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2011-07-13 01:53:54 3137536 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2011-08-11 22:47:10 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:54:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-07 00:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-07 00:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-30 04:49:02 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:20:53 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-06-21 05:28:33 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-06-21 03:20:14 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-06-16 06:19:58 121681 ----a-w- C:\Windows\File Renamer - Basic Uninstaller.exe
2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-16 07:52:37 5632 ----a-w- C:\Windows\System32\bbchlp.dll
2011-05-16 07:52:37 4608 ----a-w- C:\Windows\System32\drivers\bbcap.sys
2011-05-16 07:52:37 37376 ----a-w- C:\Windows\System32\bbcap.dll
.
============= FINISH: 17:07:07.26 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 04/08/2010 10:49:39 PM
System Uptime: 11/08/2011 4:25:01 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K72Jk
Processor: Intel® Core™ i5 CPU M 430 @ 2.27GHz | Socket 989 | 2267/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 54.08 GiB free.
D: is FIXED (NTFS) - 333 GiB total, 208.747 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASKUTIL
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer:
Name: SASKUTIL
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service: SASKUTIL
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASDIFSV
Device ID: ROOT\LEGACY_SASDIFSV\0000
Manufacturer:
Name: SASDIFSV
PNP Device ID: ROOT\LEGACY_SASDIFSV\0000
Service: SASDIFSV
.
==== System Restore Points ===================
.
RP198: 18/07/2011 2:18:18 AM - Windows Update
RP199: 21/07/2011 3:24:13 AM - Windows Update
RP200: 01/08/2011 6:40:44 PM - Windows Update
RP201: 02/08/2011 2:00:10 AM - Windows Update
RP202: 09/08/2011 4:13:58 AM - Windows Update
RP203: 10/08/2011 2:00:12 AM - Windows Update
RP204: 10/08/2011 2:20:33 PM - Windows Update
RP205: 11/08/2011 4:21:42 PM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Alcor Micro USB Card Reader
Antiphishing Domain Advisor
Apple Application Support
Apple Software Update
ASUS AI Recovery
ASUS AP Bank
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WebStorage
ATK Package
µTorrent
Audacity 1.2.6
Auslogics Disk Defrag
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
BackUp Maker v6.2
BB FlashBack Express
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CleanMem
CodeStuff Starter
Complitly
ControlDeck
Copernic Desktop Search - Home
CyberLink LabelPrint
CyberLink Power2Go
Dexpot
Dropbox
DVD Shrink 3.2
DVDFab 8.0.9.2 (12/05/2011) Qt
EASEUS Partition Master 8.0.1 Home Edition
Empty Temp Folders 2.8.3
Evernote v. 4.1
File Renamer - Basic
FormatFactory 2.60
Free Disk Analyzer
Free Download Manager 3.0
Free YouTube Downloader 3.2.77
GeSWall 2.9.1 Freeware
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
IcoFX 1.6.4
IDT Audio
Intel® Management Engine Components
Intel® Turbo Boost Technology Driver
IrfanView (remove only)
iWisoft Free Video Converter 1.2
IZArc 4.1.2
Java Auto Updater
Java™ 6 Update 26
K-Meleon 1.5.4 en-US (remove only)
K_Series_ScreenSaver_EN
LastPass (uninstall only)
LightBox Free Image Editor
Malwarebytes' Anti-Malware version 1.51.1.1800
Maxthon Browser (remove only)
Media Player Classic - Home Cinema v1.5.1.2903
Media Player Codec Pack 4.0.0
MFC RunTime files
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Miro Video Converter
Mozilla Firefox (3.6.18)
MSXML 4.0 SP3 Parser (KB973685)
OpenOffice.org 3.3
Opera 11.50
Panda USB Vaccine 1.0.1.4
Paragon Backup & Recovery™ 2010 Free Advanced
PicPick
QuickTime
RockMelt
Safari
Secunia PSI (2.0.0.3001)
SIW version 2010.07.14
Skype™ 5.3
SRWare Iron 11.0.700.3
The KMPlayer (remove only)
The Off By One Web Browser
Video Ads Blocker 2.0 (remove only)
Visual Studio 2008 x64 Redistributables
Windows Live Sync
WinFlash
Wireless Console 3
xplorer² lite 32 bit
XYplorer 9.80
YouTube Downloader 2.6.5
.
==== Event Viewer Messages From Past Week ========
.
11/08/2011 4:26:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 GeSWall SASDIFSV SASKUTIL
11/08/2011 4:26:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Secunia Update Agent service to connect.
11/08/2011 4:26:48 PM, Error: Service Control Manager [7000] - The Secunia Update Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/08/2011 3:24:57 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/08/2011 3:24:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/08/2011 3:24:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/08/2011 3:24:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/08/2011 3:24:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/08/2011 3:24:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/08/2011 3:24:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/08/2011 3:24:08 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgtdia DfsC discache GeSWall MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx UimBus Uim_IM vwififlt Wanarpv6 WfpLwf
10/08/2011 3:24:07 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/08/2011 3:24:07 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/08/2011 3:24:07 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/08/2011 3:24:07 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/08/2011 3:24:07 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/08/2011 3:24:07 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/08/2011 3:24:07 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/08/2011 3:24:07 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/08/2011 3:24:07 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/08/2011 3:24:07 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/08/2011 3:24:07 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/08/2011 3:22:47 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
10/08/2011 3:22:46 AM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781.
10/08/2011 3:22:46 AM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x8007045B.
10/08/2011 2:08:39 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/08/2011 2:08:09 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/08/2011 2:01:52 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
10/08/2011 12:59:21 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80004004: Update Rollup for ActiveX Killbits for Windows 7 for x64-based Systems (KB2562937).
10/08/2011 12:59:21 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80004004: Security Update for Windows 7 for x64-based Systems (KB2567680).
10/08/2011 12:59:21 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80004004: Security Update for Windows 7 for x64-based Systems (KB2563894).
10/08/2011 12:59:21 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80004004: Security Update for Windows 7 for x64-based Systems (KB2560656).
10/08/2011 12:59:21 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80004004: Security Update for Windows 7 for x64-based Systems (KB2556532).
10/08/2011 12:59:21 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80004004: Security Update for Windows 7 for x64-based Systems (KB2536276).
10/08/2011 12:59:21 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80004004: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2539635).
10/08/2011 12:59:21 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80004004: Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2559049).
.
==== End Of File ===========================

Thanks

#4 Elise

Bleepin' Blonde

Group: Malware Study Hall Admin
Posts: 38,999
Joined: 05-October 07
Gender:Female
Location:Romania

Posted 12 August 2011 - 04:52 AM

I see you have also run combofix. Please post me the log you'll find at c:\combofix.txt

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton

Follow BleepingComputer on: Facebook | Twitter | Google+

#5 Cornetto

Member

Group: Members
Posts: 25
Joined: 18-June 11

Posted 13 August 2011 - 03:26 AM

Hi Elise,
Thanks for your welcome response. http://www.bleepingcomputer.com/forums/public/style_emoticons/default/thumbup2.gif

Here are the two logs from Combofix and TDSS Killer

TDSS Killer said there were no infections.

ComboFix 11-08-09.03 - KGH 10/08/2011 3:02.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3949.2520 [GMT -5:00]
Running from: c:\users\KGH\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Amazon.ico
c:\programdata\FullRemove.exe
c:\programdata\MercadoLivre.ico
c:\programdata\QuickStores.ico
c:\users\KGH\AppData\Roaming\EurekaLog
c:\users\KGH\AppData\Roaming\EurekaLog\EurekaLog.ini
c:\users\KGH\AppData\Roaming\Microsoft\Windows\Recent\Online Link ScanOnline Link Scan.URL
c:\users\KGH\AppData\Roaming\Microsoft\Windows\Recent\Scan for Outdated Drivers.URL
c:\users\KGH\AppData\Roaming\Microsoft\Windows\Recent\VirusTotal - Free Online Virus, Malware and URL Scanner.URL
c:\windows\TEMP\MPENGINE.DLL
.
.
((((((((((((((((((((((((( Files Created from 2011-07-10 to 2011-08-10 )))))))))))))))))))))))))))))))
.
.
2011-08-10 08:08 . 2011-08-10 08:08 -------- d-----w- c:\users\Wee Bro\AppData\Local\temp
2011-08-09 10:14 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED342E42-A37B-4AD7-B403-A2964CCA759B}\mpengine.dll
2011-08-02 08:00 . 2011-08-02 08:00 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-08-02 08:00 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-19 22:01 . 2011-08-02 00:23 -------- d-----w- c:\users\KGH\AppData\Local\RockMelt
2011-07-19 21:32 . 2011-07-19 21:32 -------- d-----w- c:\program files\CCleaner
2011-07-13 01:53 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 01:53 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 01:53 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-14 08:54 . 2010-10-16 00:38 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-07-13 04:53 . 2010-12-06 17:54 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-07 00:52 . 2011-01-10 11:32 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2011-01-10 11:32 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 04:49 . 2011-06-21 03:22 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-21 03:20 . 2010-12-29 07:13 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-06-16 06:19 . 2011-06-16 06:19 121681 ----a-w- c:\windows\File Renamer - Basic Uninstaller.exe
2011-05-28 03:30 . 2011-06-16 05:35 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 02:53 . 2011-06-16 05:35 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-24 11:42 . 2011-06-29 03:51 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 03:51 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 03:51 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 03:51 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 03:51 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-16 07:52 . 2011-05-16 07:52 5632 ----a-w- c:\windows\system32\bbchlp.dll
2011-05-16 07:52 . 2011-05-16 07:52 37376 ----a-w- c:\windows\system32\bbcap.dll
2011-05-16 07:52 . 2011-05-16 07:52 4608 ----a-w- c:\windows\system32\drivers\bbcap.sys
2011-05-14 06:24 . 2011-07-13 01:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-05-30 16:33 2495816 ----a-w- c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\KGH\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\KGH\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\KGH\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GeSWall]
@="{F6ACC71C-420B-4a95-905C-C7534706813C}"
[HKEY_CLASSES_ROOT\CLSID\{F6ACC71C-420B-4a95-905C-C7534706813C}]
2010-12-07 19:36 737280 ----a-w- c:\program files (x86)\geswall\gswshext.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UniClipper"="c:\users\KGH\Documents\Documents\My EverNote Files\Program Files\UniClipper.exe" [2007-12-11 1078208]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-01-12 592616]
"Copernic Desktop Search - Home"="c:\program files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe" [2010-09-07 1611736]
"PicPick Start"="c:\program files (x86)\PicPick\picpick.exe" [2011-06-29 10821120]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"RockMelt Update"="c:\users\KGH\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2011-07-19 136336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Antiphishing Domain Advisor"="c:\programdata\Antiphishing Domain Advisor\vmn3_5dn.exe" [2010-11-12 221144]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-03-22 734544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
c:\users\KGH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\KGH\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2011-1-17 293950]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-4-11 12862]
Secunia PSI Tray.lnk - f:\a launcher\Internet and Email\uTorrent\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F6ACC71C-420B-4a95-905C-C7534706813C}"= "c:\program files (x86)\geswall\gswshext.dll" [2010-12-07 737280]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 GeSWall;GeSWall; [x]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
R1 SASDIFSV;SASDIFSV;c:\users\KGH\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\KGH\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-11 135664]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 AthDfu;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-05-30 1025352]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-11 135664]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 gswserv;GeSWall service;c:\program files (x86)\geswall\gswserv.exe [2010-12-06 970752]
S2 Secunia PSI Agent;Secunia PSI Agent;f:\a launcher\Internet and Email\uTorrent\PSI\PSIA.exe [2011-01-10 993848]
S2 Secunia Update Agent;Secunia Update Agent;f:\a launcher\Internet and Email\uTorrent\PSI\sua.exe [2011-01-10 399416]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
S3 bbcap;bb_capture_driver;c:\windows\system32\DRIVERS\bbcap.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPFILTER
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-11 06:01]
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-11 06:01]
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4007560823-3881553181-3471522080-1001Core.job
- c:\users\KGH\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-21 20:07]
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4007560823-3881553181-3471522080-1001UA.job
- c:\users\KGH\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-21 20:07]
.
2011-08-10 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4007560823-3881553181-3471522080-1001Core.job
- c:\users\KGH\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-07-19 22:01]
.
2011-08-10 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4007560823-3881553181-3471522080-1001UA.job
- c:\users\KGH\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-07-19 22:01]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\KGH\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\KGH\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\KGH\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\KGH\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-11-27 487424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"AtherosBtStack"="c:\program files (x86)\ASUS Bluetooth Suite\BtvStack.exe" [2009-10-28 388608]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-05 980368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15784&l=dis
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 0.0.0.0:80
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
IE: {{4713C0DC-8162-411D-B5BC-CB7D24E17770} - c:\program files (x86)\Video Ads Blocker\addblocker.exe
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 172.16.1.254
TCP: Interfaces\{6BFF321F-441D-4B1C-9B96-01E81499D1C4}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{6BFF321F-441D-4B1C-9B96-01E81499D1C4}\4454E4F59405143535: NameServer = 208.67.222.222,208.67.220.220
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Gish It!: gish-it.ffext@gishpuppy - %profile%\extensions\gish-it.ffext@gishpuppy
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Split Browser: {29c4afe1-db19-4298-8785-fcc94d1d6c1d} - %profile%\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
FF - Ext: Stop Autoplay: {2e61e246-e640-4c56-b1ed-f146dbed48cd} - %profile%\extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}
FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Ext: Empty Cache Button: {4cc4a13b-94a6-7568-370d-5f9de54a9c7f} - %profile%\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
FF - Ext: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - %profile%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - %profile%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: AVG Security Toolbar em:version=7.005.030.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files (x86)\AVG\AVG10\Firefox4
FF - Ext: CopernicDesktop Search - Home Connector: {E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0} - c:\program files (x86)\Copernic Desktop Search - Home\Firefox36Connector
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RegistryBooster - c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe
Wow6432Node-HKCU-Run-IpSharkk - c:\program files\IpSharkk\IpSharkk.exe
Wow6432Node-HKCU-Run-TorrentEasy_2c35212376e63764a543f9f1d0984690f778e0a6 - c:\users\KGH\Desktop\TorrentEasy-padi-enriched-air-diving-dvd-2006.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files (x86)\YouTube Downloader\uninstall.exe
AddRemove-{AB67580-257C-45FF-B8F4-C8C30682091A}_is1 - f:\a launcher\Cleanup and Tuning\SIW\unins000.exe
AddRemove-{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1 - f:\new folder (2)\Auslogics Disk Defrag\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-10 03:11:23
ComboFix-quarantined-files.txt 2011-08-10 08:11
.
Pre-Run: 59,310,612,480 bytes free
Post-Run: 58,689,228,800 bytes free
.
- - End Of File - - 6F5E65FF37A08157A52E5D9F283FDCC1

2011/08/12 22:45:53.0810 4392 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/12 22:45:53.0826 4392 ================================================================================
2011/08/12 22:45:53.0826 4392 SystemInfo:
2011/08/12 22:45:53.0826 4392
2011/08/12 22:45:53.0826 4392 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/12 22:45:53.0826 4392 Product type: Workstation
2011/08/12 22:45:53.0826 4392 ComputerName: WALKABOUT
2011/08/12 22:45:53.0826 4392 UserName: KGH
2011/08/12 22:45:53.0826 4392 Windows directory: C:\Windows
2011/08/12 22:45:53.0826 4392 System windows directory: C:\Windows
2011/08/12 22:45:53.0826 4392 Running under WOW64
2011/08/12 22:45:53.0826 4392 Processor architecture: Intel x64
2011/08/12 22:45:53.0826 4392 Number of processors: 4
2011/08/12 22:45:53.0826 4392 Page size: 0x1000
2011/08/12 22:45:53.0826 4392 Boot type: Normal boot
2011/08/12 22:45:53.0826 4392 ================================================================================
2011/08/12 22:45:54.0419 4392 Initialize success
2011/08/12 22:46:08.0147 3760 ================================================================================
2011/08/12 22:46:08.0147 3760 Scan started
2011/08/12 22:46:08.0147 3760 Mode: Manual;
2011/08/12 22:46:08.0147 3760 ================================================================================
2011/08/12 22:46:08.0381 3760 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/08/12 22:46:08.0521 3760 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/08/12 22:46:08.0599 3760 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/08/12 22:46:08.0708 3760 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/12 22:46:08.0833 3760 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/12 22:46:08.0880 3760 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/12 22:46:09.0051 3760 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/08/12 22:46:09.0114 3760 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/08/12 22:46:09.0239 3760 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/08/12 22:46:09.0317 3760 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/08/12 22:46:09.0426 3760 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/12 22:46:09.0613 3760 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys
2011/08/12 22:46:09.0831 3760 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/08/12 22:46:09.0863 3760 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/12 22:46:10.0019 3760 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
2011/08/12 22:46:10.0081 3760 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/12 22:46:10.0206 3760 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
2011/08/12 22:46:10.0268 3760 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
2011/08/12 22:46:10.0393 3760 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/08/12 22:46:10.0487 3760 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/12 22:46:10.0611 3760 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/12 22:46:10.0705 3760 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
2011/08/12 22:46:10.0830 3760 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/12 22:46:10.0892 3760 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/08/12 22:46:11.0001 3760 AthBTPort (c647c19b70b4717106f6b59e80d6f38f) C:\Windows\system32\DRIVERS\btath_flt.sys
2011/08/12 22:46:11.0064 3760 AthDfu (17d367ae1ad05852303a8bdfab5d028b) C:\Windows\system32\Drivers\AthDfu.sys
2011/08/12 22:46:11.0220 3760 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
2011/08/12 22:46:11.0360 3760 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
2011/08/12 22:46:11.0532 3760 atikmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/12 22:46:11.0828 3760 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/08/12 22:46:11.0906 3760 Avgldx64 (91be0147bc27059aba6d0a478adeb1ee) C:\Windows\system32\DRIVERS\avgldx64.sys
2011/08/12 22:46:12.0062 3760 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
2011/08/12 22:46:12.0156 3760 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/12 22:46:12.0281 3760 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/12 22:46:12.0452 3760 bbcap (849ea7a204f9f77e7b2adb8699f7bfc8) C:\Windows\system32\DRIVERS\bbcap.sys
2011/08/12 22:46:12.0515 3760 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/12 22:46:12.0671 3760 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/12 22:46:12.0733 3760 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/12 22:46:12.0858 3760 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/12 22:46:12.0873 3760 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/12 22:46:13.0029 3760 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\Windows\system32\DRIVERS\BrSerIb.sys
2011/08/12 22:46:13.0092 3760 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/12 22:46:13.0217 3760 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/12 22:46:13.0248 3760 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/12 22:46:13.0388 3760 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/12 22:46:13.0435 3760 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
2011/08/12 22:46:13.0575 3760 BTATH_A2DP (f5b0c8426147f8455a58470753355a86) C:\Windows\system32\drivers\btath_a2dp.sys
2011/08/12 22:46:13.0622 3760 BTATH_BUS (613a1fd0db78f8df45fc0091868f1032) C:\Windows\system32\DRIVERS\btath_bus.sys
2011/08/12 22:46:13.0747 3760 BTATH_HCRP (30c1769f1dbf567a2f31492e819cbdc2) C:\Windows\system32\DRIVERS\btath_hcrp.sys
2011/08/12 22:46:13.0794 3760 BTATH_RCP (6b476536c991f953ded4b92cc505b3a8) C:\Windows\system32\DRIVERS\btath_rcp.sys
2011/08/12 22:46:13.0934 3760 BtFilter (e808a9b7dbd8db51d6a02beba677ae88) C:\Windows\system32\DRIVERS\btfilter.sys
2011/08/12 22:46:14.0044 3760 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
2011/08/12 22:46:14.0137 3760 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/12 22:46:14.0215 3760 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/08/12 22:46:14.0324 3760 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
2011/08/12 22:46:14.0465 3760 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
2011/08/12 22:46:14.0574 3760 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/12 22:46:14.0668 3760 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/08/12 22:46:14.0777 3760 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/12 22:46:14.0855 3760 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/12 22:46:14.0948 3760 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/12 22:46:14.0995 3760 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/08/12 22:46:15.0104 3760 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/08/12 22:46:15.0245 3760 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/12 22:46:15.0385 3760 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/12 22:46:15.0463 3760 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/12 22:46:15.0635 3760 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/08/12 22:46:15.0775 3760 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/12 22:46:15.0947 3760 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/12 22:46:16.0103 3760 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/12 22:46:16.0165 3760 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/12 22:46:16.0352 3760 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/12 22:46:16.0571 3760 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/12 22:46:16.0711 3760 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
2011/08/12 22:46:16.0758 3760 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/08/12 22:46:16.0898 3760 ETD (06c94be9d9e1e6411429433a64a76936) C:\Windows\system32\DRIVERS\ETD.sys
2011/08/12 22:46:17.0054 3760 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
2011/08/12 22:46:17.0148 3760 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/12 22:46:17.0273 3760 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/12 22:46:17.0304 3760 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/12 22:46:17.0429 3760 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/12 22:46:17.0460 3760 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/12 22:46:17.0491 3760 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/12 22:46:17.0600 3760 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/08/12 22:46:17.0663 3760 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/12 22:46:17.0788 3760 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/12 22:46:17.0834 3760 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/12 22:46:17.0975 3760 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/12 22:46:18.0162 3760 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/12 22:46:18.0193 3760 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/08/12 22:46:18.0334 3760 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/12 22:46:18.0396 3760 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/08/12 22:46:18.0521 3760 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/12 22:46:18.0536 3760 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/12 22:46:18.0614 3760 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/12 22:46:18.0708 3760 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/12 22:46:18.0880 3760 hotcore3 (8df34474b0789edf5007db8cbcbf9c18) C:\Windows\system32\DRIVERS\hotcore3.sys
2011/08/12 22:46:18.0926 3760 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/12 22:46:19.0067 3760 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/08/12 22:46:19.0192 3760 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/12 22:46:19.0254 3760 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/08/12 22:46:19.0363 3760 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/12 22:46:19.0426 3760 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
2011/08/12 22:46:19.0550 3760 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/12 22:46:19.0628 3760 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
2011/08/12 22:46:19.0753 3760 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/08/12 22:46:19.0800 3760 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/12 22:46:19.0925 3760 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/12 22:46:19.0987 3760 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/12 22:46:20.0112 3760 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/12 22:46:20.0159 3760 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/12 22:46:20.0284 3760 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/08/12 22:46:20.0315 3760 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/08/12 22:46:20.0377 3760 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/08/12 22:46:20.0455 3760 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/08/12 22:46:20.0549 3760 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
2011/08/12 22:46:20.0642 3760 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/12 22:46:20.0720 3760 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/12 22:46:20.0814 3760 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/12 22:46:20.0908 3760 L1C (9c46a5421de9d116c47155317cabb522) C:\Windows\system32\DRIVERS\L1C62x64.sys
2011/08/12 22:46:21.0017 3760 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/12 22:46:21.0188 3760 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/12 22:46:21.0204 3760 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/12 22:46:21.0220 3760 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/12 22:46:21.0266 3760 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/12 22:46:21.0282 3760 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/12 22:46:21.0407 3760 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/12 22:46:21.0438 3760 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/12 22:46:21.0454 3760 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/12 22:46:21.0500 3760 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/12 22:46:21.0641 3760 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/08/12 22:46:21.0703 3760 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/12 22:46:21.0859 3760 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/08/12 22:46:22.0000 3760 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/08/12 22:46:22.0046 3760 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/08/12 22:46:22.0187 3760 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/08/12 22:46:22.0234 3760 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/12 22:46:22.0265 3760 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/08/12 22:46:22.0405 3760 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/12 22:46:22.0452 3760 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/12 22:46:22.0577 3760 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/12 22:46:22.0624 3760 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/08/12 22:46:22.0748 3760 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/08/12 22:46:22.0811 3760 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/12 22:46:22.0826 3760 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/12 22:46:22.0936 3760 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/08/12 22:46:23.0014 3760 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/12 22:46:23.0170 3760 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/12 22:46:23.0201 3760 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/12 22:46:23.0248 3760 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/08/12 22:46:23.0372 3760 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/08/12 22:46:23.0419 3760 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/12 22:46:23.0528 3760 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/12 22:46:23.0591 3760 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
2011/08/12 22:46:23.0716 3760 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/12 22:46:23.0778 3760 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/12 22:46:23.0918 3760 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/08/12 22:46:24.0043 3760 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/12 22:46:24.0090 3760 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/12 22:46:24.0199 3760 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/12 22:46:24.0230 3760 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/12 22:46:24.0308 3760 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/08/12 22:46:24.0402 3760 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/12 22:46:24.0480 3760 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/12 22:46:24.0636 3760 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/12 22:46:24.0714 3760 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/12 22:46:24.0839 3760 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/12 22:46:24.0886 3760 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/12 22:46:24.0964 3760 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
2011/08/12 22:46:25.0088 3760 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/12 22:46:25.0151 3760 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
2011/08/12 22:46:25.0276 3760 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
2011/08/12 22:46:25.0307 3760 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/08/12 22:46:25.0338 3760 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/08/12 22:46:25.0478 3760 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/12 22:46:25.0510 3760 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/08/12 22:46:25.0556 3760 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/08/12 22:46:25.0681 3760 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/08/12 22:46:25.0728 3760 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/12 22:46:25.0868 3760 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/12 22:46:25.0900 3760 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/12 22:46:26.0071 3760 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/12 22:46:26.0102 3760 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/12 22:46:26.0243 3760 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/12 22:46:26.0290 3760 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/08/12 22:46:26.0461 3760 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/12 22:46:26.0602 3760 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/12 22:46:26.0648 3760 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/12 22:46:26.0695 3760 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/12 22:46:26.0789 3760 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/12 22:46:26.0882 3760 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/12 22:46:26.0992 3760 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/12 22:46:27.0038 3760 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/12 22:46:27.0085 3760 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/12 22:46:27.0179 3760 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/12 22:46:27.0241 3760 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/12 22:46:27.0304 3760 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/12 22:46:27.0366 3760 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/12 22:46:27.0428 3760 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/08/12 22:46:27.0553 3760 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/08/12 22:46:27.0662 3760 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/08/12 22:46:27.0772 3760 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/12 22:46:27.0850 3760 RTL8192su (b3f36b4b3f192ea87ddc119f3a0b3e45) C:\Windows\system32\DRIVERS\RTL8192su.sys
2011/08/12 22:46:28.0099 3760 SbieDrv (ad7d7ee3721a777b6129b68c224f66ee) C:\Program Files\Sandboxie\SbieDrv.sys
2011/08/12 22:46:28.0240 3760 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/12 22:46:28.0286 3760 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/12 22:46:28.0380 3760 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/12 22:46:28.0520 3760 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/12 22:46:28.0583 3760 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/12 22:46:28.0645 3760 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/12 22:46:28.0723 3760 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/08/12 22:46:28.0770 3760 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/12 22:46:28.0817 3760 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/12 22:46:28.0895 3760 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/12 22:46:29.0020 3760 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
2011/08/12 22:46:29.0066 3760 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/12 22:46:29.0113 3760 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/12 22:46:29.0144 3760 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/12 22:46:29.0285 3760 SNP2UVC (f06a6de8438f7446bff9e61f31356521) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/08/12 22:46:29.0425 3760 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/12 22:46:29.0488 3760 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/08/12 22:46:29.0612 3760 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/12 22:46:29.0644 3760 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/12 22:46:29.0784 3760 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/12 22:46:29.0846 3760 STHDA (ddb811b13d827081e7c1ddff302ab334) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/08/12 22:46:29.0987 3760 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/08/12 22:46:30.0080 3760 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
2011/08/12 22:46:30.0252 3760 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/12 22:46:30.0377 3760 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/12 22:46:30.0424 3760 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/12 22:46:30.0455 3760 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/12 22:46:30.0564 3760 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/12 22:46:30.0626 3760 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/08/12 22:46:30.0782 3760 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/12 22:46:30.0829 3760 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/12 22:46:30.0954 3760 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/12 22:46:31.0016 3760 TurboB (c45a3e051c65106a28982caed125f855) C:\Windows\system32\DRIVERS\TurboB.sys
2011/08/12 22:46:31.0157 3760 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/12 22:46:31.0204 3760 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/12 22:46:31.0250 3760 UimBus (ba1b69c9b7f8c952201b30d26a4bc0b2) C:\Windows\system32\DRIVERS\uimx64.sys
2011/08/12 22:46:31.0391 3760 Uim_IM (56060b99d10f381caa70d2684e6512d3) C:\Windows\system32\Drivers\Uim_IMx64.sys
2011/08/12 22:46:31.0531 3760 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/12 22:46:31.0578 3760 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/08/12 22:46:31.0703 3760 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/12 22:46:31.0859 3760 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2011/08/12 22:46:31.0890 3760 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
2011/08/12 22:46:31.0906 3760 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/08/12 22:46:31.0937 3760 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/12 22:46:32.0062 3760 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/12 22:46:32.0108 3760 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/12 22:46:32.0233 3760 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/12 22:46:32.0296 3760 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/12 22:46:32.0405 3760 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/12 22:46:32.0452 3760 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/12 22:46:32.0576 3760 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/08/12 22:46:32.0608 3760 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/12 22:46:32.0748 3760 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/12 22:46:32.0779 3760 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/12 22:46:32.0826 3760 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/08/12 22:46:32.0935 3760 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/08/12 22:46:32.0982 3760 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/08/12 22:46:33.0029 3760 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/08/12 22:46:33.0154 3760 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/08/12 22:46:33.0216 3760 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/12 22:46:33.0341 3760 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/12 22:46:33.0372 3760 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/12 22:46:33.0512 3760 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/08/12 22:46:33.0559 3760 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/12 22:46:33.0684 3760 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/12 22:46:33.0700 3760 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/12 22:46:33.0762 3760 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/12 22:46:33.0793 3760 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/12 22:46:33.0996 3760 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/12 22:46:34.0043 3760 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/08/12 22:46:34.0074 3760 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/12 22:46:34.0246 3760 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/12 22:46:34.0277 3760 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/12 22:46:34.0433 3760 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/12 22:46:34.0480 3760 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/08/12 22:46:34.0604 3760 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/12 22:46:34.0682 3760 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/08/12 22:46:34.0714 3760 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/08/12 22:46:34.0714 3760 Boot (0x1200) (67eb501cb59001e57eeb7f3605b4aeb6) \Device\Harddisk0\DR0\Partition0
2011/08/12 22:46:34.0745 3760 Boot (0x1200) (bf1e0f8f405b8154461d46e8d304911d) \Device\Harddisk0\DR0\Partition1
2011/08/12 22:46:34.0760 3760 Boot (0x1200) (84f1e9cb9571148dacec95fd2b216af8) \Device\Harddisk1\DR1\Partition0
2011/08/12 22:46:34.0760 3760 ================================================================================
2011/08/12 22:46:34.0760 3760 Scan finished
2011/08/12 22:46:34.0760 3760 ================================================================================
2011/08/12 22:46:34.0776 3160 Detected object count: 0
2011/08/12 22:46:34.0776 3160 Actual detected object count: 0
2011/08/12 22:46:46.0882 1976 ================================================================================
2011/08/12 22:46:46.0882 1976 Scan started
2011/08/12 22:46:46.0882 1976 Mode: Manual;
2011/08/12 22:46:46.0882 1976 ================================================================================
2011/08/12 22:46:47.0178 1976 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/08/12 22:46:47.0209 1976 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/08/12 22:46:47.0240 1976 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/08/12 22:46:47.0365 1976 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/12 22:46:47.0474 1976 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/12 22:46:47.0490 1976 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/12 22:46:47.0568 1976 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/08/12 22:46:47.0662 1976 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/08/12 22:46:47.0693 1976 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/08/12 22:46:47.0708 1976 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/08/12 22:46:47.0755 1976 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/12 22:46:47.0989 1976 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys
2011/08/12 22:46:48.0130 1976 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/08/12 22:46:48.0161 1976 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/12 22:46:48.0192 1976 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
2011/08/12 22:46:48.0301 1976 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/12 22:46:48.0348 1976 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
2011/08/12 22:46:48.0379 1976 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
2011/08/12 22:46:48.0488 1976 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/08/12 22:46:48.0566 1976 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/12 22:46:48.0691 1976 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/12 22:46:48.0785 1976 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
2011/08/12 22:46:48.0910 1976 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/12 22:46:48.0972 1976 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/08/12 22:46:49.0081 1976 AthBTPort (c647c19b70b4717106f6b59e80d6f38f) C:\Windows\system32\DRIVERS\btath_flt.sys
2011/08/12 22:46:49.0128 1976 AthDfu (17d367ae1ad05852303a8bdfab5d028b) C:\Windows\system32\Drivers\AthDfu.sys
2011/08/12 22:46:49.0206 1976 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
2011/08/12 22:46:49.0331 1976 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
2011/08/12 22:46:49.0487 1976 atikmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/12 22:46:49.0643 1976 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/08/12 22:46:49.0721 1976 Avgldx64 (91be0147bc27059aba6d0a478adeb1ee) C:\Windows\system32\DRIVERS\avgldx64.sys
2011/08/12 22:46:49.0814 1976 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
2011/08/12 22:46:49.0877 1976 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/12 22:46:49.0970 1976 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/12 22:46:50.0048 1976 bbcap (849ea7a204f9f77e7b2adb8699f7bfc8) C:\Windows\system32\DRIVERS\bbcap.sys
2011/08/12 22:46:50.0142 1976 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/12 22:46:50.0204 1976 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/12 22:46:50.0251 1976 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/12 22:46:50.0329 1976 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/12 22:46:50.0376 1976 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/12 22:46:50.0423 1976 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\Windows\system32\DRIVERS\BrSerIb.sys
2011/08/12 22:46:50.0532 1976 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/12 22:46:50.0594 1976 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/12 22:46:50.0704 1976 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/12 22:46:50.0735 1976 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/12 22:46:50.0782 1976 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
2011/08/12 22:46:50.0891 1976 BTATH_A2DP (f5b0c8426147f8455a58470753355a86) C:\Windows\system32\drivers\btath_a2dp.sys
2011/08/12 22:46:50.0953 1976 BTATH_BUS (613a1fd0db78f8df45fc0091868f1032) C:\Windows\system32\DRIVERS\btath_bus.sys
2011/08/12 22:46:51.0031 1976 BTATH_HCRP (30c1769f1dbf567a2f31492e819cbdc2) C:\Windows\system32\DRIVERS\btath_hcrp.sys
2011/08/12 22:46:51.0094 1976 BTATH_RCP (6b476536c991f953ded4b92cc505b3a8) C:\Windows\system32\DRIVERS\btath_rcp.sys
2011/08/12 22:46:51.0140 1976 BtFilter (e808a9b7dbd8db51d6a02beba677ae88) C:\Windows\system32\DRIVERS\btfilter.sys
2011/08/12 22:46:51.0234 1976 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
2011/08/12 22:46:51.0281 1976 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/12 22:46:51.0312 1976 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/08/12 22:46:51.0421 1976 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
2011/08/12 22:46:51.0562 1976 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
2011/08/12 22:46:51.0640 1976 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/12 22:46:51.0764 1976 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/08/12 22:46:51.0827 1976 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/12 22:46:51.0874 1976 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/12 22:46:51.0983 1976 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/12 22:46:52.0030 1976 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/08/12 22:46:52.0076 1976 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/08/12 22:46:52.0201 1976 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/12 22:46:52.0232 1976 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/12 22:46:52.0295 1976 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/12 22:46:52.0404 1976 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/08/12 22:46:52.0466 1976 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/12 22:46:52.0560 1976 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/12 22:46:52.0622 1976 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/12 22:46:52.0685 1976 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/12 22:46:52.0841 1976 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/12 22:46:52.0997 1976 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/12 22:46:53.0090 1976 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
2011/08/12 22:46:53.0168 1976 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/08/12 22:46:53.0246 1976 ETD (06c94be9d9e1e6411429433a64a76936) C:\Windows\system32\DRIVERS\ETD.sys
2011/08/12 22:46:53.0293 1976 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
2011/08/12 22:46:53.0371 1976 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/12 22:46:53.0418 1976 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/12 22:46:53.0434 1976 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/12 22:46:53.0465 1976 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/12 22:46:53.0543 1976 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/12 22:46:53.0605 1976 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/12 22:46:53.0652 1976 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/08/12 22:46:53.0746 1976 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/12 22:46:53.0792 1976 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/12 22:46:53.0839 1976 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/12 22:46:53.0933 1976 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/12 22:46:54.0011 1976 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/12 22:46:54.0058 1976 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/08/12 22:46:54.0120 1976 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/12 22:46:54.0182 1976 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/08/12 22:46:54.0214 1976 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/12 22:46:54.0292 1976 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/12 22:46:54.0338 1976 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/12 22:46:54.0385 1976 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/12 22:46:54.0432 1976 hotcore3 (8df34474b0789edf5007db8cbcbf9c18) C:\Windows\system32\DRIVERS\hotcore3.sys
2011/08/12 22:46:54.0510 1976 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/12 22:46:54.0604 1976 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/08/12 22:46:54.0697 1976 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/12 22:46:54.0775 1976 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/08/12 22:46:54.0822 1976 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/12 22:46:54.0900 1976 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
2011/08/12 22:46:54.0978 1976 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/12 22:46:55.0072 1976 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
2011/08/12 22:46:55.0150 1976 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/08/12 22:46:55.0181 1976 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/12 22:46:55.0274 1976 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/12 22:46:55.0337 1976 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/12 22:46:55.0384 1976 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/12 22:46:55.0446 1976 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/12 22:46:55.0524 1976 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/08/12 22:46:55.0540 1976 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/08/12 22:46:55.0571 1976 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/08/12 22:46:55.0633 1976 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/08/12 22:46:55.0727 1976 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
2011/08/12 22:46:55.0774 1976 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/12 22:46:55.0852 1976 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/12 22:46:55.0930 1976 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/12 22:46:56.0023 1976 L1C (9c46a5421de9d116c47155317cabb522) C:\Windows\system32\DRIVERS\L1C62x64.sys
2011/08/12 22:46:56.0101 1976 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/12 22:46:56.0148 1976 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/12 22:46:56.0226 1976 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/12 22:46:56.0273 1976 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/12 22:46:56.0288 1976 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/12 22:46:56.0320 1976 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/12 22:46:56.0335 1976 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/12 22:46:56.0351 1976 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/12 22:46:56.0429 1976 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/12 22:46:56.0476 1976 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/12 22:46:56.0522 1976 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/08/12 22:46:56.0538 1976 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/12 22:46:56.0616 1976 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/08/12 22:46:56.0694 1976 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/08/12 22:46:56.0772 1976 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/08/12 22:46:56.0850 1976 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/08/12 22:46:56.0881 1976 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/12 22:46:56.0975 1976 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/08/12 22:46:57.0068 1976 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/12 22:46:57.0115 1976 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/12 22:46:57.0209 1976 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/12 22:46:57.0287 1976 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/08/12 22:46:57.0365 1976 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/08/12 22:46:57.0443 1976 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/12 22:46:57.0458 1976 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/12 22:46:57.0536 1976 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/08/12 22:46:57.0630 1976 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/12 22:46:57.0661 1976 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/12 22:46:57.0739 1976 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/12 22:46:57.0802 1976 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/08/12 22:46:57.0848 1976 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/08/12 22:46:57.0926 1976 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/12 22:46:57.0989 1976 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/12 22:46:58.0020 1976 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
2011/08/12 22:46:58.0098 1976 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/12 22:46:58.0160 1976 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/12 22:46:58.0207 1976 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/08/12 22:46:58.0332 1976 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/12 22:46:58.0363 1976 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/12 22:46:58.0394 1976 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/12 22:46:58.0519 1976 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/12 22:46:58.0566 1976 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/08/12 22:46:58.0613 1976 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/12 22:46:58.0738 1976 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/12 22:46:58.0800 1976 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/12 22:46:58.0831 1976 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/12 22:46:58.0972 1976 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/12 22:46:58.0987 1976 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/12 22:46:59.0065 1976 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
2011/08/12 22:46:59.0190 1976 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/12 22:46:59.0237 1976 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
2011/08/12 22:46:59.0268 1976 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
2011/08/12 22:46:59.0362 1976 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/08/12 22:46:59.0424 1976 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/08/12 22:46:59.0455 1976 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/12 22:46:59.0580 1976 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/08/12 22:46:59.0627 1976 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/08/12 22:46:59.0752 1976 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/08/12 22:46:59.0798 1976 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/12 22:46:59.0923 1976 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/12 22:46:59.0954 1976 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/12 22:47:00.0110 1976 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/12 22:47:00.0157 1976 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/12 22:47:00.0251 1976 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/12 22:47:00.0329 1976 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/08/12 22:47:00.0422 1976 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/12 22:47:00.0563 1976 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/12 22:47:00.0578 1976 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/12 22:47:00.0610 1976 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/12 22:47:00.0719 1976 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/12 22:47:00.0766 1976 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/12 22:47:00.0797 1976 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/12 22:47:00.0906 1976 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/12 22:47:00.0953 1976 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/12 22:47:00.0984 1976 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/12 22:47:01.0093 1976 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/12 22:47:01.0124 1976 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/12 22:47:01.0156 1976 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/12 22:47:01.0187 1976 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/08/12 22:47:01.0327 1976 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/08/12 22:47:01.0374 1976 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/08/12 22:47:01.0421 1976 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/12 22:47:01.0546 1976 RTL8192su (b3f36b4b3f192ea87ddc119f3a0b3e45) C:\Windows\system32\DRIVERS\RTL8192su.sys
2011/08/12 22:47:01.0733 1976 SbieDrv (ad7d7ee3721a777b6129b68c224f66ee) C:\Program Files\Sandboxie\SbieDrv.sys
2011/08/12 22:47:01.0826 1976 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/12 22:47:01.0889 1976 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/12 22:47:01.0936 1976 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/12 22:47:02.0029 1976 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/12 22:47:02.0060 1976 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/12 22:47:02.0107 1976 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/12 22:47:02.0170 1976 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/08/12 22:47:02.0263 1976 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/12 22:47:02.0310 1976 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/12 22:47:02.0357 1976 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/12 22:47:02.0466 1976 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
2011/08/12 22:47:02.0497 1976 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/12 22:47:02.0513 1976 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/12 22:47:02.0544 1976 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/12 22:47:02.0622 1976 SNP2UVC (f06a6de8438f7446bff9e61f31356521) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/08/12 22:47:02.0747 1976 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/12 22:47:02.0794 1976 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/08/12 22:47:02.0918 1976 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/12 22:47:02.0950 1976 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/12 22:47:02.0996 1976 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/12 22:47:03.0121 1976 STHDA (ddb811b13d827081e7c1ddff302ab334) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/08/12 22:47:03.0246 1976 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/08/12 22:47:03.0355 1976 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
2011/08/12 22:47:03.0511 1976 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/12 22:47:03.0636 1976 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/12 22:47:03.0683 1976 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/12 22:47:03.0698 1976 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/12 22:47:03.0808 1976 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/12 22:47:03.0854 1976 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/08/12 22:47:03.0932 1976 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/12 22:47:04.0042 1976 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/12 22:47:04.0088 1976 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/12 22:47:04.0120 1976 TurboB (c45a3e051c65106a28982caed125f855) C:\Windows\system32\DRIVERS\TurboB.sys
2011/08/12 22:47:04.0244 1976 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/12 22:47:04.0291 1976 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/12 22:47:04.0354 1976 UimBus (ba1b69c9b7f8c952201b30d26a4bc0b2) C:\Windows\system32\DRIVERS\uimx64.sys
2011/08/12 22:47:04.0478 1976 Uim_IM (56060b99d10f381caa70d2684e6512d3) C:\Windows\system32\Drivers\Uim_IMx64.sys
2011/08/12 22:47:04.0588 1976 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/12 22:47:04.0619 1976 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/08/12 22:47:04.0666 1976 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/12 22:47:04.0775 1976 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2011/08/12 22:47:04.0806 1976 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
2011/08/12 22:47:04.0822 1976 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/08/12 22:47:04.0853 1976 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/12 22:47:04.0962 1976 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/12 22:47:05.0009 1976 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/12 22:47:05.0024 1976 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/12 22:47:05.0071 1976 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/12 22:47:05.0180 1976 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/12 22:47:05.0227 1976 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/12 22:47:05.0258 1976 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/08/12 22:47:05.0383 1976 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/12 22:47:05.0430 1976 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/12 22:47:05.0461 1976 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/12 22:47:05.0570 1976 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/08/12 22:47:05.0617 1976 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/08/12 22:47:05.0648 1976 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/08/12 22:47:05.0773 1976 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/08/12 22:47:05.0820 1976 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/08/12 22:47:05.0867 1976 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/12 22:47:05.0992 1976 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/12 22:47:06.0007 1976 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/12 22:47:06.0023 1976 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/08/12 22:47:06.0054 1976 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/12 22:47:06.0163 1976 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/12 22:47:06.0179 1976 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/12 22:47:06.0241 1976 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/12 22:47:06.0272 1976 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/12 22:47:06.0428 1976 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/12 22:47:06.0475 1976 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/08/12 22:47:06.0491 1976 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/12 22:47:06.0631 1976 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/12 22:47:06.0662 1976 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/12 22:47:06.0709 1976 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/12 22:47:06.0772 1976 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/08/12 22:47:06.0881 1976 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/12 22:47:06.0943 1976 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/08/12 22:47:06.0959 1976 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/08/12 22:47:06.0974 1976 Boot (0x1200) (67eb501cb59001e57eeb7f3605b4aeb6) \Device\Harddisk0\DR0\Partition0
2011/08/12 22:47:07.0006 1976 Boot (0x1200) (bf1e0f8f405b8154461d46e8d304911d) \Device\Harddisk0\DR0\Partition1
2011/08/12 22:47:07.0021 1976 Boot (0x1200) (84f1e9cb9571148dacec95fd2b216af8) \Device\Harddisk1\DR1\Partition0
2011/08/12 22:47:07.0021 1976 ================================================================================
2011/08/12 22:47:07.0021 1976 Scan finished
2011/08/12 22:47:07.0021 1976 ================================================================================
2011/08/12 22:47:07.0037 6036 Detected object count: 0
2011/08/12 22:47:07.0037 6036 Actual detected object count: 0

#6 Elise

Bleepin' Blonde

Group: Malware Study Hall Admin
Posts: 38,999
Joined: 05-October 07
Gender:Female
Location:Romania

Posted 13 August 2011 - 03:54 AM

Hi again, please let me know how things are running after the following steps.

CF-SCRIPT
-------------
We need to execute a CF-script.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

DDS::
uInternet Settings,ProxyServer = 0.0.0.0:80
uInternet Settings,ProxyOverride = *.local

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton

Follow BleepingComputer on: Facebook | Twitter | Google+

#7 Cornetto

Member

Group: Members
Posts: 25
Joined: 18-June 11

Posted 13 August 2011 - 06:10 AM

Hi Elise,

I started running Combofix when I got a message and realized my security was still on. I think it still ran. I closed down the Microsoft Security Essentials and ran ComboFix. Below is the result if the "final" run. I could not find another ComboFix file at C:\ so I assume this is the only one of interest.

Thanks

ComboFix 11-08-09.03 - KGH 13/08/2011 3:53.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3949.2739 [GMT -6:00]
Running from: c:\users\KGH\Desktop\ComboFix.exe
Command switches used :: c:\users\KGH\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-07-13 to 2011-08-13 )))))))))))))))))))))))))))))))
.
.
2011-08-13 09:56 . 2011-08-13 09:56 -------- d-----w- c:\users\Wee Bro\AppData\Local\temp
2011-08-13 09:56 . 2011-08-13 09:56 -------- d-----w- c:\users\NADMIN\AppData\Local\temp
2011-08-13 09:56 . 2011-08-13 09:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-13 09:56 . 2011-08-13 09:56 -------- d-----w- c:\users\AdminMe\AppData\Local\temp
2011-08-13 02:32 . 2011-01-28 18:01 601424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E350F35-757D-45FE-A9F2-1C9531F787E0}\gapaengine.dll
2011-08-13 02:32 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6912B4EC-D6E5-451C-8E9A-761829A34FBB}\mpengine.dll
2011-08-10 19:29 . 2011-08-10 19:29 -------- d-----w- c:\program files (x86)\CodeStuff
2011-08-10 19:11 . 2011-08-10 19:11 -------- d-----w- C:\ASUS.DAT
2011-08-10 07:36 . 2011-06-21 06:34 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-02 08:00 . 2011-08-02 08:00 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-08-02 08:00 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-19 22:01 . 2011-08-02 00:23 -------- d-----w- c:\users\KGH\AppData\Local\RockMelt
2011-07-19 21:32 . 2011-07-19 21:32 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 09:20 . 2010-10-16 00:38 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-07-16 04:26 . 2011-08-10 07:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-13 04:53 . 2010-12-06 17:54 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-07 00:52 . 2011-01-10 11:32 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2011-01-10 11:32 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 04:49 . 2011-06-21 03:22 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-21 03:20 . 2010-12-29 07:13 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-06-16 06:19 . 2011-06-16 06:19 121681 ----a-w- c:\windows\File Renamer - Basic Uninstaller.exe
2011-06-11 03:07 . 2011-07-13 01:53 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 11:42 . 2011-06-29 03:51 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 03:51 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 03:51 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 03:51 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 03:51 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-16 07:52 . 2011-05-16 07:52 5632 ----a-w- c:\windows\system32\bbchlp.dll
2011-05-16 07:52 . 2011-05-16 07:52 37376 ----a-w- c:\windows\system32\bbcap.dll
2011-05-16 07:52 . 2011-05-16 07:52 4608 ----a-w- c:\windows\system32\drivers\bbcap.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-10_08.08.49 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-07-13 01:54 . 2011-05-14 06:24 25600 c:\windows\SysWOW64\setup16.exe
+ 2011-08-10 07:37 . 2011-07-16 04:25 25600 c:\windows\SysWOW64\setup16.exe
- 2009-07-14 00:12 . 2009-07-14 01:16 86016 c:\windows\SysWOW64\odbccu32.dll
+ 2011-08-10 07:37 . 2011-06-15 08:55 86016 c:\windows\SysWOW64\odbccu32.dll
+ 2011-08-10 07:37 . 2011-06-15 08:55 81920 c:\windows\SysWOW64\odbccr32.dll
+ 2011-08-10 07:37 . 2011-07-16 04:29 14336 c:\windows\SysWOW64\ntvdm64.dll
- 2011-07-13 01:54 . 2011-05-14 06:28 14336 c:\windows\SysWOW64\ntvdm64.dll
- 2011-03-06 19:49 . 2010-11-20 12:19 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2011-08-10 07:36 . 2011-06-21 05:26 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2011-08-10 07:36 . 2011-06-21 05:28 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2011-06-16 05:35 . 2011-04-22 19:10 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2011-06-16 05:35 . 2011-04-22 19:09 48128 c:\windows\SysWOW64\jsproxy.dll
+ 2011-08-10 07:36 . 2011-06-21 05:26 48128 c:\windows\SysWOW64\jsproxy.dll
- 2009-07-14 04:54 . 2011-08-09 09:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-08-12 09:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-08-09 09:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-12 09:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-12 09:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-09 09:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-10 07:37 . 2011-07-16 05:41 13312 c:\windows\system32\wow64cpu.dll
- 2011-07-13 01:54 . 2011-05-14 07:25 13312 c:\windows\system32\wow64cpu.dll
+ 2010-04-11 06:31 . 2011-08-12 09:22 50460 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-12 09:22 35656 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-07-14 17:17 35656 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-05 04:51 . 2011-08-12 09:22 15972 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4007560823-3881553181-3471522080-1001_UserData.bin
- 2011-07-13 01:54 . 2011-05-14 07:22 16384 c:\windows\system32\ntvdm64.dll
+ 2011-08-10 07:37 . 2011-07-16 05:39 16384 c:\windows\system32\ntvdm64.dll
- 2011-03-06 19:49 . 2010-11-20 13:27 97280 c:\windows\system32\mshtmled.dll
+ 2011-08-10 07:36 . 2011-06-21 06:19 97280 c:\windows\system32\mshtmled.dll
+ 2011-08-10 07:36 . 2011-06-21 06:20 95232 c:\windows\system32\migration\WininetPlugin.dll
- 2011-06-16 05:35 . 2011-04-22 22:08 95232 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-08-10 07:36 . 2011-06-21 06:18 64512 c:\windows\system32\jsproxy.dll
- 2011-06-16 05:35 . 2011-04-22 22:04 64512 c:\windows\system32\jsproxy.dll
- 2010-08-04 19:38 . 2011-08-10 08:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-04 19:38 . 2011-08-13 02:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-04 19:38 . 2011-08-13 02:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-04 19:38 . 2011-08-10 08:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-10 08:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-13 02:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-05 04:52 . 2011-08-02 17:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-05 04:52 . 2011-08-12 09:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-08-12 09:44 88632 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-08-05 04:52 . 2011-08-12 09:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-05 04:52 . 2011-08-02 17:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-05 04:52 . 2011-08-12 09:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-05 04:52 . 2011-08-02 17:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-04 19:46 . 2011-08-13 09:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-04 19:46 . 2011-08-10 08:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-04 19:46 . 2011-08-13 09:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-04 19:46 . 2011-08-10 08:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-11 06:42 . 2010-04-11 06:42 12862 c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
+ 2010-04-11 06:42 . 2011-08-10 19:11 12862 c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
+ 2010-04-11 06:42 . 2011-08-10 19:11 12862 c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_6FEFF9B68218417F98F549.exe
- 2010-04-11 06:42 . 2010-04-11 06:42 12862 c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_6FEFF9B68218417F98F549.exe
+ 2010-04-11 06:42 . 2011-08-10 19:11 12862 c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_06A25776E43957E4BCFF7B.exe
- 2010-04-11 06:42 . 2010-04-11 06:42 12862 c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_06A25776E43957E4BCFF7B.exe
+ 2011-08-11 22:36 . 2011-08-11 22:36 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\f4b0a65a0cad6d091bb903fb5f7f490d\System.Windows.Presentation.ni.dll
+ 2011-08-11 22:36 . 2011-08-11 22:36 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\055b996b602a243bd4fcbdde8accc09c\System.Web.DynamicData.Design.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\fe5b12605f26ab36c26f0a3b3c475dd5\PresentationFontCache.ni.exe
+ 2011-08-11 22:28 . 2011-08-11 22:28 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\a2a31e05462d32f9f49febd89f515738\PresentationCFFRasterizer.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\66019b987c020943413851e959ca80c2\Microsoft.WSMan.Runtime.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\e29ed5ad26446d196b4a5ea7e69c74e9\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\b1c9507f23021701932fca6306d0df0f\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\a4d48547af11390249b96fd1526ea514\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\6096a2f20727ede39049c5f3628b9a60\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2011-08-11 22:32 . 2011-08-11 22:32 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b1a1a072eba978666cefe4f99fc6401c\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2011-08-11 22:33 . 2011-08-11 22:33 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\cdbee55e7f6c60f5cb56d6ec9f083951\LoadMxf.ni.exe
+ 2011-08-11 22:32 . 2011-08-11 22:32 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\867a57af137c4a524067cdbbf09766e0\ehiTVMSMusic.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\3ef94ae15e7d80bb818934265bb90c10\System.Windows.Presentation.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\dd2bb107a0bbac08a0ccaf93c8bb7490\System.Web.DynamicData.Design.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\54d33aa6cf3af2d6e28c7d46c0ce363f\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\fe7afc935e0c66172577a1ded815993b\PresentationFontCache.ni.exe
+ 2011-08-11 22:30 . 2011-08-11 22:30 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\e5c56e2a79ebb350e0aa6805f4d5e649\PresentationCFFRasterizer.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\ab2d4de59dee683a2f77123f671839ba\Microsoft.WSMan.Runtime.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\8a102c44ccfe60d131d7e350d149bf85\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\7ce6ebef5427853ecb5bd68da29f1fdd\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\20c20811d44ba8c9513f2f2ba96d7047\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\09a9791efe9f32a50bd01346f0b05666\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\034ab6a3d60fdfba641443f16efdf309\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\2ac41c859d5e5e84993a555e3eeaea90\Microsoft.Vsa.ni.dll
+ 2011-08-10 07:37 . 2011-07-16 04:24 5120 c:\windows\SysWOW64\wow32.dll
- 2011-07-13 01:54 . 2011-05-14 06:22 5120 c:\windows\SysWOW64\wow32.dll
+ 2011-08-10 07:37 . 2011-07-16 02:21 2048 c:\windows\SysWOW64\user.exe
- 2011-07-13 01:54 . 2011-05-14 04:20 2048 c:\windows\SysWOW64\user.exe
+ 2011-08-10 07:37 . 2011-07-16 02:21 7680 c:\windows\SysWOW64\instnm.exe
- 2011-07-13 01:54 . 2011-05-14 04:20 7680 c:\windows\SysWOW64\instnm.exe
+ 2011-08-10 07:37 . 2011-07-16 02:17 6144 c:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 03:48 6144 c:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 02:17 3584 c:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 03:48 3584 c:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 03:48 3072 c:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 02:17 3072 c:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 02:17 4608 c:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 03:48 4608 c:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 04:15 4096 c:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 04:15 4096 c:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 04:15 3072 c:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 04:15 3072 c:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 04:15 3072 c:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 04:15 4608 c:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 05:47 4608 c:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 04:15 3584 c:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 04:15 3584 c:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 04:15 4096 c:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 04:15 3584 c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 04:15 4096 c:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 04:15 4096 c:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 04:15 3584 c:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 04:15 3072 c:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 04:15 3584 c:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 04:15 3584 c:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 04:15 3072 c:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 04:15 5120 c:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 05:47 5120 c:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 04:15 3072 c:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 04:15 3072 c:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 04:15 3072 c:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 04:15 3072 c:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 04:15 3072 c:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 04:15 3072 c:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
+ 2010-08-26 00:41 . 2011-08-10 08:24 6230 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-08-26 00:41 . 2011-07-13 08:19 6230 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-07-13 01:54 . 2011-06-03 06:44 6144 c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 6144 c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 4608 c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 4608 c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 4096 c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 4096 c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 4096 c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 4096 c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 3584 c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 4608 c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 4608 c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 3584 c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 3584 c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 3584 c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 3584 c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 4096 c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 4096 c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 4096 c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 4096 c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 3584 c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 3584 c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 5120 c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 5120 c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
- 2011-07-13 01:54 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
+ 2011-08-10 07:37 . 2011-07-16 05:21 3072 c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
- 2011-07-14 17:13 . 2011-07-14 17:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-12 09:19 . 2011-08-12 09:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-12 09:19 . 2011-08-12 09:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-14 17:13 . 2011-07-14 17:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-10 07:36 . 2011-06-21 05:28 981504 c:\windows\SysWOW64\wininet.dll
- 2011-06-16 05:35 . 2011-04-22 19:10 981504 c:\windows\SysWOW64\wininet.dll
+ 2011-08-10 07:36 . 2011-06-21 05:28 132096 c:\windows\SysWOW64\url.dll
+ 2011-08-10 07:37 . 2011-06-15 08:55 163840 c:\windows\SysWOW64\odbctrac.dll
- 2011-03-06 19:49 . 2010-11-20 12:20 163840 c:\windows\SysWOW64\odbctrac.dll
- 2011-03-06 19:49 . 2010-11-20 12:20 319488 c:\windows\SysWOW64\odbcjt32.dll
+ 2011-08-10 07:37 . 2011-06-15 08:55 319488 c:\windows\SysWOW64\odbcjt32.dll
+ 2011-08-10 07:37 . 2011-06-15 08:55 122880 c:\windows\SysWOW64\odbccp32.dll
- 2011-03-06 19:49 . 2010-11-20 12:20 122880 c:\windows\SysWOW64\odbccp32.dll
+ 2011-08-10 07:36 . 2011-06-21 05:26 599552 c:\windows\SysWOW64\msfeeds.dll
- 2011-06-16 05:35 . 2011-04-29 04:54 599552 c:\windows\SysWOW64\msfeeds.dll
+ 2011-08-10 07:37 . 2011-07-16 04:24 272384 c:\windows\SysWOW64\KernelBase.dll
- 2011-07-13 01:54 . 2011-06-03 05:56 272384 c:\windows\SysWOW64\KernelBase.dll
- 2011-06-16 05:35 . 2011-04-22 19:09 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-08-10 07:36 . 2011-06-21 05:26 176640 c:\windows\SysWOW64\ieui.dll
- 2011-07-13 01:54 . 2011-05-14 07:25 362496 c:\windows\system32\wow64win.dll
+ 2011-08-10 07:37 . 2011-07-16 05:41 362496 c:\windows\system32\wow64win.dll
- 2011-07-13 01:54 . 2011-05-14 07:25 243200 c:\windows\system32\wow64.dll
+ 2011-08-10 07:37 . 2011-07-16 05:41 243200 c:\windows\system32\wow64.dll
+ 2011-08-10 07:37 . 2011-06-24 05:34 214528 c:\windows\system32\winsrv.dll
- 2011-07-13 01:54 . 2011-05-14 07:24 214528 c:\windows\system32\winsrv.dll
+ 2010-08-05 20:05 . 2011-08-13 09:20 376170 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-08-05 10:22 . 2011-08-13 07:12 405800 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-08-10 07:36 . 2011-06-21 06:20 134144 c:\windows\system32\url.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 134144 c:\windows\system32\url.dll
+ 2009-07-14 02:36 . 2011-08-12 09:17 621742 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-08-12 09:17 108792 c:\windows\system32\perfc009.dat
+ 2011-08-10 07:37 . 2011-06-15 10:02 212992 c:\windows\system32\odbctrac.dll
- 2011-03-06 19:49 . 2010-11-20 13:27 212992 c:\windows\system32\odbctrac.dll
+ 2011-08-10 07:37 . 2011-06-15 10:02 106496 c:\windows\system32\odbccu32.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 106496 c:\windows\system32\odbccu32.dll
+ 2011-08-10 07:37 . 2011-06-15 10:02 106496 c:\windows\system32\odbccr32.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 106496 c:\windows\system32\odbccr32.dll
+ 2011-08-10 07:37 . 2011-06-15 10:02 163840 c:\windows\system32\odbccp32.dll
- 2011-03-06 19:49 . 2010-11-20 13:27 163840 c:\windows\system32\odbccp32.dll
+ 2011-08-10 07:36 . 2011-06-21 06:19 702464 c:\windows\system32\msfeeds.dll
- 2011-06-16 05:35 . 2011-04-29 05:52 702464 c:\windows\system32\msfeeds.dll
+ 2011-08-10 07:37 . 2011-07-16 05:37 421888 c:\windows\system32\KernelBase.dll
- 2011-07-13 01:54 . 2011-06-03 06:56 421888 c:\windows\system32\KernelBase.dll
+ 2011-08-10 07:36 . 2011-06-21 06:18 247808 c:\windows\system32\ieui.dll
- 2011-06-16 05:35 . 2011-04-22 22:04 247808 c:\windows\system32\ieui.dll
+ 2011-08-10 07:37 . 2011-07-09 02:46 288768 c:\windows\system32\drivers\mrxsmb10.sys
- 2011-07-13 01:54 . 2011-05-14 07:16 338432 c:\windows\system32\conhost.exe
+ 2011-08-10 07:37 . 2011-06-24 05:25 338432 c:\windows\system32\conhost.exe
- 2009-07-14 05:01 . 2011-07-14 09:07 469808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-08-12 09:18 469808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-11 22:36 . 2011-08-11 22:36 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\bfb29034e69046d05e1ff758c0fcda27\WsatConfig.ni.exe
+ 2011-08-11 22:36 . 2011-08-11 22:36 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\1c573262c14ba755ac6ccab0945711cb\WindowsFormsIntegration.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 653312 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\ad5c1e837ea97e2e6401fd4fac9d99d4\UIAutomationClient.ni.dll
+ 2011-08-11 22:36 . 2011-08-11 22:36 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\50621c88a5345fd8fcb959a9fc25f084\TaskScheduler.ni.dll
+ 2011-08-11 22:35 . 2011-08-11 22:35 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\ebd55d35d25cf10e6e24453238d3c5eb\System.Xml.Linq.ni.dll
+ 2011-08-11 22:36 . 2011-08-11 22:36 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\0bf594db7ec4fd4754f7535f24b254aa\System.Web.Routing.ni.dll
+ 2011-08-11 22:29 . 2011-08-11 22:29 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\f46bab10a21dd08219f69cf58c6e5766\System.Web.RegularExpressions.ni.dll
+ 2011-08-11 22:36 . 2011-08-11 22:36 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\09199f147cafe8a357cbcf68f6098a77\System.Web.Entity.ni.dll
+ 2011-08-11 22:36 . 2011-08-11 22:36 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\b21a0f26bff3d30480050c41f4f786f6\System.Web.Entity.Design.ni.dll
+ 2011-08-11 22:36 . 2011-08-11 22:36 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\adfea0205de0aeb42c9bd80be40d7c47\System.Web.DynamicData.ni.dll
+ 2011-08-11 22:35 . 2011-08-11 22:35 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\b6cc0ab04339d7cf16e83487e921fb71\System.Web.Abstractions.ni.dll
+ 2011-08-11 22:29 . 2011-08-11 22:29 921600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\5fbe4fcbb4259d38e57006802c957e23\System.Transactions.ni.dll
+ 2011-08-11 22:29 . 2011-08-11 22:29 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\d69463a51d3536074bff664c0a097b1f\System.ServiceProcess.ni.dll
+ 2011-08-11 22:27 . 2011-08-11 22:27 928768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\f330ec3533f2f0cb4c6dacd3a3e48044\System.Security.ni.dll
+ 2011-08-11 22:28 . 2011-08-11 22:28 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\ddd7749c4f3e68ca556795b7cd2a7a00\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-08-11 22:35 . 2011-08-11 22:35 916480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\0646a91d680e840b201eb7a96876f053\System.Net.ni.dll
+ 2011-08-11 22:32 . 2011-08-11 22:32 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\f53e6c7d027431c87b5839036a2f977d\System.Messaging.ni.dll
+ 2011-08-11 22:35 . 2011-08-11 22:35 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\b9e961f0a21c8afe6213218fdbc8f8a2\System.Management.Instrumentation.ni.dll
+ 2011-08-11 22:35 . 2011-08-11 22:35 569856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\49a6af02ac362d95ccf98068492053e5\System.IO.Log.ni.dll
+ 2011-08-11 22:32 . 2011-08-11 22:32 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\4b21a062e82d08cf0ce61e7f1c8d1f2a\System.IdentityModel.Selectors.ni.dll
+ 2011-08-11 22:29 . 2011-08-11 22:29 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\1f84610e9a8c80e23e82f82cc4a894a3\System.EnterpriseServices.Wrapper.dll
+ 2011-08-11 22:29 . 2011-08-11 22:29 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\2327e346f00d0f89825a86e691d84dcc\System.Drawing.Design.ni.dll
+ 2011-08-11 22:29 . 2011-08-11 22:29 649728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\28d1d4c0f794a46ecdf34df502c3e20a\System.DirectoryServices.Protocols.ni.dll
+ 2011-08-11 22:35 . 2011-08-11 22:35 629760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\5e0b2a3713da55d99450c9cad93c4d2f\System.Data.Services.Design.ni.dll
+ 2011-08-11 22:35 . 2011-08-11 22:35 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\486d44582be2000df84c46e187a88e70\System.Data.DataSetExtensions.ni.dll
+ 2011-08-11 22:29 . 2011-08-11 22:29 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\89adf5c48e4551ba19f324ee12780b89\System.Configuration.Install.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\1bcd63abfac2072c18ab799a37dd89cf\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 889344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\268f6f10ba5e94d24677a1a68f97ac15\System.AddIn.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\8103d9a6fe544e521f89b92d24ac298a\SMSvcHost.ni.exe
+ 2011-08-11 22:32 . 2011-08-11 22:32 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\c268879bbddc814fadfe497300c03752\SMDiagnostics.ni.dll
+ 2011-08-11 22:29 . 2011-08-11 22:29 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\f89aa0bd7259a8fbe122539c26ccdd24\PresentationFramework.Royale.ni.dll
+ 2011-08-11 22:29 . 2011-08-11 22:29 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\ed1fe56e5b41607f2b31091a11662f12\PresentationFramework.Luna.ni.dll
+ 2011-08-11 22:29 . 2011-08-11 22:29 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\e197484e00ac02ef81220d0c8b6491e1\PresentationFramework.Aero.ni.dll
+ 2011-08-11 22:29 . 2011-08-11 22:29 282624 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\0c098556b5184fe66c987547b512f00a\PresentationFramework.Classic.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\a04a8437f757b8da7a707e31702169d6\napsnap.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\711d1c8357619b22e5caffd9cab59736\napinit.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\b75df85509061d9729506b8af64513f7\MSBuild.ni.exe
+ 2011-08-11 22:33 . 2011-08-11 22:33 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\c42d34f67692030a55a9bc64004e9041\MMCFxCommon.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 681984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\5db5412b8b9fdbe83b43a79b76cb39c6\Microsoft.WSMan.Management.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\de2193a90cfc32eed4ad1c78a99b8363\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\0836bcb90046e51c8bd055c0755bd57d\Microsoft.Vsa.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\b3361f5be5cde787e5e6c67b1bf55684\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 237056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\d99d7734ec2e39696ac5ce7e7b2d76bd\Microsoft.PowerShell.Security.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\77160cddd8417526c586e13b529f68bf\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6a1869785554446d202d6f718d036a3e\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\5c7ffe4abea4b5a400f768cad060835d\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-08-11 22:33 . 2011-08-11 22:33 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f0cb734b7acfb102c57ed39f8918ce3d\Microsoft.MediaCenter.Mheg.ni.dll
+ 2011-08-11 22:32 . 2011-08-11 22:32 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\e4313e989939114d32f9254a74eee676\Microsoft.MediaCenter.Interop.ni.dll
+ 2011-08-11 22:32 . 2011-08-11 22:32 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\87d3f8fed35fa164d0e5dabbcee46df8\Microsoft.MediaCenter.Playback.ni.dll
+ 2011-08-11 22:33 . 2011-08-11 22:33 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5ec49bda571c34526ad7db5ec7a201c4\Microsoft.MediaCenter.iTv.ni.dll
+ 2011-08-11 22:32 . 2011-08-11 22:32 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\3ea7a7a15d59a1185b74f340f05c0b33\Microsoft.MediaCenter.Sports.ni.dll
+ 2011-08-11 22:33 . 2011-08-11 22:33 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\503235feed6b59fff53b29c9def81a5d\Microsoft.ManagementConsole.ni.dll
+ 2011-08-11 22:33 . 2011-08-11 22:33 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\6c999c27e6724dd1d0a10202f3e52e57\Microsoft.Build.Utilities.ni.dll
+ 2011-08-11 22:33 . 2011-08-11 22:33 244736 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\137428fc7e8ae3a1b733ffc45a3f3076\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-08-11 22:33 . 2011-08-11 22:33 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\8be3ef8d90c0f3e97437887dac5a8d78\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-08-11 22:33 . 2011-08-11 22:33 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\39e1e694a468028f2ca73994f76322d4\Mcx2Dvcs.ni.dll
+ 2011-08-11 22:33 . 2011-08-11 22:33 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\d820c1a490dfb31933fd53f96514bbce\mcupdate.ni.exe
+ 2011-08-11 22:32 . 2011-08-11 22:32 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\428aa9c2151b0f385227c513c9497673\mcstoredb.ni.dll
+ 2011-08-11 22:33 . 2011-08-11 22:33 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\614f7b9e9c362ac6d4175638ea2237d9\mcplayerinterop.ni.dll
+ 2011-08-11 22:33 . 2011-08-11 22:33 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\7f8a262f2b6807a47517c1ea6e6b2a7b\mcGlidHostObj.ni.dll
+ 2011-08-11 22:33 . 2011-08-11 22:33 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\0801a977b58776ed017238d4aaa7995e\MCESidebarCtrl.ni.dll
+ 2011-08-11 22:33 . 2011-08-11 22:33 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\136009b4f22e65e77a916747429e599b\EventViewer.ni.dll
+ 2011-08-11 22:32 . 2011-08-11 22:32 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\d313ec20c40b0fd3125b8e710f74556d\ehRecObj.ni.dll
+ 2011-08-11 22:32 . 2011-08-11 22:32 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\a267870c9fce983dca1c454fbde4cc7e\ehExtHost.ni.exe
+ 2011-08-11 22:32 . 2011-08-11 22:32 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\3a7ccf1084f8a546e8f7e7eecf33045c\ehCIR.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\1af89517b158d3a94c051dfbc4ae9769\ComSvcConfig.ni.exe
+ 2011-08-11 22:31 . 2011-08-11 22:31 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\61dd29a580f09716118ef51868ad9edd\BDATunePIA.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\41ccc24e8cc5f2474ce1105f0b8ebb78\WsatConfig.ni.exe
+ 2011-08-11 22:38 . 2011-08-11 22:38 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bb04320c07e3c71ac2d18cb382d97f41\WindowsFormsIntegration.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\d63e6fb41aa502bf6724043e6ac1367f\UIAutomationClient.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\1c1f731e8684204f56f37cc66b5bc60d\TaskScheduler.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\b096bd83a66a8d1dcd761747730cc64c\System.Xml.Linq.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\efca1fd7e9df8e24c007cd003346e0e5\System.Web.Routing.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\66126f1309396535f2ba93f752016902\System.Web.RegularExpressions.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6c551bf6f7716b0f527f4274fb04cc2e\System.Web.Extensions.Design.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\03eda303152940cb2e78a0030cf572b5\System.Web.Entity.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\7b93fe55a51f2a6010365a17546170bc\System.Web.Entity.Design.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\979bf2cab91b5d50aef1525ca96ff690\System.Web.DynamicData.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\067516a8300bb5fdbddb38cb9f6c934e\System.Web.Abstractions.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4e03de263f1fec29c4a7fa18986d0868\System.Transactions.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\86a2ec5efbcfcd1105475364d7975b15\System.ServiceProcess.ni.dll
+ 2011-08-11 22:30 . 2011-08-11 22:30 680448 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\c0d90fae726bca4f272ac9a2906b3741\System.Security.ni.dll
+ 2011-08-11 22:30 . 2011-08-11 22:30 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e47bab16c150f9697594d8fd65532578\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\e16f381a978103ac92bf64b99716c857\System.Net.ni.dll
+ 2011-08-11 22:36 . 2011-08-11 22:36 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\ac9fe083b4cf11aab834d6654cdeb429\System.Messaging.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\b95b509ac74958a1d8568293c3dc43ba\System.Management.Instrumentation.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e083fdbcc88f5850290f2cf65ae1efae\System.IO.Log.ni.dll
+ 2011-08-11 22:36 . 2011-08-11 22:36 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\736226563a7f564e4629e34d52b3d6c6\System.IdentityModel.Selectors.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3a17291e4caa1a23f652129fc88e3dda\System.EnterpriseServices.Wrapper.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3a17291e4caa1a23f652129fc88e3dda\System.EnterpriseServices.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\41d65038625368f089fc66b8a544f934\System.Drawing.Design.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\3c443dc0b8879bfe286a07f15060787f\System.DirectoryServices.Protocols.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1f6d55f401cfe7041f9fd3b4aebffa9b\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 462336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\0896f955eb175a4e0bfff73b94f57619\System.Data.Services.Design.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\8f130b77f8f47e23cd748679173bdf33\System.Data.Entity.Design.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\ad3f6eae36ce486187311de6836b4904\System.Data.DataSetExtensions.ni.dll
+ 2011-08-11 22:30 . 2011-08-11 22:30 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\81423a8207177ffcfac843f9d7b662d2\System.Configuration.Install.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\fc5edc97ac59d0d0d45bb9b623b9927b\System.AddIn.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4a33aa8911167af5fcba60f1b02ad45b\SMSvcHost.ni.exe
+ 2011-08-11 22:36 . 2011-08-11 22:36 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\b907dd027bbe99c5035b1d6355f83998\SMDiagnostics.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9997cb70ba2c05761f6196f65dae7588\PresentationFramework.Royale.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4c9a05d7eea9a270d51ffe6f9466d8f8\PresentationFramework.Luna.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 226816 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\16c2dcb95bda37843824b6b0d82d8ef6\PresentationFramework.Classic.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\96f4e4b87e625a1c36e4de2efb6f7dcc\napsnap.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\a4e2648f8b4962f4c9660b2085290b06\napinit.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\46d3794a4a440f22cff17197648f6887\MSBuild.ni.exe
+ 2011-08-11 22:37 . 2011-08-11 22:37 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\71b549afed40761f8be9075ca9ad8dd7\MMCFxCommon.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 531968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\fd457e872296300765fa1a6d96a6683c\Microsoft.WSMan.Management.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\b96b80f166196dc0e148c73dc8452d25\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 786432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\f5b347719df9fa791416713aa0fd342f\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\bebf12cadd8b4fbd9c8135405c64794b\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b3b22c86860de1de178e294bc4bd534d\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\512a72ebad1bd44687d8134cd46e1a5c\Microsoft.PowerShell.Security.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1e510aa4de5a90cd44ee2443ae45e097\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\9658825555dc2c9af1a8ce12e6da2cd7\Microsoft.ManagementConsole.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\c52f2b0958be337e88f37a141e18be78\Microsoft.Build.Utilities.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\3f194ebe9a0c1e0903b32f663cb53556\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e62aa0d898b65d0d831c11b4f56c0785\Microsoft.Build.Engine.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\78fb000aaaba73f34dfa9028b7caef8c\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\fe969316614223634cba1c5544f4e3dd\mcstoredb.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\31231127c783eddf25c3d21761e1a15c\EventViewer.ni.dll
+ 2011-08-11 22:36 . 2011-08-11 22:36 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\aceba77dc2230519296726c4a1ce9518\ehRecObj.ni.dll
+ 2011-08-11 22:36 . 2011-08-11 22:36 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\42621a148e3691a5a992816cb49bee0a\ehExtHost32.ni.exe
+ 2011-08-11 22:36 . 2011-08-11 22:36 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a28cd0923e6ff03f952950eb713f03b3\ComSvcConfig.ni.exe
+ 2011-08-11 22:36 . 2011-08-11 22:36 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\482f9bd79c20ab87b6fa0fa2737d6aa3\BDATunePIA.ni.dll
+ 2011-08-10 07:36 . 2011-06-21 05:28 1231360 c:\windows\SysWOW64\urlmon.dll
+ 2011-08-10 07:36 . 2011-06-23 04:33 3912576 c:\windows\SysWOW64\ntoskrnl.exe
- 2011-05-11 15:38 . 2011-04-09 06:02 3912576 c:\windows\SysWOW64\ntoskrnl.exe
- 2011-05-11 15:38 . 2011-04-09 06:02 3967872 c:\windows\SysWOW64\ntkrnlpa.exe
+ 2011-08-10 07:36 . 2011-06-23 04:33 3967872 c:\windows\SysWOW64\ntkrnlpa.exe
+ 2011-08-10 07:36 . 2011-07-22 06:33 5988864 c:\windows\SysWOW64\mshtml.dll
+ 2011-08-10 07:37 . 2011-07-16 04:24 1114112 c:\windows\SysWOW64\kernel32.dll
+ 2011-08-10 07:36 . 2011-06-21 05:26 2073600 c:\windows\SysWOW64\iertutil.dll
+ 2011-08-10 07:36 . 2011-06-21 06:20 1188864 c:\windows\system32\wininet.dll
- 2011-06-16 05:35 . 2011-04-22 22:08 1188864 c:\windows\system32\wininet.dll
+ 2011-08-10 07:36 . 2011-06-21 06:20 1492992 c:\windows\system32\urlmon.dll
- 2011-06-16 05:35 . 2011-04-22 22:08 1492992 c:\windows\system32\urlmon.dll
+ 2011-08-10 07:36 . 2011-06-23 05:43 5561216 c:\windows\system32\ntoskrnl.exe
+ 2011-08-10 07:36 . 2011-07-22 07:31 9007104 c:\windows\system32\mshtml.dll
- 2011-07-13 01:54 . 2011-05-14 07:20 1162752 c:\windows\system32\kernel32.dll
+ 2011-08-10 07:37 . 2011-07-16 05:37 1162752 c:\windows\system32\kernel32.dll
+ 2011-08-10 07:36 . 2011-06-21 06:18 2454528 c:\windows\system32\iertutil.dll
+ 2009-07-14 04:45 . 2011-08-11 22:29 6926280 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-07-13 08:23 6926280 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2011-06-16 05:34 . 2011-01-27 23:33 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2011-08-10 07:37 . 2011-05-04 22:31 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2011-08-10 07:37 . 2011-05-04 22:32 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2011-06-16 05:34 . 2011-01-27 23:35 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-08-11 22:27 . 2011-08-11 22:27 4962816 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\64fc9675d94bda9f45731097f140c4f6\WindowsBase.ni.dll
+ 2011-08-11 22:36 . 2011-08-11 22:36 1459712 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\b8bf364f0522a662055f670bf4e86c8f\UIAutomationClientsideProviders.ni.dll
+ 2011-08-11 22:27 . 2011-08-11 22:27 6948864 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\318b11a6b944c9ef2998d374c9d5bda8\System.Xml.ni.dll
+ 2011-08-11 22:36 . 2011-08-11 22:36 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\394711b95ef17f6a7314eca2aba756e7\System.WorkflowServices.ni.dll
+ 2011-08-11 22:30 . 2011-08-11 22:30 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\eafeb90e353fd552565511cdeb26bebf\System.Workflow.Runtime.ni.dll
+ 2011-08-11 22:30 . 2011-08-11 22:30 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\ec790f92424cdcec713fff09d475bf2b\System.Workflow.ComponentModel.ni.dll
+ 2011-08-11 22:30 . 2011-08-11 22:30 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\906d5186dd5dbb570648cd1e3dfed22e\System.Workflow.Activities.ni.dll
+ 2011-08-11 22:29 . 2011-08-11 22:29 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\29bf4a2b9e4edd846f35872642dd0f36\System.Web.Services.ni.dll
+ 2011-08-11 22:36 . 2011-08-11 22:36 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\fe69339f03e5b94b558c688512246a5e\System.Web.Mobile.ni.dll
+ 2011-08-11 22:36 . 2011-08-11 22:36 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\b513632337cadf6b2a8f8b6975c7d96f\System.Web.Extensions.Design.ni.dll
+ 2011-08-11 22:35 . 2011-08-11 22:35 3042304 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\9c1f2e29f7b5f1d398405640ef4b1c7c\System.Web.Extensions.ni.dll
+ 2011-08-11 22:36 . 2011-08-11 22:36 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\31bbf607c61e3b9aeced14cb984ea9f6\System.Speech.ni.dll
+ 2011-08-11 22:35 . 2011-08-11 22:35 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\667a561422e2ccf10daef0a5dc6c8043\System.ServiceModel.Web.ni.dll
+ 2011-08-11 22:32 . 2011-08-11 22:32 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\50faf7f472bfc6d562696341df45b3c9\System.Runtime.Serialization.ni.dll
+ 2011-08-11 22:29 . 2011-08-11 22:29 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\caddda432d02308c325519a8e2f09dc4\System.Runtime.Remoting.ni.dll
+ 2011-08-11 22:29 . 2011-08-11 22:29 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\3bc065deeefef52f1ff59628ec665ea7\System.Printing.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 1472000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\36723de72c78b2791de226253580f107\System.Management.ni.dll
+ 2011-08-11 22:32 . 2011-08-11 22:32 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\df0cb96e6d087500c9210b33be2c91c9\System.IdentityModel.ni.dll
+ 2011-08-11 22:29 . 2011-08-11 22:29 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\1f84610e9a8c80e23e82f82cc4a894a3\System.EnterpriseServices.ni.dll
+ 2011-08-11 22:28 . 2011-08-11 22:28 2311168 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\ad884485b63f08acfaf791d2dfaadd32\System.Drawing.ni.dll
+ 2011-08-11 22:29 . 2011-08-11 22:29 1640448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\8255d3cb1b25eaa6e645322daa1f680c\System.DirectoryServices.ni.dll
+ 2011-08-11 22:35 . 2011-08-11 22:35 1230848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\11a932eb07432edfc6f9de22753337ba\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-08-11 22:28 . 2011-08-11 22:28 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\e2a96543efb1769b60dc0ff9e292c4bb\System.Deployment.ni.dll
+ 2011-08-11 22:29 . 2011-08-11 22:29 8681472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\d71dfde5e15e6b4271c9ce4c514775b2\System.Data.ni.dll
+ 2011-08-11 22:27 . 2011-08-11 22:27 3463680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\ab0d4419e1826292c56e565405151290\System.Data.SqlXml.ni.dll
+ 2011-08-11 22:35 . 2011-08-11 22:35 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\f7483e84119e0be9074377e731ffbe0c\System.Data.Services.ni.dll
+ 2011-08-11 22:35 . 2011-08-11 22:35 1868288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\16932309d9a552f362c85ac0adfe1607\System.Data.Services.Client.ni.dll
+ 2011-08-11 22:29 . 2011-08-11 22:29 1506816 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\33f6d511288b5a1aaa011e52ba3821fd\System.Data.OracleClient.ni.dll
+ 2011-08-11 22:35 . 2011-08-11 22:35 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\82b491f0b4a55a29d4de0e7648a43707\System.Data.Linq.ni.dll
+ 2011-08-11 22:35 . 2011-08-11 22:35 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\22600cdf0f670e44b03b243af68cd76d\System.Data.Entity.Design.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 3315200 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\5f7c48b31971fee1af48dd20c7dd7033\System.Core.ni.dll
+ 2011-08-11 22:27 . 2011-08-11 22:27 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\df2bfb30ffdbfbb49d2c5ef6fc763578\System.Configuration.ni.dll
+ 2011-08-11 22:28 . 2011-08-11 22:29 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\b2c3d06da323643af4ab68768cfe8880\ReachFramework.ni.dll
+ 2011-08-11 22:28 . 2011-08-11 22:28 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\0f3e15bd55e4f4171604e889eac1c819\PresentationUI.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 1884160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\ff71ee8681938634786fac49359c8b15\PresentationBuildTasks.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\2f9ac667c184e068523d6047153f2d91\Narrator.ni.exe
+ 2011-08-11 22:34 . 2011-08-11 22:34 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\92414dfe464e98f09057245b6dd04d05\MMCEx.ni.dll
+ 2011-08-11 22:33 . 2011-08-11 22:33 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\c66470a9076fc188a35ec7643aa1ee2e\MIGUIControls.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\4b85c3384fdda12490074283615d4723\Microsoft.VisualBasic.ni.dll
+ 2011-08-11 22:32 . 2011-08-11 22:32 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\deae3fdab784ca275290c02a3288a33d\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\f1cc6b5a2520e6b946198cd51498dff9\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b1d791e971f5c23b5ab0bf61bcfe60a0\Microsoft.PowerShell.Editor.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\42c4e6bd35af9d592663de61cb8c8108\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\332067cce1149bb2008d5af79ef8024d\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-08-11 22:32 . 2011-08-11 22:32 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\fc417f7e196b7d7d5e717cb892f16144\Microsoft.MediaCenter.UI.ni.dll
+ 2011-08-11 22:32 . 2011-08-11 22:32 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ce834b9729a66c3ef9ec5c4350e6ab59\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
+ 2011-08-11 22:32 . 2011-08-11 22:32 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\cc0f76a8214ddc88b56c6c14146c2555\Microsoft.MediaCenter.ni.dll
+ 2011-08-11 22:32 . 2011-08-11 22:32 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\8f1d674c4309a0c29fb708ba7a5e54c4\Microsoft.MediaCenter.Shell.ni.dll
+ 2011-08-11 22:33 . 2011-08-11 22:33 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\52e7f067d8a3358baeb77ac8cd988c0e\Microsoft.MediaCenter.Bml.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 3213312 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\95184c861c38e940aeadc4276a8596e6\Microsoft.JScript.ni.dll
+ 2011-08-11 22:33 . 2011-08-11 22:33 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\0e8c24abc2dbbafc9519f64571a39433\Microsoft.Ink.ni.dll
+ 2011-08-11 22:33 . 2011-08-11 22:33 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\638f3afd3c310ed7d048e60cc1daf57e\Microsoft.Build.Tasks.ni.dll
+ 2011-08-11 22:33 . 2011-08-11 22:33 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\58e96fd5359c0f3d6ed8f350ff721f87\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-08-11 22:33 . 2011-08-11 22:33 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\f2ae54183322e3710c0344c44fd512d8\Microsoft.Build.Engine.ni.dll
+ 2011-08-11 22:33 . 2011-08-11 22:33 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\37c906e0ea6325e55c1f222aa4a5462b\Microsoft.Build.Engine.ni.dll
+ 2011-08-11 22:32 . 2011-08-11 22:32 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\c0018e4aaaa7eebb4fadaf5220854fe8\mcstore.ni.dll
+ 2011-08-11 22:32 . 2011-08-11 22:32 4088320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\0d18e8a503ef9e5bc676d89c7d508d7f\mcepg.ni.dll
+ 2011-08-11 22:30 . 2011-08-11 22:30 3347968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\92104881c09380b6b86ec656e8c502f6\UIAutomationClientsideProviders.ni.dll
+ 2011-08-11 22:30 . 2011-08-11 22:30 7963648 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
+ 2011-08-11 22:30 . 2011-08-11 22:30 5453312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a6409b4be5018e5cbad7ef197d4237e1\System.WorkflowServices.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\9af55d8d4cb44eabe53e940244864daa\System.Workflow.Runtime.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 4515840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\f40e6a02c815ee66b49d4f48802d9d9c\System.Workflow.ComponentModel.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\82e83c3d87d72cafffc60c55585daaaa\System.Workflow.Activities.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\873449038f590bc102daf0effd94c952\System.Web.Services.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4de6ad3bad2dc4fbbbd33b16b1a7b219\System.Web.Mobile.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\871d3f0cc83d73a106151257ee74a4aa\System.Web.Extensions.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2c7c32228442440e4c23f772fd64b24b\System.Speech.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\0139ae05cabaf2ac25cc85279e187e0a\System.ServiceModel.Web.ni.dll
+ 2011-08-11 22:36 . 2011-08-11 22:36 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e285e2af5e0e8ac7d91936b2cb18542f\System.Runtime.Serialization.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\b2834d89c14922370db32e5e4564e03a\System.Printing.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 1051136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 8872960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\f2b1857a7db371f0417a84e8ca25f450\System.Management.Automation.ni.dll
+ 2011-08-11 22:36 . 2011-08-11 22:36 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\5ab23d203c8bfade7160ea915719c730\System.IdentityModel.ni.dll
+ 2011-08-11 22:30 . 2011-08-11 22:30 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ac4d095d0371999fa879f8167e9a82fa\System.DirectoryServices.ni.dll
+ 2011-08-11 22:30 . 2011-08-11 22:30 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\364993b444187c2dd988cab2fb0f98c6\System.Deployment.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 6611456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\b7d1c271ec6b4df64c95563fc81ffc2f\System.Data.ni.dll
+ 2011-08-11 22:30 . 2011-08-11 22:30 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\6c9eef4471f39022ab9418637c7ee9e1\System.Data.SqlXml.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\702efea190a39de2bacb81cbaf32de99\System.Data.Services.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 1378816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3da17a7980d13fae329f2c3a77797b08\System.Data.Services.Client.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\12dc224b1ddff3b0c5b3fce1ac958a3f\System.Data.OracleClient.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\1992ecfb8eb3318820e3d28df55bee6a\System.Data.Linq.ni.dll
+ 2011-08-11 22:38 . 2011-08-11 22:38 9921536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\301160f0d81368efb2f79e9b714ec505\System.Data.Entity.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 2297856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\ebdaeeb5ef1a6209d67a2f70fcaf5cd5\System.Core.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\a09206d231b222c74183c7255bcacb35\ReachFramework.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7f0d64056a690c2fe26071b7368b4c56\PresentationUI.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 1451520 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\c16377318357fb4fcda87c1015815a76\PresentationBuildTasks.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\ca760a3cb6cabbdf11c1aa42e5b79ee9\Narrator.ni.exe
+ 2011-08-11 22:37 . 2011-08-11 22:37 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\97051ca60f5e2ea7927adebcb2af9097\MMCEx.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\40f947b2a4ecb8ba656104c3f77bb79b\MIGUIControls.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\47a4b624c147aae197214d4ee5f0661b\Microsoft.VisualBasic.ni.dll
+ 2011-08-11 22:36 . 2011-08-11 22:36 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\0d7a48003dd32151b3518b3ee7f13350\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\79af41ccc6bdc25ede7b249ae32f0101\Microsoft.PowerShell.Editor.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\348ff55789cc23b72b19036f01903b63\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\21f675cbc3d058e68f7f6371644da25f\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-08-11 22:36 . 2011-08-11 22:36 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\ffec5408d56ba9fb311518d6ec521691\Microsoft.MediaCenter.UI.ni.dll
+ 2011-08-11 22:36 . 2011-08-11 22:36 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\81359c52225ae557ddf7dbdf3c0bf048\Microsoft.MediaCenter.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 2335744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\35138a36b7d07f4d37adf96745ef80cb\Microsoft.JScript.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\9c17eb4bfbca7719a4f10bbd3473d07d\Microsoft.Ink.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\4b45a3a1f24d0d773f9f8fb2d8ce8164\Microsoft.Build.Tasks.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\01de5c2808a0c30578614dae24c5d591\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\db9750e8aae34d7bd25b76564f2cebd5\Microsoft.Build.Engine.ni.dll
+ 2011-08-11 22:37 . 2011-08-11 22:37 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\9004890e93911c7612aa5f218c474618\mcstore.ni.dll
+ 2011-08-11 22:36 . 2011-08-11 22:36 3025920 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\e0683c0b9e68c44011a1f4b70b85239f\mcepg.ni.dll
- 2011-06-16 05:34 . 2011-01-27 23:35 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-08-10 07:37 . 2011-05-04 22:32 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-08-10 07:36 . 2011-06-21 05:25 10991104 c:\windows\SysWOW64\ieframe.dll
- 2009-07-14 02:34 . 2011-08-10 08:01 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-08-11 22:24 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2011-06-16 05:35 . 2011-04-22 22:04 12262400 c:\windows\system32\ieframe.dll
+ 2011-08-10 07:36 . 2011-06-21 06:18 12262400 c:\windows\system32\ieframe.dll
+ 2011-08-11 22:27 . 2011-08-11 22:27 10618880 c:\windows\assembly\NativeImages_v2.0.50727_64\System\3e6eefab37b44e147db80a3c34f0ac05\System.ni.dll
+ 2011-08-11 22:28 . 2011-08-11 22:28 17379840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\0737590c91350bf9ce7416cbbf789bc7\System.Windows.Forms.ni.dll
+ 2011-08-11 22:29 . 2011-08-11 22:29 15249408 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\01e1dddd3684f57d19699eeb1fad3892\System.Web.ni.dll
+ 2011-08-11 22:32 . 2011-08-11 22:32 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\962330ba0685ac1176b611bc052d0ca7\System.ServiceModel.ni.dll
+ 2011-08-11 22:34 . 2011-08-11 22:34 11900928 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\34d1eab899a35bb7a0075c0b0b3d5938\System.Management.Automation.ni.dll
+ 2011-08-11 22:29 . 2011-08-11 22:29 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\9f162ee8ce0ec6b2a539b68041421911\System.Design.ni.dll
+ 2011-08-11 22:35 . 2011-08-11 22:35 13760000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\7bf5c7476d8c8255a30a4cda0c9f43be\System.Data.Entity.ni.dll
+ 2011-08-11 22:28 . 2011-08-11 22:28 19195392 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\90e096ee99f6b0760c47016f862cf5a8\PresentationFramework.ni.dll
+ 2011-08-11 22:27 . 2011-08-11 22:27 16540160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\72ea2b7db0ac2d9407d8ab2ed257c62a\PresentationCore.ni.dll
+ 2011-08-11 22:33 . 2011-08-11 22:33 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\857d393b4e25062d5ba400f3422b74e6\ehshell.ni.dll
+ 2011-08-11 22:30 . 2011-08-11 22:30 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 11819520 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\33b601c8e2cf4993e68d763389246197\System.Web.ni.dll
+ 2011-08-11 22:36 . 2011-08-11 22:36 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\052fc9c848a7f4630980ae0fd7a282e0\System.ServiceModel.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\cbd362859e818467b75aaf0287af0fe2\System.Design.ni.dll
+ 2011-08-11 22:31 . 2011-08-11 22:31 14339072 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll
+ 2011-08-11 22:30 . 2011-08-11 22:30 12234752 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-05-30 16:33 2495816 ----a-w- c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\KGH\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\KGH\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\KGH\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GeSWall]
@="{F6ACC71C-420B-4a95-905C-C7534706813C}"
[HKEY_CLASSES_ROOT\CLSID\{F6ACC71C-420B-4a95-905C-C7534706813C}]
2010-12-07 19:36 737280 ----a-w- c:\program files (x86)\geswall\gswshext.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PicPick Start"="c:\program files (x86)\PicPick\picpick.exe" [2011-06-29 10821120]
"UniClipper"="c:\users\KGH\Documents\Documents\My EverNote Files\Program Files\UniClipper.exe" [2007-12-11 1078208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Antiphishing Domain Advisor"="c:\programdata\Antiphishing Domain Advisor\vmn3_5dn.exe" [2010-11-12 221144]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-4-11 12862]
Secunia PSI Tray.lnk - f:\a launcher\Internet and Email\uTorrent\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F6ACC71C-420B-4a95-905C-C7534706813C}"= "c:\program files (x86)\geswall\gswshext.dll" [2010-12-07 737280]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 GeSWall;GeSWall; [x]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
R1 SASDIFSV;SASDIFSV;c:\users\KGH\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\KGH\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-11 135664]
R2 Secunia PSI Agent;Secunia PSI Agent;f:\a launcher\Internet and Email\uTorrent\PSI\PSIA.exe [2011-01-10 993848]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 AthDfu;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-05-30 1025352]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-11 135664]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 gswserv;GeSWall service;c:\program files (x86)\geswall\gswserv.exe [2010-12-06 970752]
S2 Secunia Update Agent;Secunia Update Agent;f:\a launcher\Internet and Email\uTorrent\PSI\sua.exe [2011-01-10 399416]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
S3 bbcap;bb_capture_driver;c:\windows\system32\DRIVERS\bbcap.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 97458483
*Deregistered* - 97458483
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-11 06:01]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-11 06:01]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4007560823-3881553181-3471522080-1001Core.job
- c:\users\KGH\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-21 20:07]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4007560823-3881553181-3471522080-1001UA.job
- c:\users\KGH\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-21 20:07]
.
2011-08-13 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4007560823-3881553181-3471522080-1001Core.job
- c:\users\KGH\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-07-19 22:01]
.
2011-08-13 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4007560823-3881553181-3471522080-1001UA.job
- c:\users\KGH\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-07-19 22:01]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\KGH\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\KGH\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\KGH\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\KGH\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-11-27 487424]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"AtherosBtStack"="c:\program files (x86)\ASUS Bluetooth Suite\BtvStack.exe" [2009-10-28 388608]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-05 980368]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
IE: {{4713C0DC-8162-411D-B5BC-CB7D24E17770} - c:\program files (x86)\Video Ads Blocker\addblocker.exe
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 172.16.1.254
TCP: Interfaces\{6BFF321F-441D-4B1C-9B96-01E81499D1C4}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{6BFF321F-441D-4B1C-9B96-01E81499D1C4}\4454E4F59405143535: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{6BFF321F-441D-4B1C-9B96-01E81499D1C4}\D416279772370205C6163656D27657563747: NameServer = 208.67.222.222,208.67.220.220
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Split Browser: {29c4afe1-db19-4298-8785-fcc94d1d6c1d} - %profile%\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
FF - Ext: Stop Autoplay: {2e61e246-e640-4c56-b1ed-f146dbed48cd} - %profile%\extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Complitly - Speed up your search with your personal search suggestions tool: {33e0daa6-3af3-d8b5-6752-10e949c61516} - %profile%\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-13 03:58:20
ComboFix-quarantined-files.txt 2011-08-13 09:58
ComboFix2.txt 2011-08-10 08:11
.
Pre-Run: 58,418,663,424 bytes free
Post-Run: 58,961,649,664 bytes free
.
- - End Of File - - 60E8D48BC2512E56BAE8667C5260C59C

#8 Elise

Bleepin' Blonde

Group: Malware Study Hall Admin
Posts: 38,999
Joined: 05-October 07
Gender:Female
Location:Romania

Posted 13 August 2011 - 06:16 AM

Hi, how are things running at this point?

regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton

Follow BleepingComputer on: Facebook | Twitter | Google+

#9 Cornetto

Member

Group: Members
Posts: 25
Joined: 18-June 11

Posted 13 August 2011 - 01:31 PM

Hi Elise,

The laptop will still not log in to Bleeping Computer but it will log in on my PC in under 4 seconds.

I use LastPass to log on to my computers. It works on the PC but not on the laptop. Nor will it log on manually to the laptop.

On the laptop, using either LastPass or a manual login the laptop will just hang. The screen is not frozen. Only Bleeping Computer seems to be affected. :blink:

With respect to the redirect, I have not used the laptop much, but on the pages I have used, there have not been any redirects.

#10 Elise

Bleepin' Blonde

Group: Malware Study Hall Admin
Posts: 38,999
Joined: 05-October 07
Gender:Female
Location:Romania

Posted 13 August 2011 - 01:57 PM

Hi, lets run another scan here.

OTL
-----
Please download OTL from one of the following mirrors:

This is THE Mirror

Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton

Follow BleepingComputer on: Facebook | Twitter | Google+

#11 Cornetto

Member

Group: Members
Posts: 25
Joined: 18-June 11

Posted 14 August 2011 - 06:56 AM

Good Day Elise,

Here are the two logs: OTL.txt and Extras.txt.
Enjoy :thumbup2:

I tried to post but I got the too long message.

This post is OTL.txt

It didn't work. Same too long message.

Hmm Still too long even when broken up.

Okay I am attaching the two files. I hope that works. If you want me to divide them among a number of posts I can do that tomorrow. Thank you.

Wow :lol:

The OTL.txt file won't even upload. I must have done something weird to generate such a large file. Any suggestions?

Attached File(s)

Extras.Txt (34.64K)
Number of downloads: 0

#12 Elise

Bleepin' Blonde

Group: Malware Study Hall Admin
Posts: 38,999
Joined: 05-October 07
Gender:Female
Location:Romania

Posted 14 August 2011 - 07:05 AM

Can you have a look at the log and let me know what section is the longest? (a section is marked by ========= <section name> ===========)

regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton

Follow BleepingComputer on: Facebook | Twitter | Google+

#13 Cornetto

Member

Group: Members
Posts: 25
Joined: 18-June 11

Posted 14 August 2011 - 11:54 PM

Hello Elise

The largest section is labelled: Files Modified within 365 days. It is 361k.
The second largest section is also labelled: Files Modified within 365 days and is around 300k.

Thanks again

#14 Elise

Bleepin' Blonde

Group: Malware Study Hall Admin
Posts: 38,999
Joined: 05-October 07
Gender:Female
Location:Romania

Posted 15 August 2011 - 03:25 AM

Please cut out these sections and post me the rest of the log.

regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton

Follow BleepingComputer on: Facebook | Twitter | Google+

#15 Cornetto

Member

Group: Members
Posts: 25
Joined: 18-June 11

Posted 15 August 2011 - 04:21 PM

Hello Elise,

I have removed the two largest sections from the log leaving the following File.

Parsed version of OTL logfile with two largest sections removed.

OTL logfile created on: 8/14/2011 1:37:56 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\KGH\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.86 Gb Total Physical Memory | 3.09 Gb Available Physical Memory | 80.24% Memory free
7.71 Gb Paging File | 6.18 Gb Available in Paging File | 80.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 54.33 Gb Free Space | 46.66% Space Free | Partition Type: NTFS
Drive D: | 332.72 Gb Total Space | 208.35 Gb Free Space | 62.62% Space Free | Partition Type: NTFS
Drive F: | 7.40 Gb Total Space | 1.20 Gb Free Space | 16.18% Space Free | Partition Type: FAT32

Computer Name: WALKABOUT | User Name: KGH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Processes (SafeList) ==========

PRC - [2011/08/14 01:33:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\KGH\Desktop\OTL.exe
PRC - [2011/06/29 05:27:58 | 010,821,120 | ---- | M] () -- C:\Program Files (x86)\PicPick\picpick.exe
PRC - [2011/05/18 14:39:30 | 007,747,408 | ---- | M] (ASCOMP Software GmbH) -- C:\Program Files (x86)\ASCOMP Software\BackUp Maker\bkmaker.exe
PRC - [2011/04/18 16:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2011/01/10 08:24:20 | 000,993,848 | ---- | M] (Secunia) -- F:\A LAUNCHER\Internet and Email\uTorrent\PSI\psia.exe
PRC - [2011/01/10 08:24:20 | 000,399,416 | ---- | M] (Secunia) -- F:\A LAUNCHER\Internet and Email\uTorrent\PSI\sua.exe
PRC - [2011/01/10 08:24:20 | 000,291,896 | ---- | M] (Secunia) -- F:\A LAUNCHER\Internet and Email\uTorrent\PSI\psi_tray.exe
PRC - [2010/12/06 09:51:14 | 000,970,752 | ---- | M] (GentleSecurity S.a.r.l.) -- C:\Program Files (x86)\geswall\gswserv.exe
PRC - [2010/11/12 09:38:54 | 000,221,144 | ---- | M] (Visicom Media Inc.) -- C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe
PRC - [2010/04/11 00:41:50 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/01/04 18:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/11/24 14:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/11/09 20:20:36 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/11/02 15:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/26 21:29:32 | 006,998,656 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009/10/26 11:10:42 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2009/09/30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/23 15:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/08/19 21:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009/06/19 11:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 11:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 18:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2009/05/18 16:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/12/22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2007/12/11 14:20:36 | 001,078,208 | ---- | M] (EverNote Corporation) -- C:\Users\KGH\My Documents\Documents\My EverNote Files\Program Files\UniClipper.exe
PRC - [2007/11/30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

========== Modules (SafeList) ==========

MOD - [2011/08/14 01:33:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\KGH\Desktop\OTL.exe
MOD - [2010/11/20 05:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/01/12 08:36:18 | 000,091,368 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2010/01/21 19:01:11 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/12/07 17:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/11/26 21:39:45 | 000,243,712 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/08/06 15:17:46 | 000,118,672 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/05/30 10:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/10 08:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- F:\A LAUNCHER\Internet and Email\uTorrent\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 08:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- F:\A LAUNCHER\Internet and Email\uTorrent\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/12/06 09:51:14 | 000,970,752 | ---- | M] (GentleSecurity S.a.r.l.) [Auto | Running] -- C:\Program Files (x86)\geswall\gswserv.exe -- (gswserv)
SRV - [2009/11/09 20:20:36 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/09/30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/15 18:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/16 01:52:37 | 000,004,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bbcap.sys -- (bbcap)
DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/04 23:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/24 10:57:54 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/03/24 10:57:54 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/01/12 08:36:14 | 000,147,048 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2010/12/08 04:12:36 | 000,308,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/25 05:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/01 02:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/08/25 14:45:30 | 000,050,768 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2010/08/25 14:45:28 | 000,566,864 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2010/08/25 14:45:28 | 000,037,456 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2010/01/21 19:13:23 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/01/21 19:13:23 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/21 18:07:55 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/18 06:37:57 | 000,128,512 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/11/26 21:39:45 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/11/13 03:47:35 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/10/25 22:39:43 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/23 11:04:24 | 000,329,728 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2009/10/22 08:49:28 | 000,057,344 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2009/10/22 08:46:22 | 000,240,128 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2009/10/21 12:58:14 | 000,031,744 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2009/10/21 08:42:38 | 000,126,976 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2009/10/20 10:51:28 | 000,025,088 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2009/10/04 19:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/29 19:34:31 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/21 00:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/08/11 21:38:01 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/08/06 15:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/06 15:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/07/25 15:23:56 | 000,047,616 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (AthDfu)
DRV:64bit: - [2009/07/20 03:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV:64bit: - [2009/06/10 14:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/13 10:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/05/23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/03/24 10:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/03/24 10:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/30 21:42:24 | 000,157,184 | ---- | M] (GentleSecurity S.a.r.l.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\geswall.sys -- (GeSWall)
DRV - [2009/07/02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca"

FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\KGH\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\KGH\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\KGH\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\KGH\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\KGH\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/08/10 13:17:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/07/12 01:16:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\K-Meleon\Extensions\\Plugins: C:\Program Files (x86)\K-Meleon\Plugins [2011/07/19 15:37:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\K-Meleon\Extensions\\Components: C:\Program Files (x86)\K-Meleon\Components [2011/07/19 15:37:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/22 15:31:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/22 15:31:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0}: C:\Program Files (x86)\Copernic Desktop Search - Home\Firefox36Connector [2011/06/11 19:20:02 | 000,000,000 | ---D | M]

[2010/10/25 02:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KGH\AppData\Roaming\Mozilla\Extensions
[2011/08/13 21:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions
[2011/05/08 09:24:08 | 000,000,000 | ---D | M] (Zoho Notebook Helper) -- C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions\{04f7e049-7604-4267-9f51-62018c2f504f}
[2010/09/19 16:44:23 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2011/05/08 09:24:08 | 000,000,000 | ---D | M] ("Stop Autoplay") -- C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}
[2011/05/08 09:24:08 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2011/07/01 00:33:53 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2011/05/08 09:24:08 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/05/08 09:24:08 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}
[2011/05/08 09:24:08 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2011/07/01 00:33:53 | 000,000,000 | ---D | M] (Empty Cache Button) -- C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
[2011/05/08 09:24:09 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2011/05/08 09:24:09 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/07/01 00:33:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/05/08 09:24:09 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011/08/03 01:20:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/07/01 00:33:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/05/08 09:24:09 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/05/08 09:24:10 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2011/07/01 00:30:19 | 000,000,000 | ---D | M] (AdBan) -- C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions\adban@ad-ban.appspot.com
[2011/05/08 09:24:08 | 000,000,000 | ---D | M] (Glide OS for Firefox) -- C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions\firefox@glideos.com
[2011/05/08 09:24:08 | 000,000,000 | ---D | M] (Gish It!) -- C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions\gish-it.ffext@gishpuppy
[2011/07/01 00:33:52 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions\support@lastpass.com
[2011/05/08 09:24:08 | 000,000,000 | ---D | M] (VideoSurf Videos at a Glance) -- C:\Users\KGH\AppData\Roaming\Mozilla\Firefox\Profiles\fxzzkfxz.default\extensions\videosurf_enhanced@videosurf.com
[2011/06/20 21:20:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/29 01:13:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/20 21:20:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/06/20 21:20:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[1999/12/31 16:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll

O1 HOSTS File: ([2011/08/10 02:08:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\KGH\AppData\Roaming\Complitly\64\AutocompletePro64.dll (SimplyGen)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\KGH\AppData\Roaming\Complitly\AutocompletePro.dll (SimplyGen)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3 - HKLM\..\Toolbar: (Copernic Desktop Search - Home Toolbar) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files (x86)\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000325.dll (Copernic Inc.)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\ASUS Bluetooth Suite\BtvStack.exe ()
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Setwallpaper] File not found
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Antiphishing Domain Advisor] C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe (Visicom Media Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe ()
O4 - HKCU..\Run: [UniClipper] C:\Users\KGH\Documents\Documents\My EverNote Files\Program Files\UniClipper.exe (EverNote Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra Button: Video Ads Blocker v2.0 - {4713C0DC-8162-411D-B5BC-CB7D24E17770} - C:\Program Files (x86)\Video Ads Blocker\addblocker.exe (SynergeticSoft)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - File not found
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.254
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {F6ACC71C-420B-4a95-905C-C7534706813C} - C:\Program Files (x86)\geswall\gswshext.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/28 02:29:20 | 000,000,151 | -H-- | M] () - F:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/01/28 02:29:20 | 000,000,151 | ---- | M] () - F:\AUTORUN_.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

CUT HERE

========== Files Created - No Company Name ==========

[2011/08/12 22:31:26 | 001,388,507 | ---- | C] () -- C:\Users\KGH\Desktop\tdsskiller.zip
[2011/08/10 13:29:20 | 000,001,253 | ---- | C] () -- C:\Users\KGH\Desktop\CodeStuff Starter.lnk
[2011/08/10 02:01:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/10 02:01:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/10 02:01:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/10 02:01:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/10 02:01:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/19 16:02:02 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4007560823-3881553181-3471522080-1001UA.job
[2011/07/19 16:02:01 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4007560823-3881553181-3471522080-1001Core.job
[2011/07/19 15:37:45 | 000,001,044 | ---- | C] () -- C:\Users\KGH\Application Data\Microsoft\Internet Explorer\Quick Launch\K-Meleon.lnk
[2011/07/19 15:37:45 | 000,001,020 | ---- | C] () -- C:\Users\KGH\Desktop\K-Meleon.lnk
[2011/07/05 23:15:49 | 000,000,474 | ---- | C] () -- C:\Users\KGH\Desktop\POCKET DRIVE (G) - Shortcut.lnk
[2011/07/01 13:49:06 | 000,001,769 | ---- | C] () -- C:\Users\KGH\Desktop\MySyncFolder.lnk
[2011/06/17 03:22:02 | 000,023,014 | ---- | C] () -- C:\Users\KGH\Documents\8013_100_100.png
[2011/06/16 00:19:53 | 000,121,681 | ---- | C] () -- C:\Windows\File Renamer - Basic Uninstaller.exe
[2011/06/11 19:19:53 | 000,001,206 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Copernic Desktop Search - Home.lnk
[2011/06/11 13:58:29 | 000,001,945 | ---- | C] () -- C:\Users\KGH\Desktop\Mozilla Firefox.lnk
[2011/06/07 13:17:02 | 000,000,450 | ---- | C] () -- C:\Users\KGH\Desktop\DATA (D) - Shortcut.lnk
[2011/06/06 19:32:18 | 000,045,380 | ---- | C] () -- C:\Users\KGH\Documents\capture_06062011_201844.jpg
[2011/06/06 19:31:01 | 000,053,885 | ---- | C] () -- C:\Users\KGH\Documents\capture_06062011_201842.jpg
[2011/06/06 19:30:16 | 000,067,149 | ---- | C] () -- C:\Users\KGH\Documents\capture_06062011_201841.jpg
[2011/06/06 17:39:49 | 000,062,295 | ---- | C] () -- C:\Users\KGH\Documents\Alicia Flower Stamen closeup.jpg
[2011/06/06 17:34:21 | 000,597,279 | ---- | C] () -- C:\Users\KGH\Documents\Alicia Flower Stamen.jpg
[2011/06/06 12:56:17 | 000,747,651 | ---- | C] () -- C:\Users\KGH\Documents\Alicias Dog Photo.jpg
[2011/05/29 23:23:38 | 000,001,761 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
[2011/05/25 19:10:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/17 11:14:18 | 000,000,031 | ---- | C] () -- C:\Windows\SysNative\bbcap.err
[2011/05/02 17:35:04 | 004,399,080 | ---- | C] () -- C:\Windows\SysNative\ffmpeg.dll
[2011/05/02 17:17:08 | 001,454,705 | ---- | C] () -- C:\Windows\SysNative\ffmpegmt.dll
[2011/05/02 17:11:42 | 004,785,664 | ---- | C] () -- C:\Windows\SysNative\ffdshow.ax
[2011/05/02 17:05:10 | 003,661,824 | ---- | C] () -- C:\Windows\SysWow64\ffdshow.ax
[2011/05/02 16:30:50 | 001,144,147 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2011/05/02 16:27:54 | 003,935,545 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011/05/02 14:23:46 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011/05/02 14:19:34 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011/05/02 14:19:20 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/05/02 13:54:32 | 000,116,224 | ---- | C] () -- C:\Windows\SysNative\ff_wmv9.dll
[2011/05/02 13:54:22 | 000,155,136 | ---- | C] () -- C:\Windows\SysNative\ff_libmad.dll
[2011/05/02 13:54:14 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\ff_liba52.dll
[2011/05/02 13:54:10 | 001,533,440 | ---- | C] () -- C:\Windows\SysNative\ff_samplerate.dll
[2011/05/02 13:54:04 | 000,222,720 | ---- | C] () -- C:\Windows\SysNative\ff_libdts.dll
[2011/05/02 13:53:58 | 000,168,448 | ---- | C] () -- C:\Windows\SysNative\ff_unrar.dll
[2011/05/02 13:52:58 | 000,347,136 | ---- | C] () -- C:\Windows\SysNative\ff_libfaad2.dll
[2011/05/02 13:52:20 | 000,190,464 | ---- | C] () -- C:\Windows\SysNative\libmpeg2_ff.dll
[2011/05/02 13:52:02 | 000,477,184 | ---- | C] () -- C:\Windows\SysNative\ff_kernelDeint.dll
[2011/05/02 13:34:56 | 000,621,568 | ---- | C] () -- C:\Windows\SysNative\TomsMoComp_ff.dll
[2011/04/06 22:03:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf
[2011/04/06 16:29:02 | 002,926,208 | ---- | C] () -- C:\Windows\SysNative\BootMan.exe
[2011/04/06 16:29:02 | 002,340,992 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/04/06 16:29:02 | 000,100,232 | ---- | C] () -- C:\Windows\SysNative\setupempdrvx64.exe
[2011/04/06 16:29:02 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/04/06 16:29:02 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/04/06 16:29:02 | 000,016,776 | ---- | C] () -- C:\Windows\SysNative\epmntdrv.sys
[2011/04/06 16:29:02 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/04/06 16:29:02 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\EuEpmGdi.dll
[2011/04/06 16:29:02 | 000,009,096 | ---- | C] () -- C:\Windows\SysNative\EuGdiDrv.sys
[2011/04/06 16:29:02 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/03/25 12:37:23 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/03/25 12:37:23 | 000,000,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011/03/18 15:32:44 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011/03/18 15:29:56 | 000,181,248 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011/03/18 15:28:30 | 001,557,504 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011/03/18 15:27:08 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011/03/18 15:26:44 | 000,484,864 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011/03/18 15:25:38 | 000,257,024 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011/03/18 15:25:24 | 000,141,312 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011/03/07 14:10:43 | 000,219,624 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/03/06 13:51:45 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011/03/06 13:48:56 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011/03/06 13:48:34 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011/03/06 13:48:34 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011/03/06 13:48:14 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011/03/06 13:14:44 | 000,001,969 | ---- | C] () -- C:\Users\KGH\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/03 05:40:46 | 000,552,960 | ---- | C] () -- C:\Windows\SysWow64\splitter.ax
[2011/03/03 05:40:32 | 000,861,696 | ---- | C] () -- C:\Windows\SysNative\splitter.x64.ax
[2011/03/03 05:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011/03/03 05:40:06 | 000,174,080 | ---- | C] () -- C:\Windows\SysNative\mkx.x64.dll
[2011/03/03 05:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011/03/03 05:39:54 | 000,122,368 | ---- | C] () -- C:\Windows\SysNative\avi.x64.dll
[2011/03/03 05:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011/03/03 05:39:44 | 000,165,888 | ---- | C] () -- C:\Windows\SysNative\mp4.x64.dll
[2011/03/03 05:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011/03/03 05:39:32 | 000,139,264 | ---- | C] () -- C:\Windows\SysNative\ogm.x64.dll
[2011/03/03 05:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011/03/03 05:39:00 | 000,135,680 | ---- | C] () -- C:\Windows\SysNative\dsmux.x64.exe
[2011/03/03 05:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011/03/03 05:38:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysNative\ts.x64.dll
[2011/03/03 05:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011/03/03 05:38:34 | 000,332,288 | ---- | C] () -- C:\Windows\SysNative\dxr.x64.dll
[2011/03/03 05:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011/03/03 05:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011/03/03 05:38:02 | 000,160,768 | ---- | C] () -- C:\Windows\SysNative\mkv2vfr.x64.exe
[2011/03/03 05:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011/03/03 05:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011/03/03 05:37:34 | 000,481,792 | ---- | C] () -- C:\Windows\SysNative\gdsmux.x64.exe
[2011/03/03 05:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011/03/03 05:35:30 | 000,084,992 | ---- | C] () -- C:\Windows\SysNative\mkzlib.x64.dll
[2011/03/03 05:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011/03/03 05:35:24 | 000,024,576 | ---- | C] () -- C:\Windows\SysNative\mkunicode.x64.dll
[2011/02/22 13:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/22 13:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/01/31 17:14:32 | 000,000,898 | ---- | C] () -- C:\Users\KGH\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2011/01/31 17:14:29 | 000,002,458 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/01/29 19:59:20 | 000,002,153 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 10.lnk
[2011/01/28 11:48:19 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/01/28 11:48:03 | 000,722,802 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/24 22:33:47 | 000,536,120 | ---- | C] () -- C:\Users\KGH\Documents\summer-glau-vertical.jpg
[2011/01/24 18:45:37 | 000,001,192 | ---- | C] () -- C:\Users\KGH\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
[2011/01/24 18:45:35 | 000,001,192 | ---- | C] () -- C:\Users\Public\Desktop\My LastPass Vault.lnk
[2011/01/24 15:43:13 | 000,000,961 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011/01/21 14:08:02 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4007560823-3881553181-3471522080-1001UA.job
[2011/01/21 14:08:01 | 000,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4007560823-3881553181-3471522080-1001Core.job
[2011/01/15 01:06:29 | 000,001,371 | ---- | C] () -- C:\Users\Public\Desktop\xplorer2 Lite.lnk
[2011/01/03 03:24:11 | 000,101,567 | ---- | C] () -- C:\Users\KGH\Documents\Black Wallpaper.jpg
[2010/12/26 00:56:30 | 000,002,515 | ---- | C] () -- C:\Users\KGH\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/12/26 00:56:30 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2010/12/26 00:52:55 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2010/12/26 00:38:47 | 000,001,847 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2010/12/13 11:19:41 | 000,365,018 | ---- | C] () -- C:\Users\KGH\Documents\summer glau 2 corrected.jpg
[2010/12/07 05:19:48 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/11/02 05:01:10 | 000,001,906 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2010/11/01 01:30:57 | 000,000,000 | ---- | C] () -- C:\Users\KGH\defogger_reenable
[2010/10/31 02:52:02 | 000,002,478 | ---- | C] () -- C:\Users\KGH\Desktop\Paragon Backup & Recovery™ 2010 Free Advanced.lnk
[2010/10/16 03:07:24 | 000,007,613 | ---- | C] () -- C:\Users\KGH\AppData\Local\Resmon.ResmonCfg
[2010/10/15 18:38:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysNative\acovcnt.exe
[2010/09/10 15:24:32 | 000,000,707 | ---- | C] () -- C:\Users\KGH\Documents\Documents - Shortcut.lnk
[2010/09/10 14:33:22 | 000,000,430 | ---- | C] () -- C:\Users\KGH\Desktop\SD Card F.lnk
[2010/08/18 13:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2010/08/08 00:49:56 | 000,046,592 | ---- | C] () -- C:\Users\KGH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/07 01:51:06 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010/04/11 00:42:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2010/04/11 00:31:04 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/04/10 23:28:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/08/19 02:33:09 | 000,020,480 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
[2009/08/19 02:33:09 | 000,000,232 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/08/11 15:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe
[2009/08/11 15:21:20 | 001,021,440 | ---- | C] () -- C:\Windows\SysWow64\ac3filter_intl.dll
[2009/07/28 23:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/02/26 00:50:32 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2008/11/06 09:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2006/05/18 21:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2006/03/03 22:52:00 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AB689DEA

< End of report >

I noticed another odd thing.

I have mentioned that I cannot log on to Bleeping Computer; I discovered that I cannot even view Gizmo's techsupportalert.com site.