Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Winamp 5.8 Media Player Released in All Its Nostalgic Glory

Featured Deal: Get The Pay What You Want: AWS Cloud Development Bundle Deal

Trojan horse Generic14.AQKZ blocks rootrepeal, cannot be removed by AV programs

Started by Purgatorios , Oct 19 2009 09:15 PM

Please log in to reply

13 replies to this topic

#1 Purgatorios

Members
29 posts
OFFLINE

Local time:05:54 AM

Posted 19 October 2009 - 09:15 PM

Hi all, I was just referred here by the helpful garmanma: http://www.bleepingcomputer.com/forums/t/264102/after-infection-my-primary-account-freezes/

I am getting real-time shield notices of generic trojan or Trojan horse Generic14.AQKZ from both AVG Free and symantec endpoint. Also, my primary account no longer starts the start bar and desktop when I log in, but just pops up the documents folder? I have to start explorer.exe myself from the task manager "new task" option in order to see desktop and start bar, after which they work normally. As noted above, rootrepeal hangs when run, I tried it many times and it ran very very very slowly for ~8 hours then stopped making progress.

I notice large amounts of CPU and physical memory usage that is not accounted for in task manager process list. I've been told that you guys are very busy: thanks for spending your time helping us out! It's right neighborly.

Computer info:

I'm running Windows Vista Home Premium 32-bit, Service Pack 1. Intel Core 2 Duo CPU T7250 @ 2.00GHz 2.00GHz
2.00 GB ram

Steps taken:

I have been running symantec Endpoint protection and its updates are current as of today. When I got the viruses I installed and ran scans with AVG Free, SUPERantispyware and Malwarebytes.

I have no rootrepeal log because I couldn't complete a scan. For partial scan image see the linked topic above.

peek.bat log:

m Volume in drive C is OS
Volume Serial Number is 045E-B498

Directory of C:\WINDOWS\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e

04/10/2009 11:28 PM 177,152 scecli.dll
1 File(s) 177,152 bytes

Directory of C:\WINDOWS\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3

04/10/2009 11:28 PM 592,896 netlogon.dll
1 File(s) 592,896 bytes

Directory of C:\WINDOWS\System32

01/19/2008 12:36 AM 177,152 scecli.dll

Directory of C:\WINDOWS\System32

01/19/2008 12:35 AM 592,384 netlogon.dll

Directory of C:\WINDOWS\System32

11/02/2006 02:46 AM 11,776 cngaudit.dll
3 File(s) 781,312 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6

11/02/2006 02:46 AM 11,776 cngaudit.dll
1 File(s) 11,776 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e

11/02/2006 02:46 AM 176,640 scecli.dll
1 File(s) 176,640 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12

01/19/2008 12:36 AM 177,152 scecli.dll
1 File(s) 177,152 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783

11/02/2006 02:46 AM 559,616 netlogon.dll
1 File(s) 559,616 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857

01/19/2008 12:35 AM 592,384 netlogon.dll
1 File(s) 592,384 bytes

Total Files Listed:
10 File(s) 3,068,928 bytes
0 Dir(s) 31,576,416,256 bytes free

DDS Log: (attach.txt is attached)

DDS (Ver_09-10-13.01) - NTFSx86
Run by Ryan at 18:13:47.24 on Mon 10/19/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.684 [GMT -7:00]

AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec Endpoint Protection *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\OMNIC\ThermoBenchService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Users\Ryan\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\DWHWizrd.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\mmc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Runtime Software\DriveImage XML\dixml.exe
C:\Program Files\Runtime Software\DriveImage XML\dixml.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ryan\Desktop\dds.scr
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071214
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071214
uWinlogon: Shell=c:\recycler\s-1-5-21-8439818098-2080355288-076337672-6009\dllrun32.exe,explorer.exe "c:\users\ryan\fbbv.exe"
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\ryan\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\ryan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\monitor.lnk - c:\program files\sandisk\sandisk transfermate\SD Monitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: {18EAC748-3145-4B55-9178-E37A709CBB21} = 68.94.156.1,68.94.157.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\ryan\appdata\roaming\mozilla\firefox\profiles\oib1us2g.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\users\ryan\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-12 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-12 108552]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-10-12 297752]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-8-23 5376]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-9 102448]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-12-14 179712]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 tatertot.scr;tatertot.scr;c:\windows\system32\drivers\tatertot.scr.sys [2009-10-17 34816]
S3 tatertot;tatertot;c:\windows\system32\drivers\tatertot.sys [2009-10-17 34816]

=============== Created Last 30 ================

2009-10-19 18:00 106,424 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-10-19 17:55 --d----- c:\program files\Runtime Software
2009-10-18 18:57 --d----- c:\users\ryan\appdata\roaming\OpenOffice.org
2009-10-18 18:44 --d----- c:\program files\JRE
2009-10-18 18:42 --d----- c:\program files\OpenOffice.org 3
2009-10-17 17:40 34,816 a------- c:\windows\system32\drivers\tatertot.sys
2009-10-17 17:38 34,816 a------- c:\windows\system32\drivers\tatertot.scr.sys
2009-10-15 11:05 213,504 a------- c:\windows\system32\msv1_0.dll
2009-10-15 11:05 3,597,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-10-15 11:05 3,546,184 a------- c:\windows\system32\ntoskrnl.exe
2009-10-15 11:04 428,544 a------- c:\windows\system32\EncDec.dll
2009-10-15 11:04 217,088 a------- c:\windows\system32\psisrndr.ax
2009-10-15 11:04 293,376 a------- c:\windows\system32\psisdecd.dll
2009-10-15 11:04 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-10-15 11:04 80,896 a------- c:\windows\system32\MSNP.ax
2009-10-15 11:03 61,440 a------- c:\windows\system32\msasn1.dll
2009-10-15 11:03 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-10-15 11:03 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2009-10-12 18:56 --d-h--- C:\$AVG8.VAULT$
2009-10-12 16:35 --d----- c:\programdata\SUPERAntiSpyware.com
2009-10-12 16:35 --d----- c:\progra~2\SUPERAntiSpyware.com
2009-10-12 16:33 --d----- c:\users\ryan\appdata\roaming\SUPERAntiSpyware.com
2009-10-12 16:33 --d----- c:\program files\SUPERAntiSpyware
2009-10-12 16:27 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-10-12 16:27 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-10-12 16:27 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-12 16:26 --d----- c:\windows\system32\drivers\Avg
2009-10-12 16:25 --d----- c:\program files\AVG
2009-10-12 16:25 --d----- c:\programdata\avg8
2009-10-12 16:25 --d----- c:\progra~2\avg8
2009-10-12 16:20 --d----- c:\users\ryan\appdata\roaming\AVG8
2009-10-04 22:46 --d----- c:\programdata\Simply Super Software
2009-10-04 22:46 --d----- c:\progra~2\Simply Super Software
2009-10-03 20:08 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-29 01:31 --d----- c:\program files\VideoLAN
2009-09-29 01:28 --d----- c:\program files\common files\xing shared
2009-09-29 01:28 --d----- c:\programdata\Real
2009-09-29 01:28 --d----- c:\program files\common files\Real
2009-09-28 15:11 2,421,760 a------- c:\windows\system32\wucltux.dll
2009-09-28 15:10 87,552 a------- c:\windows\system32\wudriver.dll
2009-09-28 15:10 171,608 a------- c:\windows\system32\wuwebv.dll
2009-09-28 15:10 33,792 a------- c:\windows\system32\wuapp.exe
2009-09-25 22:43 819,200 a------- c:\windows\system32\xvidcore.dll
2009-09-25 22:43 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-09-25 22:43 77,824 a------- c:\windows\system32\xvid.ax
2009-09-25 22:43 --d----- c:\program files\Xvid
2009-09-25 22:37 --d----- c:\program files\common files\PX Storage Engine
2009-09-25 22:37 --d----- c:\program files\DivX
2009-09-25 22:37 --d----- c:\program files\common files\DivX Shared
2009-09-24 00:35 --d----- c:\program files\iPod
2009-09-24 00:34 --d----- c:\program files\iTunes
2009-09-21 17:25 296,960 a------- c:\windows\winhlp32.exe
2009-09-21 17:25 194,560 a------- c:\windows\system32\ftsrch.dll
2009-09-21 17:25 9,728 a------- c:\windows\system32\ftlx041e.dll
2009-09-21 17:25 9,216 a------- c:\windows\system32\ftlx0411.dll
2009-09-21 16:52 --d-h--- c:\windows\PIF
2009-09-21 16:51 570,128 -------- c:\windows\system32\dao350.dll
2009-09-21 16:51 415,504 -------- c:\windows\system32\Msrepl35.dll
2009-09-21 16:51 252,176 -------- c:\windows\system32\Msrd2x35.dll
2009-09-21 16:51 204,296 -------- c:\windows\system32\Richtx32.ocx
2009-09-21 16:51 123,664 -------- c:\windows\system32\Msjint35.dll
2009-09-21 16:51 89,360 -------- c:\windows\system32\Vb5db.dll
2009-09-21 16:51 24,848 -------- c:\windows\system32\Msjter35.dll
2009-09-21 16:51 1,069 -------- c:\windows\system32\vbrun60.inf
2009-09-21 16:51 1,046,288 -------- c:\windows\system32\Msjet35.dll
2009-09-21 16:51 311,296 -------- c:\windows\system32\Msacc8.olb
2009-09-21 16:48 24 a------- c:\windows\tb60.ini
2009-09-21 16:48 24 a------- c:\windows\tb50.ini
2009-09-21 16:48 --d----- C:\TOOLBKFOLDER
2009-09-21 16:46 505 -------- c:\windows\omnic32.bak
2009-09-21 16:46 --d----- c:\program files\TQ Analyst
2009-09-21 16:36 --d----- c:\users\ryan\appdata\roaming\Malwarebytes
2009-09-21 16:36 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-21 16:36 --d----- c:\programdata\Malwarebytes
2009-09-21 16:36 --d----- c:\progra~2\Malwarebytes
2009-09-21 16:36 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-21 16:36 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-21 16:29 321 a------- c:\windows\winhlp32.ini
2009-09-21 16:29 321 a------- c:\windows\winhelp.ini
2009-09-21 16:24 551 a------- c:\windows\omnic32.ini
2009-09-21 16:24 --d----- c:\program files\common files\ThermoGalactic
2009-09-21 16:23 --d----- c:\program files\Asymetrix
2009-09-21 16:21 --d----- c:\program files\OMNIC
2009-09-21 16:21 --d----- C:\My Documents
2009-09-21 16:21 1,278 a------- c:\windows\OMUPDATE.INI
2009-09-20 20:28 180,224 a------- c:\windows\system32\SanDisk Screen Saver.scr
2009-09-20 20:28 212,480 a------- c:\windows\PCDLIB32.DLL
2009-09-20 20:28 --d----- c:\program files\SanDisk
2009-09-20 20:25 --d----- c:\program files\common files\SWF Studio
2009-09-20 16:27 --d----- c:\users\ryan\appdata\roaming\ZoomBrowser EX
2009-09-20 16:02 113 a------- c:\windows\photoimpression.ini
2009-09-20 16:02 29 a------- c:\windows\videoimp.ini
2009-09-20 16:02 155,408 a------- c:\windows\system32\LMRT.dll
2009-09-20 16:02 140,800 a------- c:\windows\system32\tm20dec.ax
2009-09-20 16:02 38,160 a------- c:\windows\system32\LMRTREND.dll
2009-09-20 16:02 182,032 a------- c:\windows\system32\dxtmsft3.dll
2009-09-20 16:02 217,984 a------- c:\windows\system32\strmdll.dll
2009-09-20 16:02 63,488 a------- c:\windows\system32\unam4ie.exe
2009-09-20 16:01 11,776 a------- c:\windows\system32\mciqtz.drv
2009-09-20 16:01 10,240 a------- c:\windows\system32\vidx16.dll
2009-09-20 16:01 5,672 a------- c:\windows\system32\quartz.vxd
2009-09-20 16:01 194,320 a------- c:\windows\system32\qcut.dll
2009-09-20 16:01 4,608 a------- c:\windows\system32\w95inf32.dll
2009-09-20 16:01 2,272 a------- c:\windows\system32\w95inf16.dll
2009-09-20 16:01 77,312 a------- c:\windows\system32\TWAIN_32.DLL
2009-09-20 16:01 212,480 a------- c:\windows\system32\pcdlib32.dll
2009-09-20 15:59 306,688 a------- c:\windows\IsUninst.exe

==================== Find3M ====================

2009-10-19 17:17 88,672 a------- c:\programdata\nvModes.dat
2009-10-19 17:17 88,672 a------- c:\progra~2\nvModes.dat
2009-10-18 18:38 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-29 01:28 348,160 a------- c:\windows\system32\msvcr71.dll
2009-09-20 15:56 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-20 15:56 51,200 a------- c:\windows\inf\infpub.dat
2009-09-20 15:56 86,016 a------- c:\windows\inf\infstor.dat
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 05:39 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 05:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 05:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 05:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 05:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 03:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-26 22:22 916,480 a------- c:\windows\system32\wininet.dll
2009-08-26 22:17 109,056 a------- c:\windows\system32\iesysprep.dll
2009-08-26 22:17 71,680 a------- c:\windows\system32\iesetup.dll
2009-08-26 20:42 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-14 09:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 09:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 07:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 07:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 07:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 07:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 07:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 07:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 07:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-07 19:51 15,308,424 a------- c:\windows\system32\xlive.dll
2009-08-07 19:51 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-08-07 03:55 48,104 a------- c:\users\ryan\appdata\roaming\nvModes.dat
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-03-05 19:15 174 a--sh--- c:\program files\desktop.ini
2009-03-05 19:01 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-12-19 12:31 32,768 a--sh--- c:\windows\temp\cookies\index.dat
2007-12-19 12:31 32,768 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2007-12-19 12:31 49,152 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat
2007-12-14 00:09 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:18:25.14 ===============

Attached Files

Attach.txt 14.06KB 3 downloads

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 myrti

Sillyberry

Malware Study Hall Admin
33,779 posts
OFFLINE

Gender:Female
Location:At home
Local time:02:54 PM

Posted 30 October 2009 - 09:55 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Please download OTL from following mirror:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird? a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

Follow BleepingComputer on: Facebook | Twitter | Google+

#3 Purgatorios

Topic Starter

Members
29 posts
OFFLINE

Local time:05:54 AM

Posted 30 October 2009 - 02:42 PM

Hello _temp_, thanks for the help. Of course I understand about the wait....all volunteer basis for a free valuable service and a long wait happens often.

Sooo....everything is exactly as above: same virus messages, same problems with explorer.exe not starting on startup. The only major change that I've made is to update from Vista SP1 to SP2. Here are the OTL logs:

OTL logfile created on: 10/30/2009 12:25:20 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Users\Ryan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.04% Memory free
4.00 Gb Paging File | 2.88 Gb Available in Paging File | 72.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.21 Gb Total Space | 20.19 Gb Free Space | 20.35% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.23 Gb Free Space | 62.26% Space Free | Partition Type: NTFS
Drive E: | 679.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.88 Gb Total Space | 1.87 Gb Free Space | 99.23% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RYAN
Current User Name: Ryan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/30 12:23:11 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
PRC - [2009/10/27 23:09:54 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/27 23:09:54 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/27 23:09:54 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/10/27 23:09:53 | 02,010,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/10/27 23:09:52 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/18 18:38:39 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/09 11:24:55 | 00,919,024 | ---- | M] (Google Inc.) -- C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/09/29 01:28:23 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/26 20:41:45 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
PRC - [2009/08/24 14:22:36 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
PRC - [2009/08/24 14:22:36 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Users\Ryan\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/01 13:51:52 | 01,468,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2009/06/01 13:51:52 | 00,448,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2009/05/27 18:00:32 | 00,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/05/21 10:55:32 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/17 03:35:18 | 00,408,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2009/04/10 23:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/04/10 23:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/10 23:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/10/25 08:18:50 | 00,098,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/01/19 00:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/19 00:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/19 00:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 00:33:15 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2007/09/07 21:33:34 | 01,635,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2007/09/07 21:33:32 | 02,532,736 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2007/09/06 02:55:38 | 02,177,464 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2007/08/06 02:08:40 | 00,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/08/06 02:08:06 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/06/27 03:17:02 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/06/27 03:17:00 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\STacSV.exe
PRC - [2007/05/31 08:21:28 | 00,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdc.exe
PRC - [2007/05/10 23:57:30 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\HidFind.exe
PRC - [2007/05/10 23:57:26 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/05/10 23:57:24 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/05/10 23:57:24 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apntex.exe
PRC - [2007/04/28 22:24:30 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe
PRC - [2007/04/27 07:34:18 | 01,123,872 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/04/16 15:10:26 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/03/21 12:33:44 | 01,548,288 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2007/03/21 12:33:44 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2007/03/21 12:33:42 | 01,724,416 | ---- | M] (Dell Inc.) -- C:\Windows\System32\bcmwltry.exe
PRC - [2006/11/03 17:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/01/05 10:57:00 | 00,114,688 | ---- | M] (SanDisk) -- C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
PRC - [2004/08/05 11:13:48 | 00,229,438 | ---- | M] (Thermo Electron Corporation) -- C:\Program Files\OMNIC\ThermoBenchService.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/10/27 23:09:52 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd [Auto | Running])
SRV - [2009/09/24 18:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache [On_Demand | Stopped])
SRV - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/07/05 18:02:52 | 00,658,432 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/05/27 18:00:32 | 00,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2009/04/10 23:28:25 | 01,017,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009/03/29 21:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/02/18 11:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/18 11:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/02/18 11:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2008/01/19 00:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])
SRV - [2008/01/19 00:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
SRV - [2008/01/19 00:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2007/10/11 08:49:46 | 00,076,016 | ---- | M] () -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService [On_Demand | Stopped])
SRV - [2007/09/07 21:35:04 | 00,234,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC [On_Demand | Stopped])
SRV - [2007/09/07 21:33:32 | 02,532,736 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService [Auto | Running])
SRV - [2007/09/06 02:55:38 | 02,177,464 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2007/08/11 19:05:27 | 03,093,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/08/06 02:08:06 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2007/08/06 02:08:06 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2007/06/27 03:17:00 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\STacSV.exe -- (STacSV [Auto | Running])
SRV - [2007/05/31 08:21:24 | 00,379,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm [Auto | Running])
SRV - [2007/05/31 08:21:18 | 00,183,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr [Auto | Running])
SRV - [2007/04/28 22:24:30 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])
SRV - [2007/03/21 12:33:44 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2006/11/02 05:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/08/05 11:13:48 | 00,229,438 | ---- | M] (Thermo Electron Corporation) -- C:\Program Files\OMNIC\ThermoBenchService.exe -- (TMSRVC [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/10/27 23:09:54 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/10/27 23:09:54 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/10/17 19:21:31 | 00,034,816 | ---- | M] () -- C:\Windows\System32\drivers\tatertot.scr.sys -- (tatertot.scr [On_Demand | Stopped])
DRV - [2009/10/17 17:40:45 | 00,034,816 | ---- | M] () -- C:\Windows\System32\drivers\tatertot.sys -- (tatertot [On_Demand | Stopped])
DRV - [2009/09/15 11:42:48 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/09/15 11:42:46 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/09/15 11:42:44 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2009/08/28 19:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2009/08/26 01:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009/08/26 01:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2009/08/25 01:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091029.005\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2009/08/25 01:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091029.005\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/07/05 16:47:51 | 00,721,904 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009/06/01 13:51:54 | 00,030,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\point32k.sys -- (Point32 [On_Demand | Running])
DRV - [2009/05/27 16:04:00 | 09,850,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2009/05/09 01:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\NuidFltr.sys -- (NuidFltr [On_Demand | Running])
DRV - [2009/04/10 21:42:54 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2008/07/30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])
DRV - [2007/12/19 11:35:22 | 00,136,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2007/12/14 00:09:35 | 00,020,152 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2007/12/14 00:09:35 | 00,019,128 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2007/12/14 00:09:35 | 00,017,592 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2007/08/23 17:29:10 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\Windows\System32\DRIVERS\datunidr.sys -- (datunidr [Auto | Running])
DRV - [2007/08/14 16:54:00 | 00,277,040 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SRTSPL.SYS -- (SRTSPL [On_Demand | Stopped])
DRV - [2007/08/14 16:54:00 | 00,250,416 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SRTSP.SYS -- (SRTSP [System | Running])
DRV - [2007/08/14 16:54:00 | 00,025,136 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2007/07/31 01:17:26 | 00,418,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
DRV - [2007/06/27 03:17:04 | 00,326,656 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA [On_Demand | Running])
DRV - [2007/05/11 00:00:48 | 00,179,712 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\b57nd60x.sys -- (b57nd60x [On_Demand | Stopped])
DRV - [2007/05/10 23:57:22 | 00,157,184 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2007/04/28 23:43:22 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastor.sys -- (iaStor [Boot | Running])
DRV - [2007/04/28 23:34:36 | 00,037,376 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rixdptsk.sys -- (rismxdp [Auto | Running])
DRV - [2007/04/28 23:34:34 | 00,043,520 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rimsptsk.sys -- (rimsptsk [Auto | Running])
DRV - [2007/04/28 23:34:34 | 00,032,256 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rimmptsk.sys -- (rimmptsk [Auto | Running])
DRV - [2007/04/28 22:24:30 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.sys -- (XAudio [Auto | Running])
DRV - [2007/04/28 22:24:28 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2007/04/28 22:24:28 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2007/04/28 22:24:28 | 00,206,848 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
DRV - [2007/04/28 22:24:28 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2007/03/21 12:33:46 | 00,534,016 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\bcmwl6.sys -- (BCM43XX [On_Demand | Running])
DRV - [2007/01/09 15:46:26 | 00,191,544 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2007/01/09 15:46:26 | 00,027,576 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2006/11/06 18:37:16 | 00,078,128 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio [On_Demand | Running])
DRV - [2006/11/06 16:13:52 | 00,016,560 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\DRIVERS\btwrchid.sys -- (btwrchid [On_Demand | Running])
DRV - [2006/11/06 16:13:50 | 00,080,176 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt [On_Demand | Running])
DRV - [2006/11/02 02:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 02:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 02:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2006/11/02 02:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 02:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 02:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Boot | Running])
DRV - [2006/11/02 02:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 02:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2006/11/02 02:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2006/11/02 02:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2006/11/02 02:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 02:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 02:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 02:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 02:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006/11/02 02:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2006/11/02 02:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2006/11/02 02:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006/11/02 02:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2006/11/02 02:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006/11/02 02:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 02:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006/11/02 02:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 02:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2006/11/02 02:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 02:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 02:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 02:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 02:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006/11/02 02:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 02:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 02:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 01:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 01:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2006/11/02 01:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 01:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 01:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 01:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 00:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2006/11/02 00:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\DRIVERS\atikmdag.sys -- (R300 [On_Demand | Stopped])
DRV - [2006/11/02 00:30:55 | 00,200,704 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\e1e6032.sys -- (e1express [On_Demand | Stopped])
DRV - [2006/11/02 00:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006/11/01 23:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct [On_Demand | Stopped])
DRV - [2003/07/16 20:37:44 | 00,016,509 | ---- | M] (Palm, Inc.) -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])

========== Modules (SafeList) ==========

MOD - [2009/10/30 12:23:11 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
MOD - [2009/10/27 23:09:54 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/10 23:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3041016070-1017456950-1424249797-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=3071214
IE - HKU\S-1-5-21-3041016070-1017456950-1424249797-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3041016070-1017456950-1424249797-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-3041016070-1017456950-1424249797-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=3071214
IE - HKU\S-1-5-21-3041016070-1017456950-1424249797-1001\S-1-5-21-3041016070-1017456950-1424249797-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/11 20:52:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/29 01:28:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/18 18:56:19 | 00,000,000 | ---D | M]

[2009/06/13 13:17:56 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\mozilla\Extensions
[2009/06/13 13:17:56 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/25 18:13:49 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\mozilla\Firefox\Profiles\oib1us2g.default\extensions
[2009/08/14 06:56:45 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\mozilla\Firefox\Profiles\oib1us2g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/15 01:48:29 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\mozilla\Firefox\Profiles\oib1us2g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/07 18:12:45 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\mozilla\Firefox\Profiles\oib1us2g.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/07/02 17:13:23 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\mozilla\Firefox\Profiles\oib1us2g.default\extensions\elemhidehelper@adblockplus.org
[2009/10/18 18:39:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/25 23:38:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/08 17:24:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/10/18 18:39:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/06/13 13:17:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\inspector@mozilla.org
[2009/06/13 13:17:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2009/09/25 23:38:04 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/25 23:38:04 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/13 17:16:26 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/10/18 18:38:42 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/07/13 17:15:48 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/07/13 17:15:58 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/12/19 05:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/09/25 23:38:05 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/10/02 22:13:10 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/09/29 01:28:48 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/09/09 22:04:05 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/09 22:04:05 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/09 22:04:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/09 22:04:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/09 22:04:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/09 22:04:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/09 22:04:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/09/29 01:28:55 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/09/29 01:28:45 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/07/13 17:16:26 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/06/13 13:17:45 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/13 13:17:45 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/13 13:17:45 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/13 13:17:45 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/13 13:17:45 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/13 13:17:45 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-3041016070-1017456950-1424249797-1001..\Run: [Google Update] C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-3041016070-1017456950-1424249797-1001..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Gita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 130.212.10.163 130.212.10.238
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3041016070-1017456950-1424249797-1001 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-8439818098-2080355288-076337672-6009\dllrun32.exe) - C:\RECYCLER\S-1-5-21-8439818098-2080355288-076337672-6009\dllrun32.exe File not found
O20 - HKU\S-1-5-21-3041016070-1017456950-1424249797-1001 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3041016070-1017456950-1424249797-1001 Winlogon: Shell - ("C:\Users\Ryan\fbbv.exe") - C:\Users\Ryan\fbbv.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/10/28 14:55:20 | 00,000,246 | ---- | M] () - F:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{6f9b534c-b285-11de-aee3-001dd9e71551}\Shell\AutoRun\command - "" = I:\tmp.folder\restore.exe -- File not found
O33 - MountPoints2\{6f9b534c-b285-11de-aee3-001dd9e71551}\Shell\ExploRE\CoMmaNd - "" = I:\tmp.folder\restore.exe -- File not found
O33 - MountPoints2\{6f9b534c-b285-11de-aee3-001dd9e71551}\Shell\OPeN\commAnd - "" = I:\tmp.folder\restore.exe -- File not found
O33 - MountPoints2\{82e4def8-92cf-11de-83a8-001c23fb81ca}\Shell\AutoRun\command - "" = F:\_cache.tmp\gam3.exe -- File not found
O33 - MountPoints2\{82e4def8-92cf-11de-83a8-001c23fb81ca}\Shell\eXpLorE\cOMMand - "" = F:\_cache.tmp\gam3.exe -- File not found
O33 - MountPoints2\{82e4def8-92cf-11de-83a8-001c23fb81ca}\Shell\oPen\CoMMAnd - "" = F:\_cache.tmp\gam3.exe -- File not found
O33 - MountPoints2\{c3eeff6b-69be-11de-8058-001dd9e71551}\Shell - "" = AutoRun
O33 - MountPoints2\{c3eeff6b-69be-11de-8058-001dd9e71551}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O33 - MountPoints2\{f9e4932b-5551-11de-9071-001dd9e71551}\Shell\AutoRun\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\{f9e4932b-5551-11de-9071-001dd9e71551}\Shell\explore\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\{f9e4932b-5551-11de-9071-001dd9e71551}\Shell\open\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\H\Shell\AutoRun\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\H\Shell\explore\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\H\Shell\open\command - "" = folder.tmp/tmp.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/27 23:09:51 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/10/04 22:46:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2009/10/27 22:45:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/10/12 16:35:45 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/10/29 11:50:00 | 00,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\dvdcss
[2009/10/18 18:57:09 | 00,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\OpenOffice.org
[2009/10/27 22:45:47 | 00,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Skype
[2009/10/27 22:50:16 | 00,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\skypePM
[2009/10/12 16:33:57 | 00,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\SUPERAntiSpyware.com
[2009/10/27 22:45:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/10/12 16:25:48 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/10/18 18:44:11 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2009/10/27 23:11:26 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2009/10/18 18:42:04 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2009/10/19 17:55:37 | 00,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2009/10/27 22:45:24 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/10/12 16:33:57 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/28 22:22:40 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/10/30 12:23:10 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2009/10/28 22:14:53 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2009/10/28 22:14:52 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2009/10/28 22:14:52 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2009/10/28 22:13:53 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/10/28 22:13:53 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2009/10/28 22:13:52 | 00,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/10/28 22:13:52 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/10/28 22:13:50 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/10/28 22:13:50 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2009/10/28 22:13:50 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2009/10/28 22:13:50 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/10/28 22:13:50 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009/10/28 22:13:50 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2009/10/28 22:13:50 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/10/28 22:13:50 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2009/10/28 22:13:50 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/10/28 22:13:49 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2009/10/28 22:13:49 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2009/10/28 22:13:49 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2009/10/28 22:13:49 | 00,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2009/10/28 22:13:49 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/10/28 22:13:49 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2009/10/28 22:13:49 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009/10/28 22:13:49 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2009/10/28 22:13:49 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2009/10/28 22:13:48 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2009/10/28 22:13:48 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2009/10/28 22:13:48 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2009/10/28 22:13:48 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2009/10/28 22:13:48 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2009/10/28 22:12:44 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2009/10/28 22:12:43 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdbusenum.dll
[2009/10/28 22:12:43 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2009/10/28 22:12:33 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2009/10/28 22:12:28 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2009/10/28 22:12:27 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2009/10/28 22:12:27 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WpdUsb.sys
[2009/10/28 22:12:26 | 02,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdshext.dll
[2009/10/28 22:12:26 | 00,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/10/28 22:12:26 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2009/10/28 22:12:26 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/10/28 22:12:26 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2009/10/28 22:12:26 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2009/10/28 22:12:26 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/10/28 22:12:26 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/10/28 22:12:26 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll
[2009/10/28 22:09:29 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009/10/28 22:09:27 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009/10/28 22:09:27 | 00,234,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
[2009/10/28 07:57:46 | 10,627,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/10/28 07:57:42 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2009/10/28 07:57:39 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/10/27 23:10:29 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/10/26 21:53:14 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\AP Kinetics
[2009/10/20 21:48:34 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/10/20 21:48:34 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/10/20 21:48:24 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/10/18 20:05:15 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\cucdcr
[2009/10/18 18:39:45 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/10/18 18:39:45 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/10/18 18:39:45 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/10/18 18:27:42 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\OpenOffice.org 3.1 (en-US) Installation Files
[2009/10/18 18:00:01 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\groupreport
[2009/10/15 11:06:23 | 05,940,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/15 11:06:22 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/10/15 11:06:21 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/10/15 11:06:21 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/10/15 11:06:21 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/10/15 11:06:21 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/10/15 11:06:20 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/10/15 11:06:20 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/10/15 11:06:20 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/10/15 11:06:20 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/10/15 11:06:20 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/10/15 11:06:19 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/10/15 11:06:19 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/10/15 11:06:19 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/10/15 11:06:19 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/10/15 11:06:19 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/10/15 11:06:19 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/10/15 11:06:19 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/10/15 11:06:19 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/10/15 11:06:19 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/10/15 11:05:33 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/10/15 11:05:22 | 03,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/10/15 11:05:21 | 03,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/10/15 11:03:43 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/10/15 11:03:40 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/10/15 11:03:37 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2009/10/12 16:27:59 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/10/12 16:27:46 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/10/12 16:27:45 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/10/12 16:26:10 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/10/05 10:01:11 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Fall 09 - Chem 422
[2009/10/05 09:40:48 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Fall 09 - BIOL 328
[2009/10/04 22:47:03 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Simply Super Software
[2009/10/04 12:41:48 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Documents\SUP
[2009/10/03 20:08:02 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files - Modified Within 30 Days ==========

[2009/10/30 12:30:19 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D98DA5A6-DD2C-43C3-B24F-11905611C603}.job
[2009/10/30 12:23:11 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2009/10/30 11:53:57 | 03,393,528 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/10/30 11:53:57 | 01,144,820 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/10/30 11:53:57 | 01,100,152 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/10/30 11:04:02 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/30 11:04:02 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/30 09:07:24 | 00,088,672 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/10/30 09:04:37 | 00,088,672 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/10/30 09:04:18 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/30 09:03:59 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/30 09:03:36 | 21,455,83104 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/30 07:33:32 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/10/30 07:32:23 | 02,795,520 | -H-- | M] () -- C:\Users\Ryan\AppData\Local\IconCache.db
[2009/10/30 04:05:22 | 00,000,162 | -H-- | M] () -- C:\Users\Ryan\Desktop\~$8_review_exam_2.doc
[2009/10/30 04:05:06 | 00,084,992 | ---- | M] () -- C:\Users\Ryan\Desktop\328_review_exam_2.doc
[2009/10/29 12:52:13 | 00,050,176 | ---- | M] () -- C:\Users\Ryan\Desktop\Foreign Outreach Centralized Info.xls
[2009/10/29 10:31:30 | 44,366,342 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/10/29 10:30:59 | 00,064,405 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/10/28 22:53:55 | 00,021,504 | -H-- | M] () -- C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/28 22:22:02 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/10/28 22:21:10 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/10/28 22:01:59 | 00,040,960 | ---- | M] () -- C:\Users\Ryan\Documents\Brain Worksheet.doc
[2009/10/28 22:01:27 | 00,029,452 | ---- | M] () -- C:\Users\Ryan\Documents\Brain Worksheet.docx
[2009/10/27 23:09:56 | 00,001,649 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2009/10/27 23:09:54 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/10/27 23:09:54 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/10/27 23:09:54 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/10/27 23:09:54 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/10/27 22:50:17 | 00,000,048 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2009/10/26 18:50:05 | 00,053,248 | ---- | M] () -- C:\Users\Ryan\Desktop\Foreign Contacts (1).doc
[2009/10/26 18:42:30 | 00,072,192 | ---- | M] () -- C:\Users\Ryan\Desktop\SUP ROLES! new.doc
[2009/10/26 16:39:51 | 00,795,746 | ---- | M] () -- C:\Users\Ryan\Desktop\woms_713_f08_f6.pdf
[2009/10/23 16:32:35 | 00,093,515 | ---- | M] () -- C:\Users\Ryan\Desktop\09.docx
[2009/10/23 13:21:59 | 00,056,320 | ---- | M] () -- C:\Users\Ryan\Desktop\March 18th Talking Points.doc
[2009/10/23 13:21:45 | 00,063,488 | ---- | M] () -- C:\Users\Ryan\Desktop\Actual Proposal 318.doc
[2009/10/23 00:34:42 | 00,000,000 | ---- | M] () -- C:\Windows\System32\null
[2009/10/22 12:19:30 | 00,039,424 | ---- | M] () -- C:\Users\Ryan\Desktop\SFSU General Assembly October 21, 2009.doc
[2009/10/22 01:21:13 | 00,346,924 | ---- | M] () -- C:\Users\Ryan\Desktop\Call of Cthulhu Savegame.zip
[2009/10/20 22:00:52 | 00,398,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/10/20 20:57:57 | 00,010,104 | ---- | M] () -- C:\Users\Ryan\Documents\CHEM 422 FAAS Results Abstract.docx
[2009/10/20 20:39:40 | 00,021,504 | ---- | M] () -- C:\Users\Ryan\Desktop\tables for method.doc
[2009/10/20 20:38:46 | 00,181,384 | ---- | M] () -- C:\Users\Ryan\Desktop\es802544n.pdf
[2009/10/20 08:55:41 | 00,129,024 | ---- | M] () -- C:\Users\Ryan\Documents\CHEM 422 FAAS.doc
[2009/10/20 08:55:22 | 00,024,677 | ---- | M] () -- C:\Users\Ryan\Documents\CHEM 422 FAAS.docx
[2009/10/19 23:00:38 | 00,053,248 | ---- | M] () -- C:\Users\Ryan\Desktop\Foreign Contacts.doc
[2009/10/19 22:52:29 | 02,617,480 | ---- | M] () -- C:\Users\Ryan\Desktop\1-01 The Birds and the Bees - Thinking about Sex and Gender.mp3
[2009/10/19 22:32:23 | 00,062,976 | ---- | M] () -- C:\Users\Ryan\Desktop\Minutes101509.doc
[2009/10/19 18:13:22 | 00,331,264 | ---- | M] () -- C:\Users\Ryan\Desktop\dds.scr
[2009/10/19 18:00:35 | 00,106,424 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2009/10/19 17:56:32 | 00,041,420 | ---- | M] () -- C:\Users\Ryan\Desktop\dixml.chm
[2009/10/19 17:55:47 | 00,000,914 | ---- | M] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2009/10/19 10:10:30 | 01,044,464 | ---- | M] () -- C:\Users\Ryan\Desktop\How to write journal articles F09 iLearn.pptm
[2009/10/19 10:10:24 | 00,049,152 | ---- | M] () -- C:\Users\Ryan\Desktop\CHEM 422 LAB REPORTS.doc
[2009/10/18 20:06:16 | 00,047,104 | ---- | M] () -- C:\Users\Ryan\Desktop\grad_spreadsheet.doc
[2009/10/18 20:04:52 | 00,011,697 | ---- | M] () -- C:\Users\Ryan\Desktop\cucdcr.rar
[2009/10/18 18:38:35 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/10/18 18:38:35 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/10/18 18:38:35 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/10/18 18:38:34 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/10/18 18:33:05 | 00,001,800 | ---- | M] () -- C:\Users\Ryan\Desktop\Monitoring.RDP
[2009/10/18 17:59:18 | 00,049,483 | ---- | M] () -- C:\Users\Ryan\Desktop\groupreport.rar
[2009/10/18 17:26:47 | 12,524,032 | ---- | M] () -- C:\Users\Ryan\Desktop\Persistent Fall whole 10.17.09.doc
[2009/10/17 20:51:11 | 00,002,039 | ---- | M] () -- C:\Users\Ryan\Desktop\Google Chrome.lnk
[2009/10/17 19:21:31 | 00,034,816 | ---- | M] () -- C:\Windows\System32\drivers\tatertot.scr.sys
[2009/10/17 17:40:45 | 00,034,816 | ---- | M] () -- C:\Windows\System32\drivers\tatertot.sys
[2009/10/12 16:26:19 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/10/12 16:26:18 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/10/08 16:12:09 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\dxgkrnl.sys.mui
[2009/10/08 14:08:01 | 00,555,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009/10/08 14:08:01 | 00,234,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
[2009/10/08 14:07:59 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009/10/07 08:04:49 | 00,019,827 | ---- | M] () -- C:\Users\Ryan\Documents\Sentence Completion Responses.docx
[2009/10/05 07:12:47 | 00,027,136 | ---- | M] () -- C:\Users\Ryan\Documents\March 18th day of Action.doc
[2009/10/04 21:13:59 | 00,016,193 | ---- | M] () -- C:\Users\Ryan\Documents\Instructions for Sentence Completion Programs.docx
[2009/10/04 12:38:45 | 00,000,374 | ---- | M] () -- C:\Users\Ryan\Desktop\Documents.lnk
[2009/10/02 11:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/10/01 10:53:41 | 00,099,825 | ---- | M] () -- C:\Users\Ryan\Documents\CHEM 343 SDS-Page Lab Report1.docx
[2009/10/01 10:29:14 | 00,195,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/09/30 20:25:16 | 00,022,253 | ---- | M] () -- C:\Users\Ryan\Documents\CHEM 343 Gel Separation Data.xlsx
[2009/09/30 18:08:10 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UMDF\en-US\wpdmtpdr.dll.mui
[2009/09/30 18:02:17 | 02,537,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpdshext.dll
[2009/09/30 18:02:05 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2009/09/30 18:02:04 | 00,334,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/09/30 18:02:02 | 00,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll
[2009/09/30 18:02:00 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2009/09/30 18:01:59 | 00,546,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/09/30 18:01:59 | 00,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/09/30 18:01:56 | 00,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2009/09/30 18:01:56 | 00,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2009/09/30 18:01:56 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/09/30 18:01:56 | 00,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2009/09/30 18:01:54 | 00,839,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UMDF\WpdMtpDr.dll
[2009/09/30 18:01:54 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpdbusenum.dll
[2009/09/30 18:01:54 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WpdUsb.sys
[2009/09/30 18:01:52 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UMDF\WpdFs.dll
[2009/09/30 18:01:50 | 00,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2009/09/30 18:01:49 | 00,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2009/09/30 18:01:49 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2009/09/30 15:01:44 | 00,091,640 | ---- | M] () -- C:\Users\Ryan\Documents\CHEM 343 Gel Separation Coomassie Figures.docx

========== Files - No Company Name ==========
[2009/10/30 04:05:22 | 00,000,162 | -H-- | C] () -- C:\Users\Ryan\Desktop\~$8_review_exam_2.doc
[2009/10/30 04:05:05 | 00,084,992 | ---- | C] () -- C:\Users\Ryan\Desktop\328_review_exam_2.doc
[2009/10/29 12:25:56 | 00,050,176 | ---- | C] () -- C:\Users\Ryan\Desktop\Foreign Outreach Centralized Info.xls
[2009/10/28 22:22:02 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/10/28 22:21:10 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/10/28 22:01:35 | 00,040,960 | ---- | C] () -- C:\Users\Ryan\Documents\Brain Worksheet.doc
[2009/10/28 22:01:26 | 00,029,452 | ---- | C] () -- C:\Users\Ryan\Documents\Brain Worksheet.docx
[2009/10/27 23:09:56 | 00,001,649 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2009/10/27 23:09:54 | 00,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/10/27 22:50:17 | 00,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/26 18:50:05 | 00,053,248 | ---- | C] () -- C:\Users\Ryan\Desktop\Foreign Contacts (1).doc
[2009/10/26 18:42:30 | 00,072,192 | ---- | C] () -- C:\Users\Ryan\Desktop\SUP ROLES! new.doc
[2009/10/26 16:39:41 | 00,795,746 | ---- | C] () -- C:\Users\Ryan\Desktop\woms_713_f08_f6.pdf
[2009/10/23 16:32:35 | 00,093,515 | ---- | C] () -- C:\Users\Ryan\Desktop\09.docx
[2009/10/23 13:21:59 | 00,056,320 | ---- | C] () -- C:\Users\Ryan\Desktop\March 18th Talking Points.doc
[2009/10/23 13:21:45 | 00,063,488 | ---- | C] () -- C:\Users\Ryan\Desktop\Actual Proposal 318.doc
[2009/10/22 12:19:30 | 00,039,424 | ---- | C] () -- C:\Users\Ryan\Desktop\SFSU General Assembly October 21, 2009.doc
[2009/10/22 01:21:11 | 00,346,924 | ---- | C] () -- C:\Users\Ryan\Desktop\Call of Cthulhu Savegame.zip
[2009/10/20 20:49:52 | 00,010,104 | ---- | C] () -- C:\Users\Ryan\Documents\CHEM 422 FAAS Results Abstract.docx
[2009/10/20 20:39:39 | 00,021,504 | ---- | C] () -- C:\Users\Ryan\Desktop\tables for method.doc
[2009/10/20 20:38:45 | 00,181,384 | ---- | C] () -- C:\Users\Ryan\Desktop\es802544n.pdf
[2009/10/20 08:55:35 | 00,129,024 | ---- | C] () -- C:\Users\Ryan\Documents\CHEM 422 FAAS.doc
[2009/10/19 23:00:38 | 00,053,248 | ---- | C] () -- C:\Users\Ryan\Desktop\Foreign Contacts.doc
[2009/10/19 22:51:44 | 02,617,480 | ---- | C] () -- C:\Users\Ryan\Desktop\1-01 The Birds and the Bees - Thinking about Sex and Gender.mp3
[2009/10/19 22:32:23 | 00,062,976 | ---- | C] () -- C:\Users\Ryan\Desktop\Minutes101509.doc
[2009/10/19 18:13:22 | 00,331,264 | ---- | C] () -- C:\Users\Ryan\Desktop\dds.scr
[2009/10/19 18:00:35 | 00,106,424 | ---- | C] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2009/10/19 17:56:32 | 00,041,420 | ---- | C] () -- C:\Users\Ryan\Desktop\dixml.chm
[2009/10/19 17:55:47 | 00,000,914 | ---- | C] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2009/10/19 10:20:29 | 00,024,677 | ---- | C] () -- C:\Users\Ryan\Documents\CHEM 422 FAAS.docx
[2009/10/19 10:10:29 | 01,044,464 | ---- | C] () -- C:\Users\Ryan\Desktop\How to write journal articles F09 iLearn.pptm
[2009/10/19 10:10:24 | 00,049,152 | ---- | C] () -- C:\Users\Ryan\Desktop\CHEM 422 LAB REPORTS.doc
[2009/10/18 20:06:14 | 00,047,104 | ---- | C] () -- C:\Users\Ryan\Desktop\grad_spreadsheet.doc
[2009/10/18 20:04:52 | 00,011,697 | ---- | C] () -- C:\Users\Ryan\Desktop\cucdcr.rar
[2009/10/18 17:59:18 | 00,049,483 | ---- | C] () -- C:\Users\Ryan\Desktop\groupreport.rar
[2009/10/18 17:26:18 | 12,524,032 | ---- | C] () -- C:\Users\Ryan\Desktop\Persistent Fall whole 10.17.09.doc
[2009/10/17 19:36:14 | 21,455,83104 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/17 17:40:45 | 00,034,816 | ---- | C] () -- C:\Windows\System32\drivers\tatertot.sys
[2009/10/17 17:38:15 | 00,034,816 | ---- | C] () -- C:\Windows\System32\drivers\tatertot.scr.sys
[2009/10/12 16:26:20 | 44,366,342 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/10/12 16:26:19 | 00,064,405 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/10/12 16:26:18 | 00,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/10/12 16:26:10 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/10/05 07:12:46 | 00,027,136 | ---- | C] () -- C:\Users\Ryan\Documents\March 18th day of Action.doc
[2009/10/04 12:38:45 | 00,000,374 | ---- | C] () -- C:\Users\Ryan\Desktop\Documents.lnk
[2009/09/30 15:07:53 | 00,099,825 | ---- | C] () -- C:\Users\Ryan\Documents\CHEM 343 SDS-Page Lab Report1.docx
[2009/09/29 12:08:42 | 02,795,520 | -H-- | C] () -- C:\Users\Ryan\AppData\Local\IconCache.db
[2009/09/25 22:43:11 | 00,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/25 22:43:11 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/09/23 07:38:12 | 00,000,680 | ---- | C] () -- C:\Users\Ryan\AppData\Local\d3d9caps.dat
[2009/09/21 16:48:02 | 00,000,024 | ---- | C] () -- C:\Windows\tb60.ini
[2009/09/21 16:48:02 | 00,000,024 | ---- | C] () -- C:\Windows\tb50.ini
[2009/09/21 16:29:53 | 00,000,321 | ---- | C] () -- C:\Windows\winhlp32.ini
[2009/09/21 16:29:53 | 00,000,321 | ---- | C] () -- C:\Windows\winhelp.ini
[2009/09/21 16:24:45 | 00,000,551 | ---- | C] () -- C:\Windows\omnic32.ini
[2009/09/21 16:21:23 | 00,001,278 | ---- | C] () -- C:\Windows\OMUPDATE.INI
[2009/09/20 16:02:37 | 00,000,113 | ---- | C] () -- C:\Windows\photoimpression.ini
[2009/09/20 16:02:37 | 00,000,029 | ---- | C] () -- C:\Windows\videoimp.ini
[2009/09/20 16:01:36 | 00,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009/09/17 03:03:40 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/07 19:51:34 | 00,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/08/07 04:32:55 | 00,088,672 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/07 04:32:55 | 00,088,672 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/29 16:17:26 | 00,021,504 | -H-- | C] () -- C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/06 19:57:50 | 00,037,841 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Comma Separated Values (Windows).ADR
[2009/07/05 16:47:50 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/07/05 10:18:50 | 00,000,150 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009/06/20 19:47:18 | 00,048,104 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\nvModes.001
[2009/06/20 19:47:10 | 00,048,104 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\nvModes.dat
[2009/06/08 19:28:58 | 00,102,248 | -H-- | C] () -- C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/13 14:59:06 | 00,229,376 | ---- | C] () -- C:\Windows\System32\ISP2000.dll
[2007/12/14 00:09:56 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/12/13 16:30:00 | 00,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/03 16:25:56 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 05:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/11/03 11:45:04 | 00,000,488 | ---- | C] () -- C:\Windows\turbo32.ini
[2001/11/14 11:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/02/01 04:00:00 | 00,000,189 | ---- | C] () -- C:\Windows\NicBib.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:62E2D794
< End of report >

OTL Extras logfile created on: 10/30/2009 12:25:20 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Users\Ryan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.04% Memory free
4.00 Gb Paging File | 2.88 Gb Available in Paging File | 72.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.21 Gb Total Space | 20.19 Gb Free Space | 20.35% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.23 Gb Free Space | 62.26% Space Free | Partition Type: NTFS
Drive E: | 679.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.88 Gb Total Space | 1.87 Gb Free Space | 99.23% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RYAN
Current User Name: Ryan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3041016070-1017456950-1424249797-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\TESTOUT\Cmi\Navigator.exe" = C:\Program Files\TESTOUT\Cmi\Navigator.exe:*:Disabled:TestOut Navigator -- (TestOut Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TESTOUT\Cmi\Navigator.exe" = C:\Program Files\TESTOUT\Cmi\Navigator.exe:*:Disabled:TestOut Navigator -- (TestOut Corporation)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{148BA972-2DDF-4D72-ADDF-435C28508E48}" = lport=10421 | protocol=17 | dir=in | name=singleclick discovery protocol |
"{314DAE50-BA36-4027-A582-1805D9DD9D7F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{387D8631-BEA3-4F8C-829E-7936A7A0A26E}" = lport=138 | protocol=17 | dir=in | name=netbios datagram service |
"{58C4AFF6-16B3-4CFC-AF7A-C54DD1E964DF}" = lport=10426 | protocol=17 | dir=in | name=singleclick icc |
"{70E60FCB-8642-4461-857F-399E5301340A}" = lport=445 | protocol=6 | dir=in | name=microsoft directory services |
"{770DCEC2-4076-4B48-BA67-B4FBF7E81900}" = lport=139 | protocol=6 | dir=in | name=netbios file/printer sharing |
"{7F3DD851-626F-4D39-87BF-61D148154250}" = lport=137 | protocol=17 | dir=in | name=netbios name service |
"{8492E727-5D35-4808-BEB0-545C6873A631}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A03634E0-B4DE-459A-98A1-D6BD252E1187}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5500216-857A-4EFF-B71D-52B1B03EF297}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ABEA0B03-DE01-4B19-804D-CB4074D0EB54}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{B9983B15-EE86-48C0-A91E-9FE7B3DD2498}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CADBD647-F124-4C78-B29E-10DA5219F10B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CBB259AC-4583-4CDE-91D3-1EB6C6F740AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF60D87F-9196-41D3-B0D0-A3C92C4C5974}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E8365472-F855-4842-93C1-2B7521D7E523}" = lport=48149 | protocol=6 | dir=in | name=utorrent port |
"{EA8484DB-5BDC-4DBE-83AA-B790F85BB36F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01298CBC-EA57-4366-9AF1-ACE8948E29FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{019C0E97-4C70-40F4-8E69-0ECBD5F3B55F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{032BC3DD-BE3E-4D5A-8EE8-5BA14F117AB0}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{0B186DFB-6D3D-4416-9204-9E1E1CFD05AA}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{0B2A7B94-9DB4-4558-BAAC-DDC01A159E9A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B6F612F-FC1E-42AE-88C6-E17A920A07D7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0FDB7942-FD19-419B-83BF-E8F076057828}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1052C06D-A56E-426A-912E-8E32036EF456}" = protocol=6 | dir=in | app=c:\program files\dell network assistant\ezi_hnm2.exe |
"{12240CF1-3E0B-45FD-9322-B0B8DAA2AE84}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{143F3091-E239-4B82-87B6-6A459044C36D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1AB051A1-6871-47E4-BE1F-437F74F8068F}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{1E072C54-30A5-4D8A-9824-77608A9602D3}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe |
"{1FE02C14-1B12-4187-9A5E-308DF70439DB}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{2B982C57-2120-48BC-9EB3-F9B1A28FCE07}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{31BFB531-396B-4596-8782-2ABDD2839C0C}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\symcorpui.exe |
"{362189AB-1FF2-403D-888B-08FEE802286E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3C63C2B8-26C3-4E3A-9132-5BF52B394D8F}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{3D8858F1-4AB9-40F8-BC84-13E91B6109E1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{3E9CB313-3C18-461B-BBD5-314BD8F7364A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3F178A4F-CB96-45A8-9BB8-7D2A8B3C324B}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{40FC9ED1-6097-4601-843C-296F4B82CBD3}" = dir=in | app=rosettastoneversion3.exe |
"{4AD830AD-BDE9-4F17-878F-647A3B366FB6}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4EBB7FC7-D158-466D-97F6-AF60719141B7}" = protocol=6 | dir=out | app=support inrosettastoneltdservices.exe |
"{5214BBD0-EFC9-4889-97BB-660AFC2BE380}" = protocol=6 | dir=out | app=system |
"{5331075D-BDB1-47C2-AE69-B524A181237B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{550454BA-7150-4D21-8C67-1CC012CBA99E}" = protocol=6 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{5561C310-A276-4BB3-A923-EA056CAFA464}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{592862C5-7189-4DAD-89FF-F6C30F9C7F5A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe |
"{60F15486-01D5-498E-AE3F-5F3C8EF38551}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{61721DF5-C251-496D-9FAA-A983B4DA9620}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{64474037-D863-4B4C-9DF4-70EF6528AD36}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{67DC12D2-D684-4FD6-A247-D0C2B9BE515F}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{7B9401AE-F4BB-4BD3-84D9-EF2FBF7A7291}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D6FD8B7-0256-452B-A681-031BB5572D8B}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
"{82D93344-0E4A-4278-BF37-D8A1B383E546}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{8E8806F6-BBFD-458F-AF29-11C7024782BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{91F69431-6796-4B5F-88EC-7D157BBB3233}" = dir=in | app=support inrosettastoneltdservices.exe |
"{98C3CC5C-3A3A-460B-AB4A-766634F6EB5F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A252D4A5-D003-4A94-92EE-9A5A33F099C2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A8087F8C-E0D0-452C-BD91-51320F5EFA49}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\symcorpui.exe |
"{AACA087B-2F7C-465C-86D3-6BA22CEEF869}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{AB03217B-64A8-4D6B-93CC-1FD0417C21E5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB8BE7EF-CA77-4F2C-86BD-1185CD18ADA8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C299098D-92F4-489D-90C5-F58D4B8E50DF}" = protocol=6 | dir=out | app=rosettastoneversion3.exe |
"{CE00EF78-F00E-4743-824D-9F58BE08AC65}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{D2E86DCA-A72A-460E-810E-342E80FD3636}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D4BC6622-0570-490E-8BEF-B881655ADCB4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DF831481-D6A3-45B7-88CF-F6F793F88C17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5E91DAC-D373-4DC4-BF73-27462C4C3B83}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF50A0B8-FD8C-4CE0-9BE3-A31473CDD460}" = protocol=17 | dir=in | app=c:\program files\dell network assistant\ezi_hnm2.exe |
"{F42400D3-B77E-46F0-BF40-7CEC46E0CC62}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FC5CA402-DB30-4A96-BF17-8C20D99725C5}" = protocol=17 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{FD0D93D7-21DB-44E4-A4C4-098F4B610ACF}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"TCP Query User{4082E8D0-711A-4334-83AB-EC8350A2FA93}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B6C2E2EA-62A3-441E-9F4E-8A337E236D4B}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{CECCBBD5-F7A6-4D13-ADEF-0470DA5838D4}C:\program files\palm\hotsync.exe" = protocol=6 | dir=in | app=c:\program files\palm\hotsync.exe |
"TCP Query User{DEA7C9FF-09C8-4ADE-A18A-B901CF43127C}C:\program files\microsoft office\office12\onenote.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{F72C1EED-B534-4808-9599-1722D3DB1B8D}C:\program files\palm\hotsync.exe" = protocol=6 | dir=in | app=c:\program files\palm\hotsync.exe |
"TCP Query User{F7767D36-99F2-4E44-A9FA-F34847DCB683}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{391AFB21-AE59-4603-8A6E-E39FBEE8CFAC}C:\program files\palm\hotsync.exe" = protocol=17 | dir=in | app=c:\program files\palm\hotsync.exe |
"UDP Query User{6AC8A0B3-4F6A-490E-988C-DDC1223FBC5B}C:\program files\palm\hotsync.exe" = protocol=17 | dir=in | app=c:\program files\palm\hotsync.exe |
"UDP Query User{738EAE6A-E4A9-495F-875C-6BB019E7D4AB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{94F3AEAE-AFD7-4EC7-B0D1-313263B8CB50}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{CB4B7B6A-D44B-45DF-B14D-58695555D3EB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{EAF697AF-B1E9-4483-BED0-84E5E9D6B78F}C:\program files\microsoft office\office12\onenote.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = QualxServ Service Agreement
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}" = RemoteCapture 2.7.5
"{1481269D-8548-4439-85EC-097CFF86BC05}" = Smart Accessory Tutorials
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{178B7DE9-44F7-440B-B4B7-DCA56EF91652}" = Nicolet 4700 Spectrometer Help
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{33F327F6-254A-4C5B-8009-B94CE2655E22}" = TQ Analyst v6 EZ Edition
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4FFC7852-787A-4CA8-888A-ED517D905AEA}" = OMNIC Peak Resolve
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{5735FB0C-6DFA-4240-BA3F-26BE4B3B3A86}" = OMNIC
"{584D8056-03EE-4C4A-AB55-2A5967956881}" = 4700 and 6700 User Guide
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5EFE22A3-7794-11D4-862B-00A0C967A936}" = OMNIC Applications Bibliography
"{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}" = SanDisk TransferMate
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CD22C16-63B6-48F7-83CF-AABABD69868E}" = Macros Basic
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{75ADD2E4-0EA7-4F52-9A97-7D389F6AB28C}" = Spectrometer Safety Guide
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{863F58EF-467F-4BCC-A40B-D2304630DEA1}" = CambridgeSoft Activation Client
"{870842F7-18BB-479D-A7B1-FE17E81AFF1A}" = Palm Desktop
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B6B6280-44CE-4AE1-AA88-335C3DB68489}" = Nicolet Spectrometer
"{8E325B7E-5F85-4F61-9C89-49DCCA0B6167}" = Preparing Your Site Guide
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{9F769788-E01B-40EC-B745-FE81321582AB}" = OMNIC User Guide
"{A0A20753-92DF-4631-82B4-9CACE2FCED6A}" = Oblivion - The Fighter's Stronghold
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD36ED92-805E-4A05-8298-B6D71491C5ED}" = Experiment Files
"{BF8B4E28-E576-43D8-A757-F9F6E8995FEE}" = OMNIC Tutorials
"{C3FD43D6-55FD-11D5-81CB-0050DA73CC14}" = OMNIC Internationalization
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE624CC6-DED1-4257-A9ED-77EAC3700E9F}" = OMNIC Utilities
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E4406ED3-B04C-44F1-ABB4-08775B74934F}" = Call Of Cthulhu DCoTE
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F20AE04A-3FDC-4A14-A90B-85DEE2812030}" = Sam & Max Season 1
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{F9265BBA-BA3D-4784-A805-FDB24E9966F2}" = Interpretation Guide
"{FB8A4E30-9915-4814-ADF9-42E00D9FDC3D}" = Symantec Endpoint Protection
"{FE34691C-4298-4667-9758-D7F534DD0B94}" = Dell Automated PC TuneUp
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"201 Games- Trivia Quiz" = 201 Games- Trivia Quiz
"3D Frog Frenzy" = 3D Frog Frenzy
"3D Pinball Express" = 3D Pinball Express
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"Board Games" = Board Games
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.865
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Card Games for Windows" = Card Games for Windows
"CDisplay_is1" = CDisplay 1.8
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.64
"ImgBurn" = ImgBurn
"InstallShield_{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}" = Canon Utilities RemoteCapture 2.7
"KaleidaGraph 4.1 Demo" = KaleidaGraph 4.1 Demo
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"PeerGuardian_is1" = PeerGuardian 2.0
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Slots 100" = Slots 100
"SystemRequirementsLab" = System Requirements Lab
"TestOut Product Navigator (SA)" = TestOut Navigator (Stand-Alone Version)
"Top 20 Solid Gold" = Top 20 Solid Gold
"Top 30 Games 4 Kids" = Top 30 Games 4 Kids
"Top 50 Blazing Games" = Top 50 Blazing Games
"Unofficial Oblivion Patch_is1" = Unofficial Oblivion Patch v3.2.0
"Unofficial Official Mods Patch_is1" = Unofficial Official Mods Patch v15
"Unofficial Shivering Isles Patch_is1" = Unofficial Shivering Isles Patch v1.4.0
"Val-Q" = Val-Q
"VLC media player" = VLC media player 1.0.2
"WinAce Archiver" = WinAce Archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3041016070-1017456950-1424249797-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/30/2009 3:30:11 PM | Computer Name = Ryan | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Trojan Horse in File: c:\users\ryan\appdata\local\temp\dwh3013.tmp
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 10/30/2009 3:30:12 PM | Computer Name = Ryan | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan Horse in File: C:\Users\Ryan\AppData\Local\Temp\DWH3013.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: Risk was partially removed.

Error - 10/30/2009 3:30:22 PM | Computer Name = Ryan | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Trojan Horse in File: C:\Users\Ryan\AppData\Local\Temp\DWH537B.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 10/30/2009 3:30:24 PM | Computer Name = Ryan | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Trojan Horse in File: c:\users\ryan\appdata\local\temp\dwh537b.tmp
by: Auto-Protect scan. Action: Reboot Required. Action Description: The file
was quarantined successfully.

Error - 10/30/2009 3:30:25 PM | Computer Name = Ryan | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan Horse in File: C:\Users\Ryan\AppData\Local\Temp\DWH537B.tmp
by: Auto-Protect scan. Action: Reboot Required. Action Description: Risk was
partially removed.

Error - 10/30/2009 3:31:33 PM | Computer Name = Ryan | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Trojan Horse in File: C:\Users\Ryan\AppData\Local\Temp\DWH537B.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 10/30/2009 3:31:37 PM | Computer Name = Ryan | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan Horse in File: C:\Users\Ryan\AppData\Local\Temp\DWH537B.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: The file was left unchanged.

Error - 10/30/2009 3:33:06 PM | Computer Name = Ryan | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Trojan Horse in File: C:\Users\Ryan\AppData\Local\Temp\DWH5F6C.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 10/30/2009 3:33:08 PM | Computer Name = Ryan | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Trojan Horse in File: c:\users\ryan\appdata\local\temp\dwh5f6c.tmp
by: Auto-Protect scan. Action: Reboot Required. Action Description: The file
was quarantined successfully.

Error - 10/30/2009 3:33:09 PM | Computer Name = Ryan | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan Horse in File: C:\Users\Ryan\AppData\Local\Temp\DWH5F6C.tmp
by: Auto-Protect scan. Action: Reboot Required. Action Description: Risk was
partially removed.

[ Broadcom Wireless LAN Events ]
Error - 5/2/2008 7:51:12 PM | Computer Name = Rebecca-PC | Source = WLAN-Tray | ID = 0
Description = 16:51:11, Fri, May 02, 08 Error - Unable to gain access to user store

Error - 5/7/2008 10:37:02 PM | Computer Name = Rebecca-PC | Source = WLAN-Tray | ID = 0
Description = 19:37:02, Wed, May 07, 08 Error - Unable to gain access to user store

Error - 8/13/2008 5:25:18 PM | Computer Name = Rebecca-PC | Source = WLAN-Tray | ID = 0
Description = 14:25:18, Wed, Aug 13, 08 Error - Unable to gain access to user store

Error - 9/25/2008 9:30:35 PM | Computer Name = Rebecca-PC | Source = WLAN-Tray | ID = 0
Description = 18:30:35, Thu, Sep 25, 08 Error - Unable to gain access to user store

Error - 7/16/2009 2:52:38 AM | Computer Name = Ryan | Source = WLAN-Tray | ID = 0
Description = 23:52:38, Wed, Jul 15, 09 Error - Unable to gain access to user store

Error - 7/16/2009 7:10:44 AM | Computer Name = Ryan | Source = WLAN-Tray | ID = 0
Description = 04:10:44, Thu, Jul 16, 09 Error - Unable to gain access to user store

Error - 8/8/2009 10:06:54 AM | Computer Name = Ryan | Source = WLAN-Tray | ID = 0
Description = 07:06:52, Sat, Aug 08, 09 Error - Unable to gain access to user store

Error - 8/26/2009 6:06:54 AM | Computer Name = Ryan | Source = WLAN-Tray | ID = 0
Description = 03:06:54, Wed, Aug 26, 09 Error - Unable to gain access to user store

Error - 8/31/2009 1:38:47 PM | Computer Name = Ryan | Source = WLAN-Tray | ID = 0
Description = 10:38:44, Mon, Aug 31, 09 Error - Unable to gain access to user store

[ OSession Events ]
Error - 9/10/2009 4:46:35 AM | Computer Name = Ryan | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 12146
seconds with 2280 seconds of active time. This session ended with a crash.

Error - 9/28/2009 12:07:56 AM | Computer Name = Ryan | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 6418
seconds with 3060 seconds of active time. This session ended with a crash.

Error - 10/19/2009 12:36:45 PM | Computer Name = Ryan | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 577
seconds with 540 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/27/2009 4:02:29 PM | Computer Name = Ryan | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.5 for the Network Card with network
address 001E4C3B621C has been denied by the DHCP server 130.212.10.130 (The DHCP
Server sent a DHCPNACK message).

Error - 10/27/2009 5:13:49 PM | Computer Name = Ryan | Source = Dhcp | ID = 1002
Description = The IP address lease 130.212.177.112 for the Network Card with network
address 001E4C3B621C has been denied by the DHCP server 130.212.10.130 (The DHCP
Server sent a DHCPNACK message).

Error - 10/28/2009 1:21:49 AM | Computer Name = Ryan | Source = BROWSER | ID = 8032
Description =

Error - 10/28/2009 11:02:31 AM | Computer Name = Ryan | Source = BROWSER | ID = 8032
Description =

Error - 10/28/2009 12:15:08 PM | Computer Name = Ryan | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 10/28/2009 12:17:08 PM | Computer Name = Ryan | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 10/29/2009 1:22:58 AM | Computer Name = Ryan | Source = DCOM | ID = 10010
Description =

Error - 10/29/2009 4:26:56 AM | Computer Name = Ryan | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 10/29/2009 1:47:25 PM | Computer Name = Ryan | Source = BROWSER | ID = 8032
Description =

Error - 10/30/2009 12:04:17 PM | Computer Name = Ryan | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.7 for the Network Card with network
address 001E4C3B621C has been denied by the DHCP server 130.212.10.20 (The DHCP
Server sent a DHCPNACK message).

< End of report >

#4 myrti

Sillyberry

Malware Study Hall Admin
33,779 posts
OFFLINE

Gender:Female
Location:At home
Local time:02:54 PM

Posted 31 October 2009 - 06:49 AM

Hi,

The generic trojan found by symantec is a false positive. It is detecting files, that it dropped there itself. For more information please see here: link

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or Symantec.

Please run a new scan with OTL, only the OTL.txt will be needed:

Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Please also try to run gmer instead of roorepeal:
Please download GMER from one of the following locations and save it to your desktop:

Main Mirror
This version will download a randomly named file (Recommended)
Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

regards _temp_

is that a bird? a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

Follow BleepingComputer on: Facebook | Twitter | Google+

#5 Purgatorios

Topic Starter

Members
29 posts
OFFLINE

Local time:05:54 AM

Posted 31 October 2009 - 06:06 PM

Hi Temp, here's my reportback.

1. I looked into updating Symantec but I don't have my serial number handy and it will be a bit of a hassle to get it; without it I'm not sure which update to use, because I don't know whether I have maintenance pack 2 etc. If it's important I can look further into this and almost certainly get the serial number with a little work.

2. I've uninstalled AVG.

3. Here's the new OTL log:

OTL logfile created on: 10/31/2009 2:29:52 PM - Run 2
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Users\Ryan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.77% Memory free
4.00 Gb Paging File | 3.16 Gb Available in Paging File | 79.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.21 Gb Total Space | 21.83 Gb Free Space | 22.00% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.23 Gb Free Space | 62.26% Space Free | Partition Type: NTFS
Drive E: | 679.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RYAN
Current User Name: Ryan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\OMNIC\ThermoBenchService.exe (Thermo Electron Corporation)
PRC - C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe (SanDisk)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Users\Ryan\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Users\Ryan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\STacSV.exe (SigmaTel, Inc.)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
PRC - C:\Windows\System32\WLTRYSVC.EXE ()
PRC - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DellAMBrokerService [On_Demand | Stopped]) -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe ()
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache [On_Demand | Stopped]) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (nvsvc [Auto | Running]) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RapiMgr [Auto | Running]) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (SmcService [Auto | Running]) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC [On_Demand | Stopped]) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (sprtsvc_dellsupportcenter [Auto | Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (STacSV [Auto | Running]) -- C:\Windows\System32\STacSV.exe (SigmaTel, Inc.)
SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (TMSRVC [Auto | Running]) -- C:\Program Files\OMNIC\ThermoBenchService.exe (Thermo Electron Corporation)
SRV - (WcesComm [Auto | Running]) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (wltrysvc [Auto | Running]) -- C:\Windows\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (b57nd60x [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\b57nd60x.sys (Broadcom Corporation)
DRV - (BCM43XX [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\bcmwl6.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (btwaudio [On_Demand | Running]) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwavdt [On_Demand | Running]) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (COH_Mon [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\COH_Mon.sys (Symantec Corporation)
DRV - (datunidr [Auto | Running]) -- C:\Windows\System32\DRIVERS\datunidr.sys (Gteko Ltd.)
DRV - (e1express [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\e1e6032.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (iaStorV [Boot | Running]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091031.004\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091031.004\NAVEX15.SYS (Symantec Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NuidFltr [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (PalmUSBD [On_Demand | Stopped]) -- C:\Windows\System32\drivers\PalmUSBD.sys (Palm, Inc.)
DRV - (Point32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\point32k.sys (Microsoft Corporation)
DRV - (PTproct [On_Demand | Stopped]) -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys (Gteko Ltd.)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (R300 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\System32\DRIVERS\rixdptsk.sys (REDC)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (sptd [Boot | Running]) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SRTSP [System | Running]) -- C:\Windows\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\Windows\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (STHDA [On_Demand | Running]) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (SymEvent [On_Demand | Running]) -- C:\Windows\System32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (tatertot [On_Demand | Stopped]) -- C:\Windows\System32\drivers\tatertot.sys ()
DRV - (tatertot.scr [On_Demand | Stopped]) -- C:\Windows\System32\drivers\tatertot.scr.sys ()
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\Ryan\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=3071214
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=3071214
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/11 20:52:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/29 01:28:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/18 18:56:19 | 00,000,000 | ---D | M]

[2009/06/13 13:17:56 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\mozilla\Extensions
[2009/06/13 13:17:56 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/25 18:13:49 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\mozilla\Firefox\Profiles\oib1us2g.default\extensions
[2009/08/14 06:56:45 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\mozilla\Firefox\Profiles\oib1us2g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/15 01:48:29 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\mozilla\Firefox\Profiles\oib1us2g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/07 18:12:45 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\mozilla\Firefox\Profiles\oib1us2g.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/07/02 17:13:23 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\mozilla\Firefox\Profiles\oib1us2g.default\extensions\elemhidehelper@adblockplus.org
[2009/10/18 18:39:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/25 23:38:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/08 17:24:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/10/18 18:39:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/06/13 13:17:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\inspector@mozilla.org
[2009/06/13 13:17:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2009/09/25 23:38:04 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/25 23:38:04 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/13 17:16:26 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/10/18 18:38:42 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/07/13 17:15:48 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/07/13 17:15:58 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/12/19 05:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/09/25 23:38:05 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/10/02 22:13:10 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/09/29 01:28:48 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/09/09 22:04:05 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/09 22:04:05 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/09 22:04:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/09 22:04:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/09 22:04:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/09 22:04:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/09 22:04:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/09/29 01:28:55 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/09/29 01:28:45 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/07/13 17:16:26 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/06/13 13:17:45 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/13 13:17:45 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/13 13:17:45 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/13 13:17:45 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/13 13:17:45 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/13 13:17:45 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-8439818098-2080355288-076337672-6009\dllrun32.exe) - C:\RECYCLER\S-1-5-21-8439818098-2080355288-076337672-6009\dllrun32.exe File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - ("C:\Users\Ryan\fbbv.exe") - C:\Users\Ryan\fbbv.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6f9b534c-b285-11de-aee3-001dd9e71551}\Shell\AutoRun\command - "" = I:\tmp.folder\restore.exe -- File not found
O33 - MountPoints2\{6f9b534c-b285-11de-aee3-001dd9e71551}\Shell\ExploRE\CoMmaNd - "" = I:\tmp.folder\restore.exe -- File not found
O33 - MountPoints2\{6f9b534c-b285-11de-aee3-001dd9e71551}\Shell\OPeN\commAnd - "" = I:\tmp.folder\restore.exe -- File not found
O33 - MountPoints2\{82e4def8-92cf-11de-83a8-001c23fb81ca}\Shell\AutoRun\command - "" = F:\_cache.tmp\gam3.exe -- File not found
O33 - MountPoints2\{82e4def8-92cf-11de-83a8-001c23fb81ca}\Shell\eXpLorE\cOMMand - "" = F:\_cache.tmp\gam3.exe -- File not found
O33 - MountPoints2\{82e4def8-92cf-11de-83a8-001c23fb81ca}\Shell\oPen\CoMMAnd - "" = F:\_cache.tmp\gam3.exe -- File not found
O33 - MountPoints2\{c3eeff6b-69be-11de-8058-001dd9e71551}\Shell - "" = AutoRun
O33 - MountPoints2\{c3eeff6b-69be-11de-8058-001dd9e71551}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O33 - MountPoints2\{f9e4932b-5551-11de-9071-001dd9e71551}\Shell\AutoRun\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\{f9e4932b-5551-11de-9071-001dd9e71551}\Shell\explore\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\{f9e4932b-5551-11de-9071-001dd9e71551}\Shell\open\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\H\Shell\AutoRun\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\H\Shell\explore\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\H\Shell\open\command - "" = folder.tmp/tmp.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/27 23:09:51 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/10/04 22:46:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2009/10/27 22:45:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/10/12 16:35:45 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/10/29 11:50:00 | 00,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\dvdcss
[2009/10/18 18:57:09 | 00,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\OpenOffice.org
[2009/10/27 22:45:47 | 00,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Skype
[2009/10/27 22:50:16 | 00,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\skypePM
[2009/10/12 16:33:57 | 00,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\SUPERAntiSpyware.com
[2009/10/27 22:45:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/10/12 16:25:48 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/10/18 18:44:11 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2009/10/27 23:11:26 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2009/10/18 18:42:04 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2009/10/19 17:55:37 | 00,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2009/10/27 22:45:24 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/10/12 16:33:57 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/28 22:22:40 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/10/31 14:00:56 | 17,017,130 | ---- | C] (Symantec Corporation ) -- C:\Users\Ryan\Desktop\SAV32_1109To1567_clientMSPMSI.exe
[2009/10/30 12:23:10 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2009/10/28 22:14:53 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2009/10/28 22:14:52 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2009/10/28 22:14:52 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2009/10/28 22:13:53 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/10/28 22:13:53 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2009/10/28 22:13:52 | 00,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/10/28 22:13:52 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/10/28 22:13:50 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/10/28 22:13:50 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2009/10/28 22:13:50 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2009/10/28 22:13:50 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/10/28 22:13:50 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009/10/28 22:13:50 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2009/10/28 22:13:50 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/10/28 22:13:50 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2009/10/28 22:13:50 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/10/28 22:13:49 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2009/10/28 22:13:49 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2009/10/28 22:13:49 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2009/10/28 22:13:49 | 00,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2009/10/28 22:13:49 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/10/28 22:13:49 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2009/10/28 22:13:49 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009/10/28 22:13:49 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2009/10/28 22:13:49 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2009/10/28 22:13:48 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2009/10/28 22:13:48 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2009/10/28 22:13:48 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2009/10/28 22:13:48 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2009/10/28 22:13:48 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2009/10/28 22:12:44 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2009/10/28 22:12:43 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdbusenum.dll
[2009/10/28 22:12:43 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2009/10/28 22:12:33 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2009/10/28 22:12:28 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2009/10/28 22:12:27 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2009/10/28 22:12:27 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WpdUsb.sys
[2009/10/28 22:12:26 | 02,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdshext.dll
[2009/10/28 22:12:26 | 00,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/10/28 22:12:26 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2009/10/28 22:12:26 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/10/28 22:12:26 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2009/10/28 22:12:26 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2009/10/28 22:12:26 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/10/28 22:12:26 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/10/28 22:12:26 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll
[2009/10/28 22:09:29 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009/10/28 22:09:27 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009/10/28 22:09:27 | 00,234,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
[2009/10/28 07:57:46 | 10,627,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/10/28 07:57:42 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2009/10/28 07:57:39 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/10/27 23:10:29 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/10/26 21:53:14 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\AP Kinetics
[2009/10/20 21:48:34 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/10/20 21:48:34 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/10/20 21:48:24 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/10/18 20:05:15 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\cucdcr
[2009/10/18 18:39:45 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/10/18 18:39:45 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/10/18 18:39:45 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/10/18 18:27:42 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\OpenOffice.org 3.1 (en-US) Installation Files
[2009/10/18 18:00:01 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\groupreport
[2009/10/15 11:06:23 | 05,940,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/15 11:06:22 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/10/15 11:06:21 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/10/15 11:06:21 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/10/15 11:06:21 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/10/15 11:06:21 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/10/15 11:06:20 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/10/15 11:06:20 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/10/15 11:06:20 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/10/15 11:06:20 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/10/15 11:06:20 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/10/15 11:06:19 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/10/15 11:06:19 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/10/15 11:06:19 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/10/15 11:06:19 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/10/15 11:06:19 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/10/15 11:06:19 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/10/15 11:06:19 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/10/15 11:06:19 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/10/15 11:06:19 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/10/15 11:05:33 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/10/15 11:05:22 | 03,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/10/15 11:05:21 | 03,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/10/15 11:03:43 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/10/15 11:03:40 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/10/15 11:03:37 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2009/10/05 10:01:11 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Fall 09 - Chem 422
[2009/10/05 09:40:48 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Fall 09 - BIOL 328
[2009/10/04 22:47:03 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Simply Super Software
[2009/10/04 12:41:48 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Documents\SUP
[2009/10/03 20:08:02 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files - Modified Within 30 Days ==========

[2009/10/31 14:35:55 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D98DA5A6-DD2C-43C3-B24F-11905611C603}.job
[2009/10/31 14:28:02 | 00,088,672 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/10/31 14:24:15 | 03,420,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/10/31 14:24:14 | 01,154,808 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/10/31 14:24:14 | 01,109,748 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/10/31 14:22:38 | 00,088,672 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/10/31 14:17:48 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/31 14:17:47 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/31 14:17:47 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/31 14:17:34 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/31 14:17:28 | 21,455,83104 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/31 14:08:22 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/10/31 14:07:46 | 03,213,794 | -H-- | M] () -- C:\Users\Ryan\AppData\Local\IconCache.db
[2009/10/31 14:02:58 | 17,017,130 | ---- | M] (Symantec Corporation ) -- C:\Users\Ryan\Desktop\SAV32_1109To1567_clientMSPMSI.exe
[2009/10/31 13:49:06 | 00,291,328 | ---- | M] () -- C:\Users\Ryan\Desktop\89mz50xm.exe
[2009/10/31 13:47:00 | 00,000,000 | ---- | M] () -- C:\Windows\System32\null
[2009/10/30 13:25:44 | 00,088,576 | ---- | M] () -- C:\Users\Ryan\Documents\CHEM 422 Xylene.doc
[2009/10/30 12:23:11 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2009/10/30 04:05:22 | 00,000,162 | -H-- | M] () -- C:\Users\Ryan\Desktop\~$8_review_exam_2.doc
[2009/10/30 04:05:06 | 00,084,992 | ---- | M] () -- C:\Users\Ryan\Desktop\328_review_exam_2.doc
[2009/10/29 12:52:13 | 00,050,176 | ---- | M] () -- C:\Users\Ryan\Desktop\Foreign Outreach Centralized Info.xls
[2009/10/28 22:53:55 | 00,021,504 | -H-- | M] () -- C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/28 22:22:02 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/10/28 22:21:10 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/10/28 22:01:59 | 00,040,960 | ---- | M] () -- C:\Users\Ryan\Documents\Brain Worksheet.doc
[2009/10/28 22:01:27 | 00,029,452 | ---- | M] () -- C:\Users\Ryan\Documents\Brain Worksheet.docx
[2009/10/27 22:50:17 | 00,000,048 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2009/10/26 18:50:05 | 00,053,248 | ---- | M] () -- C:\Users\Ryan\Desktop\Foreign Contacts (1).doc
[2009/10/26 18:42:30 | 00,072,192 | ---- | M] () -- C:\Users\Ryan\Desktop\SUP ROLES! new.doc
[2009/10/26 16:39:51 | 00,795,746 | ---- | M] () -- C:\Users\Ryan\Desktop\woms_713_f08_f6.pdf
[2009/10/23 16:32:35 | 00,093,515 | ---- | M] () -- C:\Users\Ryan\Desktop\09.docx
[2009/10/23 13:21:59 | 00,056,320 | ---- | M] () -- C:\Users\Ryan\Desktop\March 18th Talking Points.doc
[2009/10/23 13:21:45 | 00,063,488 | ---- | M] () -- C:\Users\Ryan\Desktop\Actual Proposal 318.doc
[2009/10/22 12:19:30 | 00,039,424 | ---- | M] () -- C:\Users\Ryan\Desktop\SFSU General Assembly October 21, 2009.doc
[2009/10/22 01:21:13 | 00,346,924 | ---- | M] () -- C:\Users\Ryan\Desktop\Call of Cthulhu Savegame.zip
[2009/10/20 22:00:52 | 00,398,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/10/20 20:57:57 | 00,010,104 | ---- | M] () -- C:\Users\Ryan\Documents\CHEM 422 FAAS Results Abstract.docx
[2009/10/20 20:39:40 | 00,021,504 | ---- | M] () -- C:\Users\Ryan\Desktop\tables for method.doc
[2009/10/20 20:38:46 | 00,181,384 | ---- | M] () -- C:\Users\Ryan\Desktop\es802544n.pdf
[2009/10/20 08:55:41 | 00,129,024 | ---- | M] () -- C:\Users\Ryan\Documents\CHEM 422 FAAS.doc
[2009/10/20 08:55:22 | 00,024,677 | ---- | M] () -- C:\Users\Ryan\Documents\CHEM 422 FAAS.docx
[2009/10/19 23:00:38 | 00,053,248 | ---- | M] () -- C:\Users\Ryan\Desktop\Foreign Contacts.doc
[2009/10/19 22:52:29 | 02,617,480 | ---- | M] () -- C:\Users\Ryan\Desktop\1-01 The Birds and the Bees - Thinking about Sex and Gender.mp3
[2009/10/19 22:32:23 | 00,062,976 | ---- | M] () -- C:\Users\Ryan\Desktop\Minutes101509.doc
[2009/10/19 18:13:22 | 00,331,264 | ---- | M] () -- C:\Users\Ryan\Desktop\dds.scr
[2009/10/19 18:00:35 | 00,106,424 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2009/10/19 17:56:32 | 00,041,420 | ---- | M] () -- C:\Users\Ryan\Desktop\dixml.chm
[2009/10/19 17:55:47 | 00,000,914 | ---- | M] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2009/10/19 10:10:30 | 01,044,464 | ---- | M] () -- C:\Users\Ryan\Desktop\How to write journal articles F09 iLearn.pptm
[2009/10/19 10:10:24 | 00,049,152 | ---- | M] () -- C:\Users\Ryan\Desktop\CHEM 422 LAB REPORTS.doc
[2009/10/18 20:06:16 | 00,047,104 | ---- | M] () -- C:\Users\Ryan\Desktop\grad_spreadsheet.doc
[2009/10/18 20:04:52 | 00,011,697 | ---- | M] () -- C:\Users\Ryan\Desktop\cucdcr.rar
[2009/10/18 18:38:35 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/10/18 18:38:35 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/10/18 18:38:35 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/10/18 18:38:34 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/10/18 18:33:05 | 00,001,800 | ---- | M] () -- C:\Users\Ryan\Desktop\Monitoring.RDP
[2009/10/18 17:59:18 | 00,049,483 | ---- | M] () -- C:\Users\Ryan\Desktop\groupreport.rar
[2009/10/18 17:26:47 | 12,524,032 | ---- | M] () -- C:\Users\Ryan\Desktop\Persistent Fall whole 10.17.09.doc
[2009/10/17 20:51:11 | 00,002,039 | ---- | M] () -- C:\Users\Ryan\Desktop\Google Chrome.lnk
[2009/10/17 19:21:31 | 00,034,816 | ---- | M] () -- C:\Windows\System32\drivers\tatertot.scr.sys
[2009/10/17 17:40:45 | 00,034,816 | ---- | M] () -- C:\Windows\System32\drivers\tatertot.sys
[2009/10/08 16:12:09 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\dxgkrnl.sys.mui
[2009/10/08 14:08:01 | 00,555,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009/10/08 14:08:01 | 00,234,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
[2009/10/08 14:07:59 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009/10/07 08:04:49 | 00,019,827 | ---- | M] () -- C:\Users\Ryan\Documents\Sentence Completion Responses.docx
[2009/10/05 07:12:47 | 00,027,136 | ---- | M] () -- C:\Users\Ryan\Documents\March 18th day of Action.doc
[2009/10/04 21:13:59 | 00,016,193 | ---- | M] () -- C:\Users\Ryan\Documents\Instructions for Sentence Completion Programs.docx
[2009/10/04 12:38:45 | 00,000,374 | ---- | M] () -- C:\Users\Ryan\Desktop\Documents.lnk
[2009/10/02 11:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe

========== Files - No Company Name ==========
[2009/10/31 13:49:05 | 00,291,328 | ---- | C] () -- C:\Users\Ryan\Desktop\89mz50xm.exe
[2009/10/30 13:25:43 | 00,088,576 | ---- | C] () -- C:\Users\Ryan\Documents\CHEM 422 Xylene.doc
[2009/10/30 04:05:22 | 00,000,162 | -H-- | C] () -- C:\Users\Ryan\Desktop\~$8_review_exam_2.doc
[2009/10/30 04:05:05 | 00,084,992 | ---- | C] () -- C:\Users\Ryan\Desktop\328_review_exam_2.doc
[2009/10/29 12:25:56 | 00,050,176 | ---- | C] () -- C:\Users\Ryan\Desktop\Foreign Outreach Centralized Info.xls
[2009/10/28 22:22:02 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/10/28 22:21:10 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/10/28 22:01:35 | 00,040,960 | ---- | C] () -- C:\Users\Ryan\Documents\Brain Worksheet.doc
[2009/10/28 22:01:26 | 00,029,452 | ---- | C] () -- C:\Users\Ryan\Documents\Brain Worksheet.docx
[2009/10/27 22:50:17 | 00,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/26 18:50:05 | 00,053,248 | ---- | C] () -- C:\Users\Ryan\Desktop\Foreign Contacts (1).doc
[2009/10/26 18:42:30 | 00,072,192 | ---- | C] () -- C:\Users\Ryan\Desktop\SUP ROLES! new.doc
[2009/10/26 16:39:41 | 00,795,746 | ---- | C] () -- C:\Users\Ryan\Desktop\woms_713_f08_f6.pdf
[2009/10/23 16:32:35 | 00,093,515 | ---- | C] () -- C:\Users\Ryan\Desktop\09.docx
[2009/10/23 13:21:59 | 00,056,320 | ---- | C] () -- C:\Users\Ryan\Desktop\March 18th Talking Points.doc
[2009/10/23 13:21:45 | 00,063,488 | ---- | C] () -- C:\Users\Ryan\Desktop\Actual Proposal 318.doc
[2009/10/22 12:19:30 | 00,039,424 | ---- | C] () -- C:\Users\Ryan\Desktop\SFSU General Assembly October 21, 2009.doc
[2009/10/22 01:21:11 | 00,346,924 | ---- | C] () -- C:\Users\Ryan\Desktop\Call of Cthulhu Savegame.zip
[2009/10/20 20:49:52 | 00,010,104 | ---- | C] () -- C:\Users\Ryan\Documents\CHEM 422 FAAS Results Abstract.docx
[2009/10/20 20:39:39 | 00,021,504 | ---- | C] () -- C:\Users\Ryan\Desktop\tables for method.doc
[2009/10/20 20:38:45 | 00,181,384 | ---- | C] () -- C:\Users\Ryan\Desktop\es802544n.pdf
[2009/10/20 08:55:35 | 00,129,024 | ---- | C] () -- C:\Users\Ryan\Documents\CHEM 422 FAAS.doc
[2009/10/19 23:00:38 | 00,053,248 | ---- | C] () -- C:\Users\Ryan\Desktop\Foreign Contacts.doc
[2009/10/19 22:51:44 | 02,617,480 | ---- | C] () -- C:\Users\Ryan\Desktop\1-01 The Birds and the Bees - Thinking about Sex and Gender.mp3
[2009/10/19 22:32:23 | 00,062,976 | ---- | C] () -- C:\Users\Ryan\Desktop\Minutes101509.doc
[2009/10/19 18:13:22 | 00,331,264 | ---- | C] () -- C:\Users\Ryan\Desktop\dds.scr
[2009/10/19 18:00:35 | 00,106,424 | ---- | C] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2009/10/19 17:56:32 | 00,041,420 | ---- | C] () -- C:\Users\Ryan\Desktop\dixml.chm
[2009/10/19 17:55:47 | 00,000,914 | ---- | C] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2009/10/19 10:20:29 | 00,024,677 | ---- | C] () -- C:\Users\Ryan\Documents\CHEM 422 FAAS.docx
[2009/10/19 10:10:29 | 01,044,464 | ---- | C] () -- C:\Users\Ryan\Desktop\How to write journal articles F09 iLearn.pptm
[2009/10/19 10:10:24 | 00,049,152 | ---- | C] () -- C:\Users\Ryan\Desktop\CHEM 422 LAB REPORTS.doc
[2009/10/18 20:06:14 | 00,047,104 | ---- | C] () -- C:\Users\Ryan\Desktop\grad_spreadsheet.doc
[2009/10/18 20:04:52 | 00,011,697 | ---- | C] () -- C:\Users\Ryan\Desktop\cucdcr.rar
[2009/10/18 17:59:18 | 00,049,483 | ---- | C] () -- C:\Users\Ryan\Desktop\groupreport.rar
[2009/10/18 17:26:18 | 12,524,032 | ---- | C] () -- C:\Users\Ryan\Desktop\Persistent Fall whole 10.17.09.doc
[2009/10/17 19:36:14 | 21,455,83104 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/17 17:40:45 | 00,034,816 | ---- | C] () -- C:\Windows\System32\drivers\tatertot.sys
[2009/10/17 17:38:15 | 00,034,816 | ---- | C] () -- C:\Windows\System32\drivers\tatertot.scr.sys
[2009/10/05 07:12:46 | 00,027,136 | ---- | C] () -- C:\Users\Ryan\Documents\March 18th day of Action.doc
[2009/10/04 12:38:45 | 00,000,374 | ---- | C] () -- C:\Users\Ryan\Desktop\Documents.lnk
[2009/09/29 12:08:42 | 03,213,794 | -H-- | C] () -- C:\Users\Ryan\AppData\Local\IconCache.db
[2009/09/25 22:43:11 | 00,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/25 22:43:11 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/09/23 07:38:12 | 00,000,680 | ---- | C] () -- C:\Users\Ryan\AppData\Local\d3d9caps.dat
[2009/09/21 16:48:02 | 00,000,024 | ---- | C] () -- C:\Windows\tb60.ini
[2009/09/21 16:48:02 | 00,000,024 | ---- | C] () -- C:\Windows\tb50.ini
[2009/09/21 16:29:53 | 00,000,321 | ---- | C] () -- C:\Windows\winhlp32.ini
[2009/09/21 16:29:53 | 00,000,321 | ---- | C] () -- C:\Windows\winhelp.ini
[2009/09/21 16:24:45 | 00,000,551 | ---- | C] () -- C:\Windows\omnic32.ini
[2009/09/21 16:21:23 | 00,001,278 | ---- | C] () -- C:\Windows\OMUPDATE.INI
[2009/09/20 16:02:37 | 00,000,113 | ---- | C] () -- C:\Windows\photoimpression.ini
[2009/09/20 16:02:37 | 00,000,029 | ---- | C] () -- C:\Windows\videoimp.ini
[2009/09/20 16:01:36 | 00,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009/09/17 03:03:40 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/07 19:51:34 | 00,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/08/07 04:32:55 | 00,088,672 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/07 04:32:55 | 00,088,672 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/29 16:17:26 | 00,021,504 | -H-- | C] () -- C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/06 19:57:50 | 00,037,841 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Comma Separated Values (Windows).ADR
[2009/07/05 16:47:50 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/07/05 10:18:50 | 00,000,150 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009/06/20 19:47:18 | 00,048,104 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\nvModes.001
[2009/06/20 19:47:10 | 00,048,104 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\nvModes.dat
[2009/06/08 19:28:58 | 00,102,248 | -H-- | C] () -- C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/13 14:59:06 | 00,229,376 | ---- | C] () -- C:\Windows\System32\ISP2000.dll
[2007/12/14 00:09:56 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/12/13 16:30:00 | 00,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/03 16:25:56 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 05:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/11/03 11:45:04 | 00,000,488 | ---- | C] () -- C:\Windows\turbo32.ini
[2001/11/14 11:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/02/01 04:00:00 | 00,000,189 | ---- | C] () -- C:\Windows\NicBib.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:62E2D794
< End of report >

4. I downloaded the randomly-named GMER .exe, disconnected from the internet, turned off Symantec Endpoint protection and ran it as instructed. ~3 minutes in it stopped responding and I got a BSOD with a "STOP" error followed by a string of numbers and x's that I didn't copy down. On restart I booted Safe Mode using F8 and ran GMER again under the same conditions. This time it again stopped responding after ~3 minutes and this error message popped up:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 1000008e
BCP1: C0000005
BCP2: 82078D45
BCP3: 9F5DFA54
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini103109-01.dmp
C:\Users\Ryan\AppData\Local\Temp\WER-150166-0.sysdata.xml
C:\Users\Ryan\AppData\Local\Temp\WERB6D0.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=501...mp;clcid=0x0409

#6 myrti

Sillyberry

Malware Study Hall Admin
33,779 posts
OFFLINE

Gender:Female
Location:At home
Local time:02:54 PM

Posted 01 November 2009 - 05:39 AM

Hi,

your logs show, that you have an external flash drive that executes a file:

I:\tmp.folder\restore.exe
F:\_cache.tmp\gam3.exe
folder.tmp/tmp.exe

Do you want those files to be executed upon connection, or are they unknown to you?

Please try the sophos Antirootkitscanner (ARK) next:
lease download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.

Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now". Click Yes.
Make sure the following are checked:
- Running processes
- Windows Registry
- Local Hard Drives
Click Start scan.
Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
- Files tagged as Removable: No are not marked for removal and cannot be removed.
- Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
- Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
After reboot, a dialog box displays the files you selected for removal and the action taken.
Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.

Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.

Disconnect from the Internet or physically unplug you Internet cable connection.
Clean out your temporary files.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:otl
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-8439818098-2080355288-076337672-6009\dllrun32.exe) - C:\RECYCLER\S-1-5-21-8439818098-2080355288-076337672-6009\dllrun32.exe File not found
O20 - HKCU Winlogon: Shell - ("C:\Users\Ryan\fbbv.exe") - C:\Users\Ryan\fbbv.exe File not found

Then click the Run Fix button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

================================Follow up scan=================================

Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Please post back the logs from OTL and Sophos in your next reply.

regards _temp_

is that a bird? a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

Follow BleepingComputer on: Facebook | Twitter | Google+

#7 Purgatorios

Topic Starter

Members
29 posts
OFFLINE

Local time:05:54 AM

Posted 05 November 2009 - 01:54 PM

Hey Temp, sorry for the delay, it's been a week.

I don't know what those files are, so I'm not sure if I want them to be executed on connection. They're not needed to connect to my external hard drive (500 GB Iomega) are they?

Here's the Sophas Log:

Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 11/2/2009 at 23:49:17 PM
User "Ryan" on computer "RYAN"
Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\DRIVERS\monitor.sys[MonitorWMI]
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Windows\System32\vcredist_x86.exe
Hidden: file C:\Windows\System32\drivers\sptd.sys
Hidden: file C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0X7TMK09\2%26l%3Dlrec%26en%3Dutf-8%26rn%3D1222464591975%26em%3D%257b%2522site-attribute%2522%253a%2522content%253d%2527no_expandable%2527%257d%2522%26t_e%3D1%26[1].htm
Hidden: file C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0X7TMK09\1%26l%3Dlrec%26en%3Dutf-8%26rn%3D1222464543275%26em%3D%257b%2522site-attribute%2522%253a%2522content%253d%2527no_expandable%2527%257d%2522%26t_e%3D1%26[1].htm
Hidden: file C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JFBR89U8\g12PenMv1PdLf1_n1a1;ts=293653;smuid=cqRtsVLLc7Y5v9dNaoT6vC3UVlDNuVine-2bbsxu;p=ui%3DcqRtsVLLc7Y5v9dNaoT6vC3UVlDNuVine-2bbsxu%3Btr%3DETkivukww5n%3Btm%3D0-0[1]
Hidden: file C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0X7TMK09\1%26l%3Dlrec%26en%3Dutf-8%26rn%3D1222464616386%26em%3D%257b%2522site-attribute%2522%253a%2522content%253d%2527no_expandable%2527%257d%2522%26t_e%3D1%26[1].htm
Hidden: file C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQBSEWIT\=wpni-sleuth-2009-04-_never_mind_north_korean;wpid=politics__never_mind_north_korean;cn=yes;pnode=technology;ad=lb;sz=728x90;tile=1;ord=255304616407905470[1]
Hidden: file C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQBSEWIT\ind_north_korean;wpid=politics__never_mind_north_korean;cn=yes;pnode=technology;ad=ss;ad=bb;ad=hp;sz=160x600,300x250,336x850;tile=2;ord=255304616407905470[1]
Hidden: file C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQBSEWIT\%3Bl=3732%3Bc=9546%3Bb=44076%3Bp=ui%3DcqRtsVLLc7Y5v9dNaoT6vC3UVlDNuVine-2bbsxu%3Btr%3DETkivukww5n%3Btm%3D0-0%3Bts=20090427181550%3Bdct=;ord=20090427181550[1]
Hidden: file C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQBSEWIT\%3Bkvmar%3D1%3Bkvinc%3D4%3Bkvocc%3Docc2%3Bkvr%3D20%3A138%3Bkvtid%3D14r0u720smpfj2%3Bkvseg%3D99999%3A50280%3A60326%3Bnodecode%3Dyes%3Blink%3D;ord=870836386[1]
Hidden: file C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q97OMRML\%3Bkvmar%3D1%3Bkvinc%3D4%3Bkvocc%3Docc2%3Bkvr%3D20%3A138%3Bkvtid%3D14r0u720smpfj2%3Bkvseg%3D99999%3A50280%3A60326%3Bnodecode%3Dyes%3Blink%3D;ord=870897387[1]
Hidden: file C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQBSEWIT\g12PenMv1PdLf1_n1a1;ts=887400;smuid=cqRtsVLLc7Y5v9dNaoT6vC3UVlDNuVine-2bbsxu;p=ui%3DcqRtsVLLc7Y5v9dNaoT6vC3UVlDNuVine-2bbsxu%3Btr%3DCA7OHpf_-kh%3Btm%3D0-0[1]
Hidden: file C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JFBR89U8\g12PenMv1PdLf1_n1a1;ts=775592;smuid=cqRtsVLLc7Y5v9dNaoT6vC3UVlDNuVine-2bbsxu;p=ui%3DcqRtsVLLc7Y5v9dNaoT6vC3UVlDNuVine-2bbsxu%3Btr%3DG_J1O8z77L5%3Btm%3D0-0[1]
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_ja-jp_19c676722d33e83c_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_da-dk_e026379f221a4f7f_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_sr-..-cs_e9a17e7755f46922_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-lua-filevirtualization_31bf3856ad364e35_6.0.6001.18000_none_67e124d3a49aab2c_luafv.sys_602842f9
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-msfs_31bf3856ad364e35_6.0.6001.18000_none_a670403b1cec669b_msfs.sys_ea96697c
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6001.18000_de-de_7690f3c33712eed0_bootmgr.exe.mui_c434701f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasbase.resources_31bf3856ad364e35_6.0.6001.18000_en-us_5e179145b5a15caa_rascfg.dll.mui_0b036e1f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasbase.resources_31bf3856ad364e35_6.0.6001.18000_en-us_5e179145b5a15caa_ndptsp.tsp.mui_5bee9ce3
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-u..anagement.resources_31bf3856ad364e35_6.0.6001.18000_en-us_0542f5962a6bc4da_powrprof.dll.mui_a2448a34
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_hu-hu_7035f5feea278701_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_da-dk_bcad5896a52ea4c7_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2_spldr.sys_98bd87a0
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-winlogon-sysntfy_31bf3856ad364e35_6.0.6001.18000_none_5572f3220fb3454e_sysntfy.dll_6c0b60ae
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_th-th_751c5217a960ac1f_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_nb-no_1d9669ec1dbef758_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6001.18000_sv-se_049dcbe56e1f0097_bootmgr.exe.mui_c434701f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_pl-pl_ea3e7a1bde185297_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_6.0.6001.18000_en-us_1c7cf8b430294a56_winload.exe.mui_3bc5b827
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_6.0.6001.18000_en-us_1c7cf8b430294a56_winresume.exe.mui_ff8b5358
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_sl-si_6d90e0ed5987b092_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.0.6001.18000_none_cedd4665f13650d7_w32topl.dll_1a0f388b
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.0.6001.18000_none_cedd4665f13650d7_ntdsapi.dll_23e20303
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntlanman_31bf3856ad364e35_6.0.6001.18000_none_301115c4e2a0204f_ntlanman.dll_0a73d68d
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6001.18000_it-it_ac2c92e5f01be81a_bootmgr.exe.mui_c434701f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-session0viewer_31bf3856ad364e35_6.0.6001.18000_none_e1e6e80246adfe72_ui0detect.exe_639495e3
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-session0viewer_31bf3856ad364e35_6.0.6001.18000_none_e1e6e80246adfe72_wls0wndh.dll_dbf333a5
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-usermodensi_31bf3856ad364e35_6.0.6001.18000_none_726222dfc773e0a2_winnsi.dll_53ccebf2
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-usermodensi_31bf3856ad364e35_6.0.6001.18000_none_726222dfc773e0a2_nsisvc.dll_7733cdbc
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-usermodensi_31bf3856ad364e35_6.0.6001.18000_none_726222dfc773e0a2_nsi.dll_e72df756
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-usermodensi_31bf3856ad364e35_6.0.6001.18000_none_726222dfc773e0a2_nsiproxy.sys_ebb6a83d
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-htmlhelp_31bf3856ad364e35_6.0.6001.18000_none_c855f6b284bc7b14_hhsetup.dll_37c1de59
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-htmlhelp_31bf3856ad364e35_6.0.6001.18000_none_c855f6b284bc7b14_hhctrl.ocx_38c869db
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-htmlhelp_31bf3856ad364e35_6.0.6001.18000_none_c855f6b284bc7b14_hh.exe_f87e0044
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-null_31bf3856ad364e35_6.0.6001.18000_none_a965ed7d1afd0ac7_null.sys_e821cef0
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_hu-hu_4cbd16f66d3bdc49_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_et-ee_e48156af741ab710_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_es-es_eac18b1f7014da81_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2_wmsgapi.dll_2b5c2330
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2_wininit.exe_7a527f28
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_he-il_6ce51d58ec36b8d3_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_zh-tw_e9c54a97f7616660_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6001.18000_en-us_1f81c9bc25f0fa95_bootmgr.exe.mui_c434701f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_pt-pt_ed74342bdc115657_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-spp-main.resources_31bf3856ad364e35_6.0.6001.18000_en-us_c0b53a8159c722b4_spp.dll.mui_42138158
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-spp-main.resources_31bf3856ad364e35_6.0.6001.18000_en-us_c0b53a8159c722b4_sxproxy.dll.mui_f9d8f818
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-font-registrysettings_31bf3856ad364e35_6.0.6001.18000_none_95b1533bb11caa04_muifontsetup.dll_47a24edd
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_42ec57782bd45380_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6001.18000_nl-nl_d88dbb1aaef8f69c_bootmgr.exe.mui_c434701f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-vssapi.resources_31bf3856ad364e35_6.0.6001.18000_en-us_e59015a0d33476a3_vsstrace.dll.mui_3a1fe238
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_zh-tw_c64c6b8f7a75bba8_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntdll.resources_31bf3856ad364e35_6.0.6001.18000_en-us_6894b3155c21f399_ntdll.dll.mui_d908d391
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_sl-si_4a1801e4dc9c05da_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_sr-..-cs_71cde8e72fff4cd8_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_tr-tr_146bef4449b8b7d1_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-o..ct-picker.resources_31bf3856ad364e35_6.0.6001.18000_en-us_66d301d28fce44cb_objsel.dll.mui_9b915792
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-d..vices-sam.resources_31bf3856ad364e35_6.0.6001.18000_en-us_14803e6f3f7776ed_samsrv.dll.mui_32250491
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_1f73786faee8a8c8_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-fmifs_31bf3856ad364e35_6.0.6001.18000_none_570e7185319735c5_fmifs.dll_cfc1a67d
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_fi-fi_25290465080f93ad_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_da-dk_44d9c3067f39887d_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_tr-tr_f0f3103bcccd0d19_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-international-core_31bf3856ad364e35_6.0.6001.18000_none_e9aa6488d9c10036_nlscoremig.dll_0ee3acd5
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-international-core_31bf3856ad364e35_6.0.6001.18000_none_e9aa6488d9c10036_muiunattend.exe_1e11bb40
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-international-core_31bf3856ad364e35_6.0.6001.18000_none_e9aa6488d9c10036_normaliz.dll_52d7bdd6
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-international-core_31bf3856ad364e35_6.0.6001.18000_none_e9aa6488d9c10036_nlsdl.dll_ab3730f3
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-international-core_31bf3856ad364e35_6.0.6001.18000_none_e9aa6488d9c10036_idndl.dll_abbe5c4b
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_he-il_496c3e506f4b0e1b_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-imagesp1_31bf3856ad364e35_6.0.6001.18000_none_e467f63cf2ac1d83_imagesp1.dll_44a03179
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mprmsg.resources_31bf3856ad364e35_6.0.6001.18000_en-us_84dfd6e9cdc1fd73_mprmsg.dll.mui_210d8c31
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_zh-cn_e5c90d41f9f089f0_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_nb-no_a5c2d45bf7c9db0e_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-transactionmanagerapi_31bf3856ad364e35_6.0.6001.18000_none_56d7500bd3f81b9d_ktmw32.dll_835a43ee
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.0.6001.18000_none_f29824c60705c394_mountmgr.sys_77371b26
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.0.6001.18000_none_f29824c60705c394_msmmsp.dll_eaaf0717
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_fi-fi_01b0255c8b23e8f5_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.0.6001.18000_none_a544ccc10a8aaf8d_lsm.exe_ecbd567a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-recdisc-main_31bf3856ad364e35_6.0.6001.18000_none_847bfa71b3a145b1_recdisc.exe_20690b49
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-recdisc-main_31bf3856ad364e35_6.0.6001.18000_none_847bfa71b3a145b1_sdspres.dll_2c08bd30
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_zh-cn_c2502e397d04df38_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-shell32.resources_31bf3856ad364e35_6.0.6001.18000_en-us_59a9c699d8dba3f4_shell32.dll.mui_19f538b4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-videoport_31bf3856ad364e35_6.0.6001.18000_none_bc1a4c13046479cc_videoprt.sys_3ed5b0a0
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-smartcardksp.resources_31bf3856ad364e35_6.0.6001.18000_en-us_07148d403b8dc950_basecsp.dll.mui_04bea7ac
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-smartcardksp.resources_31bf3856ad364e35_6.0.6001.18000_en-us_07148d403b8dc950_scksp.dll.mui_05f14191
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-cabinet_31bf3856ad364e35_6.0.6001.18000_none_373f511ce1ebb446_cabinet.dll_7ab07912
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_ru-ru_cf63ba8863d3ab85_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_hu-hu_d4e981664746bfff_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-useros_31bf3856ad364e35_6.0.6001.18000_none_cd6eb4d16d2cf177_dxapi.sys_be04d03f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-a..es-interface-router_31bf3856ad364e35_6.0.6001.18000_none_57f606a87e892d47_activeds.dll_662643d7
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-a..es-interface-router_31bf3856ad364e35_6.0.6001.18000_none_57f606a87e892d47_activeds.tlb_662648dd
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-cryptdll-dll_31bf3856ad364e35_6.0.6001.18000_none_059e85e6adc57125_cryptdll.dll_e0da7eac
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-lua_31bf3856ad364e35_6.0.6001.18000_none_a64a5d325ccb6b78_appinfo.dll_6162d887
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-lua_31bf3856ad364e35_6.0.6001.18000_none_a64a5d325ccb6b78_consent.exe_9075a1c2
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6001.18000_ko-kr_f1bbeea7d5a7c10b_bootmgr.exe.mui_c434701f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_zh-tw_4e78d5ff54809f5e_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_sl-si_d2446c54b6a6e990_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-winsock-legacy_31bf3856ad364e35_6.0.6001.18000_none_e36536a91186bed0_rnr20.dll_bacdc17a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-winsock-legacy_31bf3856ad364e35_6.0.6001.18000_none_e36536a91186bed0_wsock32.dll_fe807716
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-duser_31bf3856ad364e35_6.0.6001.18000_none_5a74ae48fc7a81f9_duser.dll_a2bd2fa9
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-pshed.resources_31bf3856ad364e35_6.0.6001.18000_en-us_9394449c79246091_pshed.dll.mui_d7f9a40f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6001.18000_el-gr_1f2721562628575e_bootmgr.exe.mui_c434701f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7698ba05e403d673_winload.exe.mui_3bc5b827
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7698ba05e403d673_winresume.exe.mui_ff8b5358
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_a79fe2df88f38c7e_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-newdev.resources_31bf3856ad364e35_6.0.6001.18000_en-us_730bae8c1c89c7a4_newdev.exe.mui_6ce4084e
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-newdev.resources_31bf3856ad364e35_6.0.6001.18000_en-us_730bae8c1c89c7a4_newdev.dll.mui_914efc6c
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6001.18000_pt-br_211e004092a4f834_bootmgr.exe.mui_c434701f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6001.18000_ja-jp_4e5211f2e336f9f5_bootmgr.exe.mui_c434701f
Hidden: file C:\Program Files\uTorrent\uTorrent.exe
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_caf8918b0416723a_winlogon.exe.mui_3280fc46
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_ru-ru_abeadb7fe6e800cd_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_tr-tr_791f7aaba6d7f0cf_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_he-il_d198a8c04955f1d1_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-setupapi.resources_31bf3856ad364e35_6.0.6001.18000_en-us_6a60cd527762378c_setupapi.dll.mui_bcc172a4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_fr-fr_28c575b705c7b7e5_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-csrsrv_31bf3856ad364e35_6.0.6001.18000_none_c9873705a55da1c9_csrsrv.dll_f50da7f9
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_lt-lt_fc47f3c0b4ad41f1_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rpc-local.resources_31bf3856ad364e35_6.0.6001.18000_en-us_9bbb9e9dbd8b3102_rpcrt4.dll.mui_9745823e
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_bg-bg_97e2e0dd3e4c7755_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_zh-hk_e47405cffacbfc80_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_fr-fr_054c96ae88dc0d2d_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_zh-cn_4a7c98a9570fc2ee_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-verifier_31bf3856ad364e35_6.0.6001.18000_none_ca053562c8ad6ab8_verifier.dll_7b1988f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_de-de_dd51ccdb23f0a419_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6001.18000_pl-pl_1eca159c941b6450_bootmgr.exe.mui_c434701f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-shacct_31bf3856ad364e35_6.0.6001.18000_none_c60233aa21754c22_shacct.dll_f953c950
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-bootvid_31bf3856ad364e35_6.0.6001.18000_none_38797b7986345c9b_bootvid.dll_c188118d
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_fi-fi_89dc8fcc652eccab_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_6.0.6001.18000_none_61f4bb21dabbb034_mskssrv.sys_10d1b7c8
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_6.0.6001.18000_none_61f4bb21dabbb034_mspqm.sys_11b724dd
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_6.0.6001.18000_none_61f4bb21dabbb034_mstee.sys_2854b445
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_6.0.6001.18000_none_61f4bb21dabbb034_mspclock.sys_3f0d93c5
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_zh-hk_c0fb26c77de051c8_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_de-de_b9d8edd2a704f961_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_sv-se_6b5ea4fd5afcb5e0_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-cryptui-dll.resources_31bf3856ad364e35_6.0.6001.18000_en-us_03622e369e5948fa_cryptui.dll.mui_9728c1dd
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_ro-ro_ccfb6efc6558e8b5_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63_rasauto.dll_17a2420d
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63_rasacd.sys_43640ee7
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63_rasautou.exe_477abe34
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63_rasadhlp.dll_7438be63
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.0.6001.18000_none_2457cee334d93e6f_asyncmac.sys_095e4be2
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-user32.resources_31bf3856ad364e35_6.0.6001.18000_en-us_3dfdf7ca2b1d3a0d_user32.dll.mui_14652dbb
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6001.18000_es-es_1f4d26a02617ec3a_bootmgr.exe.mui_c434701f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_ar-sa_f1a2ff544dcc25fe_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_lt-lt_d8cf14b837c19739_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6001.18000_pt-pt_21ffcfac92146810_bootmgr.exe.mui_c434701f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasbase-rasl2tp_31bf3856ad364e35_6.0.6001.18000_none_99dc4c9ce7ee4a46_rasl2tp.sys_d69e0fa7
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_bg-bg_746a01d4c160cc9d_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang_31bf3856ad364e35_6.0.6001.18000_none_56df4b78e3fe4e3f_mlang.dll_211e02a3
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-lua.resources_31bf3856ad364e35_6.0.6001.18000_en-us_ee8aca026c4f12d5_consent.exe.mui_2eb3b9db
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-lua.resources_31bf3856ad364e35_6.0.6001.18000_en-us_ee8aca026c4f12d5_appinfo.dll.mui_cfd93456
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-standardvga_31bf3856ad364e35_6.0.6001.18000_none_9c8c3185d9ffbc7b_vga256.dll_0bcccb05
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-standardvga_31bf3856ad364e35_6.0.6001.18000_none_9c8c3185d9ffbc7b_vga64k.dll_1f739fe3
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-standardvga_31bf3856ad364e35_6.0.6001.18000_none_9c8c3185d9ffbc7b_framebuf.dll_3e9737b8
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-standardvga_31bf3856ad364e35_6.0.6001.18000_none_9c8c3185d9ffbc7b_vga.sys_ccdb57c9
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-standardvga_31bf3856ad364e35_6.0.6001.18000_none_9c8c3185d9ffbc7b_vga.dll_ccdb7ea2
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-uxtheme_31bf3856ad364e35_6.0.6001.18000_none_a5e49ad4068f9b12_uxtheme.dll_9f6cda06
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-wmi-events_31bf3856ad364e35_6.0.6001.18000_none_b059e60a8c3b4fd3_ncobjapi.dll_5ea29a86
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-irdaircomm_31bf3856ad364e35_6.0.6001.18000_none_28917c0b24a96889_irenum.sys_58570547
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6001.18000_nb-no_da4e6fdcadccecc7_bootmgr.exe.mui_c434701f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-lsa.resources_31bf3856ad364e35_6.0.6001.18000_en-us_86a7d451969b5727_lsass.exe.mui_00d4b6cf
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-lsa.resources_31bf3856ad364e35_6.0.6001.18000_en-us_86a7d451969b5727_lsasrv.dll.mui_d47f7e1c
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-object-picker_31bf3856ad364e35_6.0.6001.18000_none_0f95da960c947ce6_objsel.dll_9d6ddd89
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasbase-raspptp_31bf3856ad364e35_6.0.6001.18000_none_99ef1ed8e7d6dd1c_raspptp.sys_25e89db1
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_ru-ru_341745efc0f2e483_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_en-us_8642a2d412ceafde_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_it-it_12ed6bfddcf99d63_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_sv-se_47e5c5f4de110b28_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_sk-sk_6e7ebf3558ed9daf_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_nl-nl_3f4e94329bd6abe5_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-unimodem-core_31bf3856ad364e35_6.0.6001.18000_none_949832cbd48def6a_uniplat.dll_290fd479
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-unimodem-core_31bf3856ad364e35_6.0.6001.18000_none_949832cbd48def6a_rootmdm.sys_69a65c29
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6001.18000_da-dk_79655e87353c9a36_bootmgr.exe.mui_c434701f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-s..temclient.resources_31bf3856ad364e35_6.0.6001.18000_en-us_d23e7e160398aa74_winscard.dll.mui_4a82d97e
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_ro-ro_a9828ff3e86d3dfd_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_en-us_62c9c3cb95e30526_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-syssetup_31bf3856ad364e35_6.0.6001.18000_none_70d08bcd97b6cb5a_syssetup.dll_d4039292
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_ar-sa_ce2a204bd0e07b46_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_it-it_ef748cf5600df2ab_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mprmsg_31bf3856ad364e35_6.0.6001.18000_none_138df44a53630348_mprmsg.dll_6fff912a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.0.6001.18000_none_4849149a305ec4a4_psbase.dll_b29bce30
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.0.6001.18000_none_4849149a305ec4a4_pstorec.dll_b3635d22
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.0.6001.18000_none_4849149a305ec4a4_pstorsvc.dll_edc49796
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6001.18000_hu-hu_09751ce6fd49d1b8_bootmgr.exe.mui_c434701f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft.windows.s..se.scsi_port_driver_31bf3856ad364e35_6.0.6001.18000_none_e5802de32a1ecd4a_scsiport.sys_40c5fe6c
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-wmilib_31bf3856ad364e35_6.0.6001.18000_none_5954fa57042cb14a_wmilib.sys_0dcce989
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.0.6001.18000_none_cbb305c23187855a_wshtcpip.dll_7ee2ca52
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.0.6001.18000_none_cbb305c23187855a_wship6.dll_db4127c3
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-kernel32.resources_31bf3856ad364e35_6.0.6001.18000_en-us_3d1ac37e25447997_kernel32.dll.mui_c29170cd
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_hr-hr_6f01d038eaea2599_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-cryptnet-dll_31bf3856ad364e35_6.0.6001.18000_none_17194119fbd5b944_cryptnet.dll_e44c577b
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c_csrss.exe_06529458
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_zh-hk_4927913757eb357e_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasserver_31bf3856ad364e35_6.0.6001.18000_none_aba9395767cce10f_iprtrmgr.dll_50f5fe79
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasserver_31bf3856ad364e35_6.0.6001.18000_none_aba9395767cce10f_iprtprio.dll_5829c3c7
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasserver_31bf3856ad364e35_6.0.6001.18000_none_aba9395767cce10f_rasmigplugin.dll_7ee2aa40
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasserver_31bf3856ad364e35_6.0.6001.18000_none_aba9395767cce10f_mprdim.dll_8e5e0893
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasserver_31bf3856ad364e35_6.0.6001.18000_none_aba9395767cce10f_rtm.dll_dbf434cd
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-profsvc.resources_31bf3856ad364e35_6.0.6001.18000_en-us_66bc13e20473e4ba_profsvc.dll.mui_32482e9e
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_de-de_42055842810fdd17_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-xmllite_31bf3856ad364e35_6.0.6001.18000_none_893b7e92a34e8e37_xmllite.dll_ce078c31
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6001.18000_zh-tw_830471800a83b117_bootmgr.exe.mui_c434701f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_fr-fr_8d79011e62e6f0e3_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_sk-sk_4b05e02cdc01f2f7_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_nl-nl_1bd5b52a1eeb012d_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_lt-lt_60fb7f2811cc7aef_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-a..on-authui.resources_31bf3856ad364e35_6.0.6001.18000_en-us_8b7c976e9d097aee_authui.dll.mui_19b92789
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.0.6001.18000_none_0505a2ecc0013ebd_ddrawex.dll_2aa2f829
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.0.6001.18000_none_0505a2ecc0013ebd_ddraw.dll_8f1f5d02
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_dc2b7e603ef69e37_bootmgr.exe.mui_c434701f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_lv-lv_fd156244b42b82e1_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-htmlhelp-infotech_31bf3856ad364e35_6.0.6001.18000_none_f6a3ed1413ba3d1f_itircl.dll_dafa7917
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-htmlhelp-infotech_31bf3856ad364e35_6.0.6001.18000_none_f6a3ed1413ba3d1f_itss.dll_f5d929eb
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_bg-bg_fc966c449b6bb053_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6001.18000_tr-tr_adab162c5cdb0288_bootmgr.exe.mui_c434701f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971_cntrtextmig.dll_08675f2d
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971_prflbmsg.dll_2e46e937
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971_loadperf.dll_3a569bab
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971_unlodctr.exe_69df45bb
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971_lodctr.exe_b02cefba
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_hr-hr_4b88f1306dfe7ae1_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-cdfs_31bf3856ad364e35_6.0.6001.18000_none_a667930f1cf3e8c6_cdfs.sys_02574081
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.0.6001.18000_none_efae39c59a10e503_wintrust.dll_abec426a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-tcpip.resources_31bf3856ad364e35_6.0.6001.18000_en-us_cc427958cd23fe9d_tcpipcfg.dll.mui_a5479fc1
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-tcpip.resources_31bf3856ad364e35_6.0.6001.18000_en-us_cc427958cd23fe9d_netiougc.exe.mui_ad7a9e4d
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4_ws2_32.dll_89b90cb6
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_sv-se_d0123064b81beede_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-msidle_31bf3856ad364e35_6.0.6001.18000_none_cb81dcdaa2a6e64a_msidle.dll_fb421a48
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-fileinfominifilter_31bf3856ad364e35_6.0.6001.18000_none_d6b4fb25314dd313_fileinfo.sys_9be2dfcd
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-x..nrollment.resources_31bf3856ad364e35_6.0.6001.18000_en-us_4d86a252c1abd936_certenrollctrl.exe.mui_3b48c5a6
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-x..nrollment.resources_31bf3856ad364e35_6.0.6001.18000_en-us_4d86a252c1abd936_certenroll.dll.mui_a77d5a29
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_ro-ro_31aefa63c27821b3_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6001.18000_zh-cn_7f08342a0d12d4a7_bootmgr.exe.mui_c434701f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_ko-kr_587cc7bfc2857654_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_en-us_eaf62e3b6fede8dc_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_ar-sa_56568abbaaeb5efc_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..isc-tools.resources_31bf3856ad364e35_6.0.6001.18000_en-us_e346d76f2137c952_expand.exe.mui_3f54e013
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..isc-tools.resources_31bf3856ad364e35_6.0.6001.18000_en-us_e346d76f2137c952_netmsg.dll.mui_ab0f7c73
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_uk-ua_b04bd1eb40e9de1d_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_lv-lv_d99c833c373fd829_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-netbios_31bf3856ad364e35_6.0.6001.18000_none_59e1b82a6b1f4ec0_netbios.sys_6f23c4df
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-netbios_31bf3856ad364e35_6.0.6001.18000_none_59e1b82a6b1f4ec0_wshnetbs.dll_77c16678
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_el-gr_85e7fa6e13060ca7_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_it-it_77a0f7653a18d661_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6001.18000_fi-fi_be682b4d1b31de64_bootmgr.exe.mui_c434701f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_pt-br_87ded9587f82ad7d_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_networking-mpssvc-svc.resources_31bf3856ad364e35_6.0.6001.18000_en-us_8768b4328e782ba0_firewallapi.dll.mui_43c7a05b
Hidden: file C:\Windows\winsxs\Backup\x86_networking-mpssvc-svc.resources_31bf3856ad364e35_6.0.6001.18000_en-us_8768b4328e782ba0_mpssvc.dll.mui_4b194b5f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-u..em-core-classdriver_31bf3856ad364e35_6.0.6001.18000_none_300482f0eeabdaad_modem.sys_10d2ecc1
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_ja-jp_b512eb0ad014af3e_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_ko-kr_3503e8b74599cb9c_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-s..-netlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_2fc384ea1ed029d0_netlogon.dll.mui_ecbeb9bd
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_uk-ua_8cd2f2e2c3fe3365_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_el-gr_626f1b65961a61ef_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-aclui_31bf3856ad364e35_6.0.6001.18000_none_550a5e1db3a6babc_aclui.dll_ebee9df6
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-sqmapi_31bf3856ad364e35_6.0.6001.18000_none_fe3db30d04ce3dab_sqmapi.dll_3755dd17
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-activexproxy_31bf3856ad364e35_6.0.6001.18000_none_120e336fea4a5696_actxprxy.dll_82133921
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_pt-br_6465fa50029702c5_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_ja-jp_919a0c0253290486_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_sk-sk_d3324a9cb60cd6ad_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-basesrv_31bf3856ad364e35_6.0.6001.18000_none_0ccaead5e3bacdd0_basesrv.dll_8c1ad808
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_nl-nl_a4021f99f8f5e4e3_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_th-th_1068c6b04c417321_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-time-service.resources_31bf3856ad364e35_6.0.6001.18000_en-us_5305ccd2941da220_w32time.dll.mui_b382d4b4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_6.0.6001.18000_en-us_b6e957608b0c1655_memtest.exe.mui_77b8cbcc
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_pl-pl_858aeeb480f91999_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6001.18000_ru-ru_68a2e17076f5f63c_bootmgr.exe.mui_c434701f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_th-th_ecefe7a7cf55c869_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.0.6001.18000_none_dcdfef64cc00e5fb_winsta.dll_4e6f9a4e
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_hr-hr_d3b55ba048095e97_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_pl-pl_62120fac040d6ee1_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-f..libraries.resources_31bf3856ad364e35_6.0.6001.18000_en-us_33e4c42fdeb16155_ulib.dll.mui_bb7d4db5
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_sr-..-cs_0d1a5d7fd2e013da_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-tdi-driver_31bf3856ad364e35_6.0.6001.18000_none_66ee488c35f6792a_tdi.sys_d1537112
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_et-ee_7fcdcb4816fb7e12_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_es-es_860dffb812f5a183_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-imagesp1.resources_31bf3856ad364e35_6.0.6001.18000_en-us_a3b1e5006b50d244_imagesp1.dll.mui_14e4c892
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_pt-pt_88c0a8c47ef21d59_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-failovercluster-client_31bf3856ad364e35_6.0.6001.18000_none_a64f31c652a84afa_clusapi.dll_06332635
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-failovercluster-client_31bf3856ad364e35_6.0.6001.18000_none_a64f31c652a84afa_resutils.dll_f05671f7
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-sens-service_31bf3856ad364e35_6.0.6001.18000_none_bbb92d01bef76409_sens.dll_d4c507f7
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_lv-lv_61c8edac114abbdf_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-com-base_31bf3856ad364e35_6.0.6001.18000_none_0dee367726857e43_oleres.dll_2eae8210
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-com-base_31bf3856ad364e35_6.0.6001.18000_none_0dee367726857e43_comcat.dll_8571d1d1
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_et-ee_5c54ec3f9a0fd35a_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-hlink_31bf3856ad364e35_6.0.6001.18000_none_57c22b07641ba9c6_hlink.dll_1851e30c
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_es-es_629520af9609f6cb_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.0.6001.18000_none_da73ab3e1517f045_iscsicli.exe_20e14d4f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.0.6001.18000_none_da73ab3e1517f045_iscsidsc.dll_20ed5065
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.0.6001.18000_none_da73ab3e1517f045_iscsiexe.dll_211359bf
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.0.6001.18000_none_da73ab3e1517f045_iscsiwmi.dll_272dd9e6
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.0.6001.18000_none_da73ab3e1517f045_iscsied.dll_e933fb0e
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.0.6001.18000_none_da73ab3e1517f045_iscsium.dll_edf4260f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.0.6001.18000_none_c730eb5dc6553c1b_wtsapi32.dll_470d4d41
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6001.18000_zh-hk_7db32cb80dee4737_bootmgr.exe.mui_c434701f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.0.6001.18000_pt-pt_6547c9bc020672a1_comctl32.dll.mui_0da4e682
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.0.6001.18000_nb-no_410f48f49aaaa210_mlang.dll.mui_2904864a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_ko-kr_bd3053271fa4af52_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_uk-ua_14ff5d529e09171b_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6001.18000_fr-fr_c2049c9f18ea029c_bootmgr.exe.mui_c434701f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_el-gr_ea9b85d5702545a5_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641_ws2ifsl.sys_2d588da9
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.0.6001.18000_pt-br_ec9264bfdca1e67b_comdlg32.dll.mui_ac8e62f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-msls31_31bf3856ad364e35_8.0.6001.18702_none_aeeaf610b83f2e48_msls31.dll_8d36fcb7
Hidden: file C:\Program Files\ImgBurn\ImgBurn.exe
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.4.7600.226_en-us_3eed8fc4903631e2_wuaueng.dll.mui_297f975d
Hidden: file C:\ProgramData\Symantec\Definitions\VirusDefs\tmp17a0.tmp\CCERASER.DLL
Hidden: file C:\ProgramData\Symantec\Definitions\VirusDefs\tmp17a0.tmp\EECTRL.SYS
Hidden: file C:\ProgramData\Symantec\Definitions\VirusDefs\tmp17a0.tmp\NAVEX15.SYS
Hidden: file C:\Program Files\DivX\DivX Player\DivX Player.exe
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_ru-ru_922e80ceace72fef_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-m..update-genuineintel_31bf3856ad364e35_6.0.6002.18005_none_beab856daf6f1990_mcupdate_genuineintel.dll_940e6a7f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_uk-ua_7316983189fd6287_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.0.6002.18005_none_e3878c97b7915bdf_partmgr.sys_fcac898c
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.18005_none_5ac2574df94f7762_ntdll.dll_ae4ef39c
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_cf1bd6361a0f622e_shsvcs.dll_f8739230
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_da-dk_a2f0fde56b2dd3e9_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-msvcp60_31bf3856ad364e35_6.0.6002.18005_none_448d0d9cae814deb_msvcp60.dll_d804e509
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6002.18005_none_b3d9d2699e1659b0_samsrv.dll_b7a400ca
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6002.18005_none_b3d9d2699e1659b0_samlib.dll_caeebf04
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_nb-no_03da0f3ae3be267a_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da_mswsock.dll_e2ad0f2d
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3_netlogon.dll_90e0458e
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6002.18005_none_0fcbe0ed77911065_rasmxs.dll_0c54a828
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6002.18005_none_0fcbe0ed77911065_wanarp.sys_19b9c668
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6002.18005_none_0fcbe0ed77911065_ndptsp.tsp_2d5533f8
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6002.18005_none_0fcbe0ed77911065_rasdiag.dll_341d4299
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6002.18005_none_0fcbe0ed77911065_rascfg.dll_3bcc53bc
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6002.18005_none_0fcbe0ed77911065_rasser.dll_4231e658
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6002.18005_none_0fcbe0ed77911065_ndproxy.sys_4a9480d5
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6002.18005_none_0fcbe0ed77911065_ndistapi.sys_8cfad169
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6002.18005_none_0fcbe0ed77911065_kmddsp.tsp_c999e400
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-sendmail_31bf3856ad364e35_6.0.6002.18005_none_5cd4f36d1924f929_sendmail.dll_a8a54aff
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6002.18005_none_8da2227b631d87ae_gdiplus.dll_423f7010
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1_fontsub.dll_367a1189
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1_dciman32.dll_a41dd515
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1_lpk.dll_ebdc1de9
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1_atmlib.dll_fe5ca5c9
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1_atmfd.dll_ff796bf0
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.0.6002.18005_none_6cd64babf7d06785_vdsldr.exe_20c491b3
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.0.6002.18005_none_6cd64babf7d06785_vds.exe_cb461c29
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.0.6002.18005_none_6cd64babf7d06785_vdsutil.dll_f2ef43cf
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.0.6002.18005_none_6cd64babf7d06785_vds_ps.dll_fed45dfd
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_sl-si_305ba733a29b34fc_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.0.6002.18005_none_f3cfbfed292d8a55_esent.dll_35f49bdd
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-credui_31bf3856ad364e35_6.0.6002.18005_none_dd22c5cd8c0f3f54_credui.dll_c0e5bbea
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_hu-hu_3300bc45333b0b6b_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-x..rtificateenrollment_31bf3856ad364e35_6.0.6002.18005_none_f5822ffe8bc8ab63_certenrollctrl.exe_9495aa75
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-x..rtificateenrollment_31bf3856ad364e35_6.0.6002.18005_none_f5822ffe8bc8ab63_certenroll.dll_d6e4c532
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-s..nsing-slc.resources_31bf3856ad364e35_6.0.6002.18005_en-us_d0b83cb2a2f065b7_slsvc.exe.mui_999c1538
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18091_none_87a35e9f02db5bf5_tcpipreg.sys_e872d013
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-version_31bf3856ad364e35_6.0.6002.18005_none_16e9c83b4e078740_version.dll_406ddf44
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.18005_none_e3cdf5e97f7b2eb7_dnscacheugc.exe_aa32623e
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.18005_none_e3cdf5e97f7b2eb7_dnsapi.dll_c81f5791
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.18005_none_e3cdf5e97f7b2eb7_dnsrslvr.dll_faf65b7a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-eventlog-api_31bf3856ad364e35_6.0.6002.18005_none_ae1c7b28626bfdb3_wevtapi.dll_df064540
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c_afd.sys_084af4a8
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_zh-tw_ac9010de4074eaca_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_cs-cz_05b71dbe74e7d7ea_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-time-service_31bf3856ad364e35_6.0.6002.18005_none_8a92dcbb6a6c707b_w32time.dll_2a7540a9
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6002.18005_none_5b6a2308467356b7_gdi32.dll_1f014d57
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403_tdx.sys_d0cc4fd9
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_tr-tr_d736b58a92cc3c3b_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-dynamicvolumemanager_31bf3856ad364e35_6.0.6002.18005_none_deee3b0e834aa238_volmgrx.sys_f02896c6
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-s..icensing-slc-client_31bf3856ad364e35_6.0.6002.18005_none_c70ad3fba30f2730_slc.dll_d6ebf814
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-riched32_31bf3856ad364e35_6.0.6002.18005_none_9eec2ce27fbd701c_riched32.dll_fb508ddc
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-riched32_31bf3856ad364e35_6.0.6002.18005_none_9eec2ce27fbd701c_riched20.dll_fb578f95
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-hbaapi_31bf3856ad364e35_6.0.6002.18005_none_4aff25ef70419ecf_hbaapi.dll_4e36083f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_he-il_2fafe39f354a3d3d_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_fi-fi_e7f3caab51231817_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-t..cesframework-msimtf_31bf3856ad364e35_6.0.6002.18005_none_d370fd68e7be1c7e_msimtf.dll_e4ce9536
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-audio-mmecore-base_31bf3856ad364e35_6.0.6002.18005_none_b7cb35464ed1e6d3_winmm.dll_08d4f5e8
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-shdocvw_31bf3856ad364e35_6.0.6002.18005_none_e96066910907f91c_shdocvw.dll_3e0d5648
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6002.18005_none_5d5b3ae7daf59226_crypt32.dll_9c3ccf73
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-filtermanager-core_31bf3856ad364e35_6.0.6002.18005_none_12f4ebfe27eddcd1_fltmgr.sys_c6e91b41
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mup_31bf3856ad364e35_6.0.6002.18005_none_aeddc23a55a59404_mup.sys_ea6a9c41
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-eventlog_31bf3856ad364e35_6.0.6002.18005_none_deafd5260ffafad0_wevtsvc.dll_add42ce6
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-advapi32.resources_31bf3856ad364e35_6.0.6002.18005_en-us_1a74f13fadf6bae3_advapi32.dll.mui_28c7718f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_zh-cn_a893d38843040e5a_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-spp-main_31bf3856ad364e35_6.0.6002.18005_none_e6326fcda9fe9b59_sxproxy.dll_656c0445
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-spp-main_31bf3856ad364e35_6.0.6002.18005_none_e6326fcda9fe9b59_spp.dll_d7bb2b05
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18005_none_8985a6e9e33db02a_dfsc.sys_ff9a943d
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_vi-vn_1c0e42a078c99c5a_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6002.18005_none_5e419722778cc84e_imm32.dll_53c2ab30
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.18070_none_acbb07ec57117d17_atl.dll_0c7220db
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.0.6002.18005_none_596c3b639305e699_ks.sys_f36cc2f7
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.0.6002.18005_none_d83fb8abf30e1638_puiapi.dll_0bf3f842
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.0.6002.18005_none_d83fb8abf30e1638_puiobj.dll_343adf45
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.0.6002.18005_none_d83fb8abf30e1638_compstui.dll_a5f72f50
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.0.6002.18005_none_d83fb8abf30e1638_printui.exe_bb673fff
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.0.6002.18005_none_d83fb8abf30e1638_findnetprinters.dll_d9721533
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94_winload.exe_75835076
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94_winresume.exe_85cd1215
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07_gdiplus.dll_423f7010
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-fat_31bf3856ad364e35_6.0.6002.18005_none_b09ea48c5485f42b_fastfat.sys_0ffee946
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6002.18005_none_a2636a4a01e1af92_ci.dll_070fb998
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-o..inefiles-win32-apis_31bf3856ad364e35_6.0.6002.18005_none_ad5672dcf647053c_cscdll.dll_03753295
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-o..inefiles-win32-apis_31bf3856ad364e35_6.0.6002.18005_none_ad5672dcf647053c_cscapi.dll_f718286f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-vssapi_31bf3856ad364e35_6.0.6002.18005_none_d6d2575c7ee3769a_eventcls.dll_09ce86ba
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-vssapi_31bf3856ad364e35_6.0.6002.18005_none_d6d2575c7ee3769a_vssapi.dll_51f72c64
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-vssapi_31bf3856ad364e35_6.0.6002.18005_none_d6d2575c7ee3769a_vsstrace.dll_85c64e53
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-s..configurationengine_31bf3856ad364e35_6.0.6002.18005_none_bb105cbf85bc759d_scesrv.dll_07b1e224
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6002.18005_none_d945a2ac2bb19ac6_dhcpcsvc6.dll_39c77c46
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6002.18005_none_d945a2ac2bb19ac6_dhcpcsvc.dll_8155446a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6002.18005_none_d945a2ac2bb19ac6_dhcpcmonitor.dll_aa545cc8
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.0.6002.18005_none_d9692e8839c95372_certcli.dll_f553bbce
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-installer-handler_31bf3856ad364e35_6.0.6002.18005_none_e0c6022848f158d1_msihnd.dll_f541a087
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6002.18005_none_5669453d850ccabc_wshrm.dll_0c3acbc3
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6002.18005_none_5669453d850ccabc_rmcast.sys_fa0d18a3
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.0.6002.18005_en-us_5bf11cff56fe3219_adtschema.dll.mui_208d0981
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.0.6002.18005_en-us_5bf11cff56fe3219_msobjs.dll.mui_d054e07b
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.0.6002.18005_en-us_5bf11cff56fe3219_msaudite.dll.mui_dc90ce41
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.0.6002.18005_en-us_5bf11cff56fe3219_auditpol.exe.mui_df4767d7
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-newdev_31bf3856ad364e35_6.0.6002.18005_none_1361c4604dcae2ff_newdev.exe_7eb73dcd
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-newdev_31bf3856ad364e35_6.0.6002.18005_none_1361c4604dcae2ff_newdev.dll_7eb7622f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-f..temutilitylibraries_31bf3856ad364e35_6.0.6002.18005_none_eb81d0e3eccf24e4_ifsutil.dll_7d6905f6
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-f..temutilitylibraries_31bf3856ad364e35_6.0.6002.18005_none_eb81d0e3eccf24e4_ulib.dll_d1653396
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6002.18005_none_b036e19c54c66d2f_pacerprf.dll_656ec1bf
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6002.18005_none_b036e19c54c66d2f_traffic.dll_673bed71
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6002.18005_none_b036e19c54c66d2f_pacer.sys_c93de3d8
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6002.18005_none_b036e19c54c66d2f_wshqos.dll_f1749d15
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-wmi-core-wbemcomn-dll_31bf3856ad364e35_6.0.6002.18005_none_0566a709205437e7_wbemcomn.dll_e2337e3c
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6002.18005_none_273dbf533b731283_imagehlp.dll_41876e91
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6002.18005_none_273dbf533b731283_wmi.dll_cba0311d
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6002.18005_none_273dbf533b731283_fs_rec.sys_dfd2dd83
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.0.6002.18005_none_1948307cbc8d5ac3_netmsg.dll_52337068
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.0.6002.18005_none_1948307cbc8d5ac3_netrap.dll_8860c248
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.0.6002.18005_none_1948307cbc8d5ac3_expand.exe_f43b24c8
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6002.18005_none_8f8f0d20ba53c683_dwm.exe_04cf416e
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6002.18005_none_8f8f0d20ba53c683_dwmredir.dll_a25c13fe
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6002.18005_none_8f8f0d20ba53c683_uxsms.dll_ca422e1e
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_fr-fr_eb903bfd4edb3c4f_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.0.6002.18005_none_c92df35a758f4008_msobjs.dll_052c8a60
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.0.6002.18005_none_c92df35a758f4008_adtschema.dll_4cae41ac
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.0.6002.18005_none_c92df35a758f4008_auditpol.exe_83c870f4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.0.6002.18005_none_c92df35a758f4008_msaudite.dll_9eacd00a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32_31bf3856ad364e35_6.0.6002.18005_none_b79c8aada2c95ef1_comdlg32.dll_b1ffde97
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_95a95e4d536d53fa_kernel32.dll_ef9eca7e
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-feclient_31bf3856ad364e35_6.0.6002.18005_none_c0c58a3754b6a02c_feclient.dll_248fccac
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_lt-lt_bf12ba06fdc0c65b_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-smartcardsubsystem_31bf3856ad364e35_6.0.6002.18005_none_19e8b8b06714b3ae_certprop.dll_0b11a6d7
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-smartcardsubsystem_31bf3856ad364e35_6.0.6002.18005_none_19e8b8b06714b3ae_scarddlg.dll_b3dbecec
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-smartcardsubsystem_31bf3856ad364e35_6.0.6002.18005_none_19e8b8b06714b3ae_scardsvr.dll_b84d047c
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-browseui_31bf3856ad364e35_6.0.6002.18005_none_32ce5abee3779868_browseui.dll_7a6f3790
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6002.18005_none_26b9727abf452f46_winhttp.dll_6cd72d6e
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-shlwapi_31bf3856ad364e35_6.0.6002.18005_none_fbc52b10a1d0b696_shlwapi.dll_1eec0a2e
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_bg-bg_5aada723875ffbbf_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6002.18005_none_817ce6414e3f3a6f_mrxsmb.sys_cf1a02fc
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_de-de_a01c93216d042883_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6002.18005_none_5886e5e1b26f52ab_netio.sys_a06e75d0
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56_services.exe_abfc33da
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rpc-kernel_31bf3856ad364e35_6.0.6002.18005_none_c0f7fce17f085f3b_msrpc.sys_2e252236
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.0.6002.18005_none_13a1062aa9ccba61_kdcom.dll_db5e7744
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84_smb.sys_d745e761
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18082_none_6dc25a6eb1887137_ntoskrnl.exe_0fb0ab79
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18082_none_6dc25a6eb1887137_ntkrnlpa.exe_165c312a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-npfs_31bf3856ad364e35_6.0.6002.18005_none_a85cfde91a0cfe5b_npfs.sys_e6c97a48
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6002.18005_none_0b5dfb3fa4f88147_spsys.sys_95b9c9e3
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6002.18024_none_b5cf780142473936_rpcrt4.dll_5aa847dd
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_5fc9ce9deebdd9ef_ncrypt.dll_0f36c580
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.0.6002.18005_none_e533cab683a383fc_advapi32.dll_9512793c
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_sv-se_2e296b43a4103a4a_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-security-licensing-slc_31bf3856ad364e35_6.0.6002.18005_none_5062f685f6a7c614_slcinst.dll_c1ce9506
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-security-licensing-slc_31bf3856ad364e35_6.0.6002.18005_none_5062f685f6a7c614_slsvc.exe_c20dd835
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_ro-ro_8fc63542ae6c6d1f_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.18051_none_23c7b3565290c866_schannel.dll_7364eaa8
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-legacyhwui_31bf3856ad364e35_6.0.6002.18005_none_e45f9b6f4562b49a_hdwwiz.exe_b6a1c2df
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-legacyhwui_31bf3856ad364e35_6.0.6002.18005_none_e45f9b6f4562b49a_hdwwiz.cpl_b6a1dbdc
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_ar-sa_b46dc59a96dfaa68_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-imageanalysis_31bf3856ad364e35_6.0.6002.18005_none_4a4790c62744fde7_dbghelp.dll_417263a2
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-imageanalysis_31bf3856ad364e35_6.0.6002.18005_none_4a4790c62744fde7_dbgeng.dll_eefdd445
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-s..cardsubsystemclient_31bf3856ad364e35_6.0.6002.18005_none_1acff34f76bb03cb_winscard.dll_cfd3258d
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df_ntfs.sys_e80dca04
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18023_none_bac7525a97ba9a40_win32k.sys_0d7a6fb3
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_en-us_490d691a5be23448_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_it-it_d5b83244260d21cd_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6002.18005_none_78ed24422a0dc451_umpnpmgr.dll_112f9bb4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6002.18005_none_78ed24422a0dc451_drvinst.exe_6593e92a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6002.18005_none_78ed24422a0dc451_cfgmgr32.dll_7bc7e545
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.18005_none_13ce8bde797c36f2_tunmp.sys_39032989
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.18005_none_13ce8bde797c36f2_iphlpsvc.dll_805aaf49
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.18005_none_13ce8bde797c36f2_tunnel.sys_90392579
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_sk-sk_3149857ba2012219_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.0.6002.18005_none_a505176cf9fa2abd_powrprof.dll_480be757
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ldap-client_31bf3856ad364e35_6.0.6002.18005_none_f527c0a3538d7f27_wldap32.dll_09c99dc1
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.18005_none_8a59b9a693f7ed88_msxml3r.dll_d752d00e
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.18005_none_8a59b9a693f7ed88_msxml3.dll_eaee1698
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_ca-es_035edc847654f489_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_6.0.6002.18005_none_d39d29064e7e9d81_tabskb.dll_5eab4bf3
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_wow32.dll_b25ca40a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_winoldap.mod_b5cc0008
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6002.18005_none_09d569e703376473_bridgemigplugin.dll_4c0b8021
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6002.18005_none_09d569e703376473_bridge.sys_4e5f368e
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6002.18005_none_09d569e703376473_bridgeres.dll_55e40455
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6002.18005_none_09d569e703376473_bridgeunattend.exe_60b7e340
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6002.18005_none_09d569e703376473_brdgcfg.dll_9efdd2e3
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-setupapi_31bf3856ad364e35_6.0.6002.18005_none_36e0d2bcc35fa5a1_setupapi.dll_8d9de2e7
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-watchdog_31bf3856ad364e35_6.0.6002.18005_none_62546148a69ddcfd_watchdog.sys_6114703c
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-d..opwindowmanager-api_31bf3856ad364e35_6.0.6002.18005_none_e1fa5d993d1f2640_dwmapi.dll_2f4f8b34
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-d..opwindowmanager-api_31bf3856ad364e35_6.0.6002.18005_none_e1fa5d993d1f2640_milcore.dll_89763441
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18005_none_6e14a3ea0f1db90b_shell32.dll_0d29dca9
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.0.6002.18005_none_a29e34dbf412e9da_wmiaprpl.dll_5d18a476
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.0.6002.18005_none_a29e34dbf412e9da_winmgmt.exe_8f8eb7b1
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.0.6002.18005_none_a29e34dbf412e9da_wmisvc.dll_e91705b5
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f_tcpip.sys_3339bd51
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-eventlog.resources_31bf3856ad364e35_6.0.6002.18005_en-us_9ff2489ebdf0cf61_wevtsvc.dll.mui_f41bf7b7
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_nl-nl_02195a78e4ea304f_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6002.18106_none_c9469106a28244f5_msasn1.dll_e56dbc57
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasbase-rassstp_31bf3856ad364e35_6.0.6002.18005_none_9bbd28fee50e4840_rassstp.sys_1d5e8439
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasbase-rassstp_31bf3856ad364e35_6.0.6002.18005_none_9bbd28fee50e4840_sstpsvc.dll_80fe89ce
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6002.18005_none_347fb41db0752753_wiaservc.dll_08fa1e78
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6002.18005_none_347fb41db0752753_wiarpc.dll_5aecac54
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6002.18005_none_347fb41db0752753_sti.dll_d93e8a42
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6002.18005_none_347fb41db0752753_wiatrace.dll_dfb4e972
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741_winlogon.exe_ac37d0c5
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-t..-platform-libraries_31bf3856ad364e35_6.0.6002.18005_none_ec5c63f1986ff65e_iphlpapi.dll_7ae3573f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-t..-platform-libraries_31bf3856ad364e35_6.0.6002.18005_none_ec5c63f1986ff65e_icmp.dll_f0a9e399
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_lv-lv_bfe0288afd3f074b_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-userenv_31bf3856ad364e35_6.0.6002.18005_none_922be37f4864a4ee_userenv.dll_1a3a70b6
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6002.18005_none_cf0fe8f527aca355_ikeext.dll_3ac4406c
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6002.18005_none_cf0fe8f527aca355_bfe.dll_056865e3
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6002.18005_none_cf0fe8f527aca355_fwpkclnt.sys_cbbab82c
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6002.18005_none_cf0fe8f527aca355_fwpuclnt.dll_d0a74ee5
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-cryptui-dll_31bf3856ad364e35_6.0.6002.18005_none_87d9d46a95451e63_cryptui.dll_af347940
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_d340af2c9c07e8f9_msvcrt.dll_ee71f3d5
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_hr-hr_31cc967f33fdaa03_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-v..skservice.resources_31bf3856ad364e35_6.0.6002.18005_en-us_a3fc557ee9a08256_vdsutil.dll.mui_0caf9b0e
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-v..skservice.resources_31bf3856ad364e35_6.0.6002.18005_en-us_a3fc557ee9a08256_vds.exe.mui_2268d934
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6002.18005_none_8f1f941efeb1a97e_netapi32.dll_8b1e859a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e_user32.dll_55f4ed20
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-pshed_31bf3856ad364e35_6.0.6002.18005_none_5dde5c5c2a365a60_pshed.dll_f6ac239e
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_dosx.exe_0289485c
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_comm.drv_058e064e
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_wfwnet.drv_0736bd8b
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_win87em.dll_15e1bccd
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_olecli.dll_1780cf38
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_wowexec.exe_2490d926
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_mouse.drv_27155db9
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_timer.drv_2f83cbbb
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_fastopen.exe_34b8aa0e
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_mmsystem.dll_3ad74af3
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_edlin.exe_420aa87c
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_krnl386.exe_4fdf83ba
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_append.exe_511080a0
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_exe2bin.exe_584b170f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_netapi.dll_5b56af87
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_ctl3dv2.dll_68361404
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_wowdeb.exe_6873642a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_nlsfunc.exe_68d576d3
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_winnls.dll_6aeb9b19
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_vdmredir.dll_6eee2d39
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_winsock.dll_75ed695a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_setver.exe_7abd3967
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_drwatson.exe_8001ab8e
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_mscdexnt.exe_8f9c39da
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_winhelp.exe_95101231
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_system.drv_96e90a3f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_commdlg.dll_978ad2f3
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_sysedit.exe_9abddcf9
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_wifeman.dll_9e49fa7b
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_shell.dll_a7964274
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_keyboard.drv_a8ade301
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_graftabl.com_a9c93904
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_ntvdm.exe_aacb2a51
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_ddeml.dll_aefb322e
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_lanman.drv_b65845fb
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_ntvdmd.dll_b88af79f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_winspool.exe_af5728df
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_share.exe_bbb4488d
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_debug.exe_bdafe3af
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_sound.drv_c00d29cf
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_win.com_ca2eda11
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_ver.dll_cba0311d
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_vga.drv_ccdb802e
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_user.exe_d3d0cbc9
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_pmspl.dll_dd9ffb24
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_toolhelp.dll_df77ee65
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_mem.exe_e5748c01
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_lzexpand.dll_e8135238
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_csrstub.exe_f65f4340
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_gdi.exe_f661b558
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_mmtask.tsk_f97d0de1
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_redir.exe_fc890e02
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_edit.com_fc89ce91
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8_olesvr.dll_fde98489
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-udfs_31bf3856ad364e35_6.0.6002.18005_none_a865114f1a057c30_udfs.sys_cf08a343
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.0.6002.18005_none_22622b2203060735_werdiagcontroller.dll_208f2db3
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.0.6002.18005_none_22622b2203060735_wer.dll_c8c67db6
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.0.6002.18005_none_22622b2203060735_wermgr.exe_d92a3b6c
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-profsvc_31bf3856ad364e35_6.0.6002.18005_none_fd9cd0792fced6f5_profsvc.dll_a428cc3f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-profsvc_31bf3856ad364e35_6.0.6002.18005_none_fd9cd0792fced6f5_profprov.dll_dd5044f6
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-commonlog_31bf3856ad364e35_6.0.6002.18005_none_806e13b924add141_clfs.sys_04dfdff9
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_ko-kr_1b478e060b98fabe_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_eu-es_48c326265c195dcf_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6002.18005_none_0ddef622f289ad43_authui.dll_05ff9fd2
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e_scecli.dll_149e0f7b
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_el-gr_48b2c0b45c199111_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db_lsasrv.dll_56db747f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db_lsass.exe_682060de
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db_secur32.dll_8d4d0a15
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db_ksecdd.sys_dfd5d421
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.0.6002.18005_none_2a0edaeae4247151_gpapi.dll_868dd225
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.0.6002.18005_none_2a0edaeae4247151_gpsvc.dll_970be02b
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_pt-br_4aa99f9ec89631e7_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_ae26210916536b06_smss.exe_d7209c3a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_ja-jp_77ddb151192833a8_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db_bcrypt.dll_e2f091ac
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-mpr_31bf3856ad364e35_6.0.6002.18005_none_afc1427e55131ced_mpr.dll_e8c35b01
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6002.18005_none_0f010d1ce79c5ae9_rtutils.dll_243724ab
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-cmi_31bf3856ad364e35_6.0.6002.18005_none_abb9c35457aca9e5_cmiv2.dll_be06aa9f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasbase-ndiswan_31bf3856ad364e35_6.0.6002.18005_none_f52409cd546c939a_ndiswan.sys_4be8047f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1_netbtugc.exe_825f4f74
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1_netbt.sys_9226f314
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-x..ificateenrollmentui_31bf3856ad364e35_6.0.6002.18005_none_2c5cc2eac5ea9147_certenrollui.dll_7114147c
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_th-th_d3338cf69554f78b_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6002.18005_none_6b24103689ec6965_winload.exe_75835076
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6002.18005_none_6b24103689ec6965_setbcdlocale.dll_77bec53b
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6002.18005_none_6b24103689ec6965_winresume.exe_85cd1215
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6002.18005_none_ae092067ef732bd0_ole32.dll_e9dcc2e3
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rasbase-raspppoe_31bf3856ad364e35_6.0.6002.18005_none_581efd2c97b9a460_raspppoe.sys_5bc9d88d
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_pl-pl_4855b4faca0c9e03_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_networking-mpssvc-svc_31bf3856ad364e35_6.0.6002.18005_none_9bffb484c4fe88e5_wfapigp.dll_4a104032
Hidden: file C:\Windows\winsxs\Backup\x86_networking-mpssvc-svc_31bf3856ad364e35_6.0.6002.18005_none_9bffb484c4fe88e5_icfupgd.dll_4a6a1bee
Hidden: file C:\Windows\winsxs\Backup\x86_networking-mpssvc-svc_31bf3856ad364e35_6.0.6002.18005_none_9bffb484c4fe88e5_mpssvc.dll_662b267c
Hidden: file C:\Windows\winsxs\Backup\x86_networking-mpssvc-svc_31bf3856ad364e35_6.0.6002.18005_none_9bffb484c4fe88e5_mpsdrv.sys_77874865
Hidden: file C:\Windows\winsxs\Backup\x86_networking-mpssvc-svc_31bf3856ad364e35_6.0.6002.18005_none_9bffb484c4fe88e5_firewallapi.dll_b7801b42
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6002.18051_none_b7718b8f1c41b9a8_t2embed.dll_66e8486f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-s..lc-client.resources_31bf3856ad364e35_6.0.6002.18005_en-us_5e1ef73201b99071_slc.dll.mui_dc24f809
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988_rpcss.dll_fd3e269b
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.0.6002.18005_none_f6ed1a9a1bcc8805_modemmigplugin.dll_6b9e1a82
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.0.6002.18005_none_f6ed1a9a1bcc8805_modemui.dll_a2c099ac
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.0.6002.18005_none_f6ed1a9a1bcc8805_serialui.dll_bea29328
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.0.6002.18005_none_f6ed1a9a1bcc8805_mdminst.dll_c042c93a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.0.6002.18005_none_f6ed1a9a1bcc8805_uicom.dll_d72e5b75
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6002.18005_none_8a59754e93f83a6b_msxml6r.dll_d8460bdb
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6002.18005_none_8a59754e93f83a6b_msxml6.dll_ebe15265
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-s..entication-usermode_31bf3856ad364e35_6.0.6002.18005_none_3c0d3c3f7176376a_authz.dll_c0d80602
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-s..entication-usermode_31bf3856ad364e35_6.0.6002.18005_none_3c0d3c3f7176376a_ntmarta.dll_cd048e61
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.0.6002.18005_none_da20c77601bf260a_memtest.exe_01d80391
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6002.18005_none_d6fc7cca49dba20f_shimeng.dll_2036b947
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6002.18005_none_d6fc7cca49dba20f_apphelp.dll_7ce69c4a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6002.18005_none_d6fc7cca49dba20f_sdbinst.exe_8725e339
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6002.18005_none_d6fc7cca49dba20f_aelupsvc.dll_f420497b
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864_ndismigplugin.dll_7aadce98
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864_ndis.sys_e2e1846f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ntvdm-vdmdbg_31bf3856ad364e35_6.0.6002.18005_none_50b897cb80d4ae0e_vdmdbg.dll_232a4cf0
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_sr-..-cs_cfe523c61bf39844_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_et-ee_4298918e600f027c_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6002.18005_none_63710ee88c7b7604_netiomig.dll_917b9a36
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6002.18005_none_63710ee88c7b7604_netiougc.exe_94123cfe
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6002.18005_none_63710ee88c7b7604_tcpipcfg.dll_e3a99e8a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_es-es_48d8c5fe5c0925ed_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6002.18005_none_48cb48f3b060c975_srdelayed.exe_3676d72d
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6002.18005_none_48cb48f3b060c975_srcore.dll_58a927f6
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6002.18005_none_48cb48f3b060c975_rstrui.exe_dfa7225b
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6002.18005_none_48cb48f3b060c975_srclient.dll_f0619fc4
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6002.18005_none_beeba399f89bfe74_oleaut32.dll_730e3d41
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_pt-pt_4b8b6f0ac805a1c3_msimsg.dll.mui_72e8994f
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.18005_none_aee5f21a559e2b7a_usp10.dll_8785b649
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6002.18005_none_45f9f0dde92709b8_polstore.dll_6cd3e56e
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6002.18005_none_45f9f0dde92709b8_ipsecsvc.dll_7136601a
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6002.18005_none_45f9f0dde92709b8_winipsec.dll_abfff1a2
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6002.18005_none_45f9f0dde92709b8_fwremotesvr.dll_afaa5ea8
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-rdbss_31bf3856ad364e35_6.0.6002.18005_none_5bc050d85e8b3ae0_rdbss.sys_f97a2535
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH5176.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHD62F.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHB6CD.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH86C8.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH62A6.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH86E8.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHD64F.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH4A85.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH4AA4.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH4A75.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DivB25.tmp\DivXInstaller.exe
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH86CA.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHD642.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH30C0.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH4A87.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH515A.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHD604.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH86DC.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH514B.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHD672.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH4AA7.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH517B.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH86AE.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH513D.tmp
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_bg-bg_13af6ac31f5178e1_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_cs-cz_beb8e15e0cd9550c_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_it-it_8eb9f5e3bdfe9eef_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_ja-jp_30df74f0b119b0ca_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_sl-si_e95d6ad33a8cb21e_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_pl-pl_0157789a61fe1b25_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_pt-pt_048d32aa5ff71ee5_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_es-es_01da899df3faa30f_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_de-de_591e56c104f5a5a5_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_zh-hk_60408fb5dbd0fe0c_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_zh-cn_61959727daf58b7c_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_zh-tw_6591d47dd86667ec_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_ar-sa_6d6f893a2ed1278a_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleacc_31bf3856ad364e35_6.0.6002.18156_none_6c3b296e1fad2902_oleacc.dll_2f3fa5bf
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_ro-ro_48c7f8e2465dea41_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_ru-ru_4b30446e44d8ad11_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_et-ee_fb9a552df8007f9e_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc_31bf3856ad364e35_6.0.6002.18156_none_7ae05aee84ac8b45_oleaccrc.dll_9ef40826
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_lt-lt_78147da695b2437d_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_lv-lv_78e1ec2a9530846d_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_nb-no_bcdbd2da7bafa39c_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_sv-se_e72b2ee33c01b76c_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_fi-fi_a0f58e4ae9149539_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_fr-fr_a491ff9ce6ccb971_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_da-dk_5bf2c185031f510b_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_sk-sk_ea4b491b39f29f3b_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_ko-kr_d44951a5a38a77e0_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_he-il_e8b1a73ecd3bba5f_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_sr-..-cs_88e6e765b3e51566_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_pt-br_03ab633e6087af09_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_uk-ua_2c185bd121eedfa9_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_th-th_8c3550962d4674ad_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_tr-tr_9038792a2abdb95d_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_el-gr_01b48453f40b0e33_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_nl-nl_bb1b1e187cdbad71_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_hr-hr_eace5a1ecbef2725_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_hu-hu_ec027fe4cb2c888d_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.0.6002.18156_en-us_020f2cb9f3d3b16a_oleaccrc.dll.mui_26339d25
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-lddmcore.resources_31bf3856ad364e35_7.0.6002.18107_en-us_8e6344c69e111477_dxgkrnl.sys.mui_5e9c2be2
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-lddmcore_31bf3856ad364e35_7.0.6002.18107_none_9f26906a6b93696c_cdd.dll_01f58cd5
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-lddmcore_31bf3856ad364e35_7.0.6002.18107_none_9f26906a6b93696c_dxgkrnl.sys_8aad3dfb
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-d2d_31bf3856ad364e35_7.0.6002.18107_none_9afade8fe3f79d22_d2d1.dll_ef77984b
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH86EB.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHB637.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH30A4.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH629C.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHFCB9.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH86CE.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHFD07.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHB685.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHD626.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHFC9A.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHB6C4.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHA91E.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH6220.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHFD.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHFCC.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHB667.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHFCD9.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH7082.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHB639.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH514F.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHA94E.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHB648.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH517E.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH62C.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH70C1.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH5150.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH3097.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHD638.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHFCCA.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH6250.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH4A7.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHA8B3.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH3049.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHD667.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH8683.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHA97E.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHB62B.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHD639.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHFCAC.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH30B7.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHFCF.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH5171.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH7111.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH62EE.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH7085.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHA8C4.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHA903.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHB65B.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHD678.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH5123.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH86F2.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH5153.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHA970.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH8695.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH6244.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH307B.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH70A6.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH70B6.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH30C9.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH86A6.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH306.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH5125.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH70F5.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH8687.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH4A91.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH30AB.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH62B3.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH4A53.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHB66E.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH6265.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH4A82.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH5156.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH70E7.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHA88A.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHFCD1.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHFD0F.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH62E3.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHD67D.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH7154.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH6266.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHB67F.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH305F.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHFD00.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH868A.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH867A.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH4A84.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHD68D.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHFCE1.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH5167.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH6248.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHA9A4.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHB613.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHD66E.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH627.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH30B0.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHB6EF.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH4A67.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHD68.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH62A8.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH512B.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH62C8.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH30C.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH869D.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH712A.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH62E7.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHB692.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH628.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHA988.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH70CD.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH70BD.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHFC98.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH70DD.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHB6E1.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHD682.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH709E.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH4A98.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHD643.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHA8C.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHD663.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHB675.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH516C.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHB694.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHD615.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH4A7A.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH7090.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH30D2.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH4A6A.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHFCD7.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH3094.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH86AF.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH515D.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH70EE.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH30B3.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH3037.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH62EA.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHA9AA.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHFCF7.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH7091.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH70A1.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHA90F.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHA97C.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHA8EF.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH625F.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH516E.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWH30D4.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHFC9B.tmp
Hidden: file C:\Users\Ryan\AppData\Local\Temp\DWHA8D1.tmp
Info: Starting disk scan of D: (NTFS).
Info: Starting disk scan of F: (FAT).
Stopped logging on 11/3/2009 at 3:19:25 AM

#8 Purgatorios

Topic Starter

Members
29 posts
OFFLINE

Local time:05:54 AM

Posted 05 November 2009 - 01:56 PM

Here's the OTL custom fix log:

========== OTL ==========
Registry delete failed. HEKY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-8439818098-2080355288-076337672-6009\dllrun32.exe scheduled to be deleted on reboot.
Registry delete failed. HEKY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:"C:\Users\Ryan\fbbv.exe" scheduled to be deleted on reboot.

OTL by OldTimer - Version 3.0.22.1 log created on 11052009_031312

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Registry delete failed. :HEKY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-8439818098-2080355288-076337672-6009\dllrun32.exe scheduled to be deleted on reboot.
Registry delete failed. :HEKY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:"C:\Users\Ryan\fbbv.exe" scheduled to be deleted on reboot.

And here's the OTL follow-up scan log:

OTL logfile created on: 11/5/2009 3:22:27 AM - Run 3
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Users\Ryan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.67% Memory free
4.00 Gb Paging File | 3.15 Gb Available in Paging File | 78.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.21 Gb Total Space | 21.25 Gb Free Space | 21.42% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.23 Gb Free Space | 62.26% Space Free | Partition Type: NTFS
Drive E: | 679.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RYAN
Current User Name: Ryan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\OMNIC\ThermoBenchService.exe (Thermo Electron Corporation)
PRC - C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe (SanDisk)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Users\Ryan\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Users\Ryan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\STacSV.exe (SigmaTel, Inc.)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\WMIADAP.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
PRC - C:\Windows\System32\WLTRYSVC.EXE ()
PRC - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DellAMBrokerService [On_Demand | Stopped]) -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe ()
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache [On_Demand | Stopped]) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (nvsvc [Auto | Running]) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RapiMgr [Auto | Running]) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (SmcService [Auto | Running]) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC [On_Demand | Stopped]) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (sprtsvc_dellsupportcenter [Auto | Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (STacSV [Auto | Running]) -- C:\Windows\System32\STacSV.exe (SigmaTel, Inc.)
SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (TMSRVC [Auto | Running]) -- C:\Program Files\OMNIC\ThermoBenchService.exe (Thermo Electron Corporation)
SRV - (WcesComm [Auto | Running]) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (wltrysvc [Auto | Running]) -- C:\Windows\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (b57nd60x [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\b57nd60x.sys (Broadcom Corporation)
DRV - (BCM43XX [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\bcmwl6.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (btwaudio [On_Demand | Running]) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwavdt [On_Demand | Running]) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (COH_Mon [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\COH_Mon.sys (Symantec Corporation)
DRV - (datunidr [Auto | Running]) -- C:\Windows\System32\DRIVERS\datunidr.sys (Gteko Ltd.)
DRV - (e1express [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\e1e6032.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (iaStorV [Boot | Running]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091104.009\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091104.009\NAVEX15.SYS (Symantec Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NuidFltr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (PalmUSBD [On_Demand | Stopped]) -- C:\Windows\System32\drivers\PalmUSBD.sys (Palm, Inc.)
DRV - (Point32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\point32k.sys (Microsoft Corporation)
DRV - (PTproct [On_Demand | Stopped]) -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys (Gteko Ltd.)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (R300 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\System32\DRIVERS\rixdptsk.sys (REDC)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (sptd [Boot | Running]) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SRTSP [System | Running]) -- C:\Windows\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\Windows\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (STHDA [On_Demand | Running]) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (SymEvent [On_Demand | Running]) -- C:\Windows\System32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (tatertot [On_Demand | Stopped]) -- C:\Windows\System32\drivers\tatertot.sys ()
DRV - (tatertot.scr [On_Demand | Stopped]) -- C:\Windows\System32\drivers\tatertot.scr.sys ()
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\Ryan\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=3071214
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=3071214
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/11 19:52:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/29 00:28:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/18 17:56:19 | 00,000,000 | ---D | M]

[2009/06/13 12:17:56 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\mozilla\Extensions
[2009/06/13 12:17:56 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/25 17:13:49 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\mozilla\Firefox\Profiles\oib1us2g.default\extensions
[2009/08/14 05:56:45 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\mozilla\Firefox\Profiles\oib1us2g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/15 00:48:29 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\mozilla\Firefox\Profiles\oib1us2g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/07 17:12:45 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\mozilla\Firefox\Profiles\oib1us2g.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/07/02 16:13:23 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\mozilla\Firefox\Profiles\oib1us2g.default\extensions\elemhidehelper@adblockplus.org
[2009/10/18 17:39:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/25 22:38:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/08 16:24:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/10/18 17:39:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/06/13 12:17:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\inspector@mozilla.org
[2009/06/13 12:17:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2009/09/25 22:38:04 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/25 22:38:04 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/13 16:16:26 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/10/18 17:38:42 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/07/13 16:15:48 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/07/13 16:15:58 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/12/19 04:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/09/25 22:38:05 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/10/02 21:13:10 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/09/29 00:28:48 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/09/09 21:04:05 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/09 21:04:05 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/09 21:04:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/09 21:04:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/09 21:04:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/09 21:04:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/09 21:04:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/09/29 00:28:55 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/09/29 00:28:45 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/07/13 16:16:26 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/06/13 12:17:45 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/13 12:17:45 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/13 12:17:45 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/13 12:17:45 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/13 12:17:45 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/13 12:17:45 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OTL] C:\Users\Ryan\Desktop\OTL.exe (OldTimer Tools)
O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-8439818098-2080355288-076337672-6009\dllrun32.exe) - C:\RECYCLER\S-1-5-21-8439818098-2080355288-076337672-6009\dllrun32.exe File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - ("C:\Users\Ryan\fbbv.exe") - C:\Users\Ryan\fbbv.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{33c80e46-c8bd-11de-8cc6-001dd9e71551}\Shell\AutoRun\command - "" = _cache.tmp/game.exe
O33 - MountPoints2\{33c80e46-c8bd-11de-8cc6-001dd9e71551}\Shell\eXpLorE\cOMMand - "" = _cache.tmp/game.exe
O33 - MountPoints2\{33c80e46-c8bd-11de-8cc6-001dd9e71551}\Shell\oPen\CoMMAnd - "" = _cache.tmp/game.exe
O33 - MountPoints2\{6f9b534c-b285-11de-aee3-001dd9e71551}\Shell\AutoRun\command - "" = I:\tmp.folder\restore.exe -- File not found
O33 - MountPoints2\{6f9b534c-b285-11de-aee3-001dd9e71551}\Shell\ExploRE\CoMmaNd - "" = I:\tmp.folder\restore.exe -- File not found
O33 - MountPoints2\{6f9b534c-b285-11de-aee3-001dd9e71551}\Shell\OPeN\commAnd - "" = I:\tmp.folder\restore.exe -- File not found
O33 - MountPoints2\{82e4def8-92cf-11de-83a8-001c23fb81ca}\Shell\AutoRun\command - "" = tmp.folder/restore.exe
O33 - MountPoints2\{82e4def8-92cf-11de-83a8-001c23fb81ca}\Shell\ExploRE\CoMmaNd - "" = tmp.folder/restore.exe
O33 - MountPoints2\{82e4def8-92cf-11de-83a8-001c23fb81ca}\Shell\OPeN\commAnd - "" = tmp.folder/restore.exe
O33 - MountPoints2\{c3eeff6b-69be-11de-8058-001dd9e71551}\Shell - "" = AutoRun
O33 - MountPoints2\{c3eeff6b-69be-11de-8058-001dd9e71551}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\{f9e4932b-5551-11de-9071-001dd9e71551}\Shell\AutoRun\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\{f9e4932b-5551-11de-9071-001dd9e71551}\Shell\explore\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\{f9e4932b-5551-11de-9071-001dd9e71551}\Shell\open\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\{f9e49344-5551-11de-9071-001dd9e71551}\Shell\AutoRun\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\{f9e49344-5551-11de-9071-001dd9e71551}\Shell\explore\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\{f9e49344-5551-11de-9071-001dd9e71551}\Shell\open\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\H\Shell\AutoRun\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\H\Shell\explore\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\H\Shell\open\command - "" = folder.tmp/tmp.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/27 22:09:51 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/10/27 21:45:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/10/12 15:35:45 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/10/29 10:50:00 | 00,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\dvdcss
[2009/10/18 17:57:09 | 00,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\OpenOffice.org
[2009/10/27 21:45:47 | 00,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Skype
[2009/10/27 21:50:16 | 00,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\skypePM
[2009/10/12 15:33:57 | 00,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\SUPERAntiSpyware.com
[2009/10/27 21:45:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/10/12 15:25:48 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/10/18 17:44:11 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2009/10/27 22:11:26 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2009/10/18 17:42:04 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2009/10/19 16:55:37 | 00,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2009/10/27 21:45:24 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/11/01 12:14:17 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/10/12 15:33:57 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/28 21:22:40 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/11/05 03:13:12 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/04 01:57:38 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/11/04 01:57:37 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/11/03 13:50:31 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Documents\CHEM 343
[2009/10/31 13:45:22 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/10/31 13:00:56 | 17,017,130 | ---- | C] (Symantec Corporation ) -- C:\Users\Ryan\Desktop\SAV32_1109To1567_clientMSPMSI.exe
[2009/10/30 11:23:10 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2009/10/28 21:14:53 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2009/10/28 21:14:52 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2009/10/28 21:14:52 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2009/10/28 21:13:53 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/10/28 21:13:53 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2009/10/28 21:13:52 | 00,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/10/28 21:13:52 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/10/28 21:13:50 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/10/28 21:13:50 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2009/10/28 21:13:50 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2009/10/28 21:13:50 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/10/28 21:13:50 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009/10/28 21:13:50 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2009/10/28 21:13:50 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/10/28 21:13:50 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2009/10/28 21:13:50 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/10/28 21:13:49 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2009/10/28 21:13:49 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2009/10/28 21:13:49 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2009/10/28 21:13:49 | 00,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2009/10/28 21:13:49 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/10/28 21:13:49 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2009/10/28 21:13:49 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009/10/28 21:13:49 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2009/10/28 21:13:49 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2009/10/28 21:13:48 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2009/10/28 21:13:48 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2009/10/28 21:13:48 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2009/10/28 21:13:48 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2009/10/28 21:13:48 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2009/10/28 21:12:44 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2009/10/28 21:12:43 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdbusenum.dll
[2009/10/28 21:12:43 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2009/10/28 21:12:33 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2009/10/28 21:12:28 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2009/10/28 21:12:27 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2009/10/28 21:12:27 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WpdUsb.sys
[2009/10/28 21:12:26 | 02,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdshext.dll
[2009/10/28 21:12:26 | 00,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/10/28 21:12:26 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2009/10/28 21:12:26 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/10/28 21:12:26 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2009/10/28 21:12:26 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2009/10/28 21:12:26 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/10/28 21:12:26 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/10/28 21:12:26 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll
[2009/10/28 21:09:29 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009/10/28 21:09:27 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009/10/28 21:09:27 | 00,234,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
[2009/10/28 06:57:46 | 10,627,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/10/28 06:57:42 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2009/10/28 06:57:39 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/10/27 22:10:29 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/10/26 20:53:14 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\AP Kinetics
[2009/10/20 20:48:34 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/10/20 20:48:34 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/10/20 20:48:24 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/10/18 19:05:15 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\cucdcr
[2009/10/18 17:39:45 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/10/18 17:39:45 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/10/18 17:39:45 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/10/18 17:27:42 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\OpenOffice.org 3.1 (en-US) Installation Files
[2009/10/18 17:00:01 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\groupreport
[2009/10/15 10:06:22 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/10/15 10:06:21 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/10/15 10:06:21 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/10/15 10:06:21 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/10/15 10:06:21 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/10/15 10:06:20 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/10/15 10:06:20 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/10/15 10:06:20 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/10/15 10:06:20 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/10/15 10:06:20 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/10/15 10:06:19 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/10/15 10:06:19 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/10/15 10:06:19 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/10/15 10:06:19 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/10/15 10:06:19 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/10/15 10:06:19 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/10/15 10:06:19 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/10/15 10:06:19 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/10/15 10:05:33 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/10/15 10:05:22 | 03,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/10/15 10:05:21 | 03,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/10/15 10:03:43 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/10/15 10:03:40 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/10/15 10:03:37 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL

========== Files - Modified Within 30 Days ==========

[2009/11/05 03:29:59 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D98DA5A6-DD2C-43C3-B24F-11905611C603}.job
[2009/11/05 03:22:34 | 03,633,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/05 03:22:34 | 01,185,904 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/05 03:22:33 | 01,234,072 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/05 03:19:07 | 00,088,672 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/05 03:17:11 | 00,088,672 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/05 03:16:36 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/05 03:16:32 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/05 03:16:31 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/05 03:16:22 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/05 03:15:57 | 21,455,83104 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/05 03:14:25 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/11/04 07:25:42 | 00,011,264 | ---- | M] () -- C:\Users\Ryan\Desktop\FresnoWalkout.doc
[2009/11/03 17:45:16 | 02,522,792 | -H-- | M] () -- C:\Users\Ryan\AppData\Local\IconCache.db
[2009/11/03 09:25:54 | 00,070,993 | ---- | M] () -- C:\Users\Ryan\Documents\CHEM 422 Xylene.docx
[2009/11/03 09:24:14 | 00,014,443 | ---- | M] () -- C:\Users\Ryan\Documents\CHEM 422 Xylene Quantitative Calcs.xlsx
[2009/11/02 23:08:24 | 00,093,696 | ---- | M] () -- C:\Users\Ryan\Documents\CHEM 422 Xylene.doc
[2009/11/02 15:06:22 | 00,043,008 | ---- | M] () -- C:\Users\Ryan\Desktop\RiboFlavin Photochemistry.xls
[2009/11/02 15:06:22 | 00,000,082 | ---- | M] () -- C:\Users\Ryan\Desktop\._RiboFlavin Photochemistry.xls
[2009/11/02 02:49:22 | 00,001,734 | -H-- | M] () -- C:\Users\Ryan\Documents\Default.rdp
[2009/11/02 02:45:35 | 01,255,795 | ---- | M] () -- C:\Users\Ryan\Desktop\Whelan LanTech Server Monitoring 09-09.pdf
[2009/11/02 02:40:34 | 01,507,169 | ---- | M] () -- C:\Users\Ryan\Desktop\Paragon LanTech Server Monitoring 09-09.pdf
[2009/11/02 02:35:59 | 01,240,923 | ---- | M] () -- C:\Users\Ryan\Desktop\Mastagni LanTech Server Monitoring 09-09.pdf
[2009/11/02 02:31:48 | 01,258,220 | ---- | M] () -- C:\Users\Ryan\Desktop\Harrison LanTech Server Monitoring 09-09.pdf
[2009/11/02 02:26:29 | 01,220,257 | ---- | M] () -- C:\Users\Ryan\Desktop\Haley LanTech Server Monitoring.pdf
[2009/11/01 23:08:11 | 00,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2009/11/01 23:08:11 | 00,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2009/11/01 22:05:22 | 00,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3041016070-1017456950-1424249797-1001Core1ca5b8276803430.job
[2009/11/01 12:07:12 | 01,339,288 | ---- | M] () -- C:\Users\Ryan\Desktop\sar_15_sfx.exe
[2009/10/31 17:37:12 | 00,008,709 | ---- | M] () -- C:\Users\Ryan\Desktop\LanTech Hours.xlsx
[2009/10/31 16:31:17 | 00,795,746 | ---- | M] () -- C:\Users\Ryan\Desktop\woms_713_f08_f6 (1).pdf
[2009/10/31 13:45:02 | 33,609,2333 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/10/31 13:02:58 | 17,017,130 | ---- | M] (Symantec Corporation ) -- C:\Users\Ryan\Desktop\SAV32_1109To1567_clientMSPMSI.exe
[2009/10/31 12:49:06 | 00,291,328 | ---- | M] () -- C:\Users\Ryan\Desktop\89mz50xm.exe
[2009/10/31 12:47:00 | 00,000,000 | ---- | M] () -- C:\Windows\System32\null
[2009/10/30 11:23:11 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2009/10/30 03:05:22 | 00,000,162 | -H-- | M] () -- C:\Users\Ryan\Desktop\~$8_review_exam_2.doc
[2009/10/30 03:05:06 | 00,084,992 | ---- | M] () -- C:\Users\Ryan\Desktop\328_review_exam_2.doc
[2009/10/29 11:52:13 | 00,050,176 | ---- | M] () -- C:\Users\Ryan\Desktop\Foreign Outreach Centralized Info.xls
[2009/10/28 21:53:55 | 00,021,504 | -H-- | M] () -- C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/28 21:22:02 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/10/28 21:21:10 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/10/28 21:01:59 | 00,040,960 | ---- | M] () -- C:\Users\Ryan\Documents\Brain Worksheet.doc
[2009/10/28 21:01:27 | 00,029,452 | ---- | M] () -- C:\Users\Ryan\Documents\Brain Worksheet.docx
[2009/10/27 21:50:17 | 00,000,048 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2009/10/26 17:50:05 | 00,053,248 | ---- | M] () -- C:\Users\Ryan\Desktop\Foreign Contacts (1).doc
[2009/10/26 17:42:30 | 00,072,192 | ---- | M] () -- C:\Users\Ryan\Desktop\SUP ROLES! new.doc
[2009/10/26 15:39:51 | 00,795,746 | ---- | M] () -- C:\Users\Ryan\Desktop\woms_713_f08_f6.pdf
[2009/10/23 15:32:35 | 00,093,515 | ---- | M] () -- C:\Users\Ryan\Desktop\09.docx
[2009/10/23 12:21:59 | 00,056,320 | ---- | M] () -- C:\Users\Ryan\Desktop\March 18th Talking Points.doc
[2009/10/23 12:21:45 | 00,063,488 | ---- | M] () -- C:\Users\Ryan\Desktop\Actual Proposal 318.doc
[2009/10/22 11:19:30 | 00,039,424 | ---- | M] () -- C:\Users\Ryan\Desktop\SFSU General Assembly October 21, 2009.doc
[2009/10/22 00:21:13 | 00,346,924 | ---- | M] () -- C:\Users\Ryan\Desktop\Call of Cthulhu Savegame.zip
[2009/10/21 02:40:08 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/21 00:19:16 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/10/20 21:00:52 | 00,398,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/10/20 19:57:57 | 00,010,104 | ---- | M] () -- C:\Users\Ryan\Documents\CHEM 422 FAAS Results Abstract.docx
[2009/10/20 19:39:40 | 00,021,504 | ---- | M] () -- C:\Users\Ryan\Desktop\tables for method.doc
[2009/10/20 19:38:46 | 00,181,384 | ---- | M] () -- C:\Users\Ryan\Desktop\es802544n.pdf
[2009/10/20 07:55:41 | 00,129,024 | ---- | M] () -- C:\Users\Ryan\Documents\CHEM 422 FAAS.doc
[2009/10/20 07:55:22 | 00,024,677 | ---- | M] () -- C:\Users\Ryan\Documents\CHEM 422 FAAS.docx
[2009/10/19 22:00:38 | 00,053,248 | ---- | M] () -- C:\Users\Ryan\Desktop\Foreign Contacts.doc
[2009/10/19 21:52:29 | 02,617,480 | ---- | M] () -- C:\Users\Ryan\Desktop\1-01 The Birds and the Bees - Thinking about Sex and Gender.mp3
[2009/10/19 21:32:23 | 00,062,976 | ---- | M] () -- C:\Users\Ryan\Desktop\Minutes101509.doc
[2009/10/19 17:13:22 | 00,331,264 | ---- | M] () -- C:\Users\Ryan\Desktop\dds.scr
[2009/10/19 17:00:35 | 00,106,424 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2009/10/19 16:56:32 | 00,041,420 | ---- | M] () -- C:\Users\Ryan\Desktop\dixml.chm
[2009/10/19 16:55:47 | 00,000,914 | ---- | M] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2009/10/19 09:10:30 | 01,044,464 | ---- | M] () -- C:\Users\Ryan\Desktop\How to write journal articles F09 iLearn.pptm
[2009/10/19 09:10:24 | 00,049,152 | ---- | M] () -- C:\Users\Ryan\Desktop\CHEM 422 LAB REPORTS.doc
[2009/10/18 19:06:16 | 00,047,104 | ---- | M] () -- C:\Users\Ryan\Desktop\grad_spreadsheet.doc
[2009/10/18 19:04:52 | 00,011,697 | ---- | M] () -- C:\Users\Ryan\Desktop\cucdcr.rar
[2009/10/18 17:38:35 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/10/18 17:38:35 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/10/18 17:38:35 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/10/18 17:38:34 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/10/18 17:33:05 | 00,001,800 | ---- | M] () -- C:\Users\Ryan\Desktop\Monitoring.RDP
[2009/10/18 16:59:18 | 00,049,483 | ---- | M] () -- C:\Users\Ryan\Desktop\groupreport.rar
[2009/10/18 16:26:47 | 12,524,032 | ---- | M] () -- C:\Users\Ryan\Desktop\Persistent Fall whole 10.17.09.doc
[2009/10/17 19:51:11 | 00,002,039 | ---- | M] () -- C:\Users\Ryan\Desktop\Google Chrome.lnk
[2009/10/17 18:21:31 | 00,034,816 | ---- | M] () -- C:\Windows\System32\drivers\tatertot.scr.sys
[2009/10/17 16:40:45 | 00,034,816 | ---- | M] () -- C:\Windows\System32\drivers\tatertot.sys
[2009/10/08 15:12:09 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\dxgkrnl.sys.mui
[2009/10/08 13:08:01 | 00,555,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009/10/08 13:08:01 | 00,234,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
[2009/10/08 13:07:59 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009/10/07 07:04:49 | 00,019,827 | ---- | M] () -- C:\Users\Ryan\Documents\Sentence Completion Responses.docx

========== Files - No Company Name ==========
[2009/11/04 07:25:42 | 00,011,264 | ---- | C] () -- C:\Users\Ryan\Desktop\FresnoWalkout.doc
[2009/11/03 10:20:38 | 02,522,792 | -H-- | C] () -- C:\Users\Ryan\AppData\Local\IconCache.db
[2009/11/02 23:17:07 | 00,070,993 | ---- | C] () -- C:\Users\Ryan\Documents\CHEM 422 Xylene.docx
[2009/11/02 15:54:22 | 00,014,443 | ---- | C] () -- C:\Users\Ryan\Documents\CHEM 422 Xylene Quantitative Calcs.xlsx
[2009/11/02 14:57:30 | 00,043,008 | ---- | C] () -- C:\Users\Ryan\Desktop\RiboFlavin Photochemistry.xls
[2009/11/02 14:57:30 | 00,000,082 | ---- | C] () -- C:\Users\Ryan\Desktop\._RiboFlavin Photochemistry.xls
[2009/11/02 02:45:33 | 01,255,795 | ---- | C] () -- C:\Users\Ryan\Desktop\Whelan LanTech Server Monitoring 09-09.pdf
[2009/11/02 02:40:32 | 01,507,169 | ---- | C] () -- C:\Users\Ryan\Desktop\Paragon LanTech Server Monitoring 09-09.pdf
[2009/11/02 02:35:53 | 01,240,923 | ---- | C] () -- C:\Users\Ryan\Desktop\Mastagni LanTech Server Monitoring 09-09.pdf
[2009/11/02 02:31:46 | 01,258,220 | ---- | C] () -- C:\Users\Ryan\Desktop\Harrison LanTech Server Monitoring 09-09.pdf
[2009/11/02 02:26:22 | 01,220,257 | ---- | C] () -- C:\Users\Ryan\Desktop\Haley LanTech Server Monitoring.pdf
[2009/11/01 23:07:09 | 00,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2009/11/01 23:07:09 | 00,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2009/11/01 22:05:22 | 00,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3041016070-1017456950-1424249797-1001Core1ca5b8276803430.job
[2009/11/01 12:07:12 | 01,339,288 | ---- | C] () -- C:\Users\Ryan\Desktop\sar_15_sfx.exe
[2009/10/31 16:31:17 | 00,795,746 | ---- | C] () -- C:\Users\Ryan\Desktop\woms_713_f08_f6 (1).pdf
[2009/10/31 15:14:14 | 00,008,709 | ---- | C] () -- C:\Users\Ryan\Desktop\LanTech Hours.xlsx
[2009/10/31 13:51:38 | 21,455,83104 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/31 13:45:02 | 33,609,2333 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/10/31 12:49:05 | 00,291,328 | ---- | C] () -- C:\Users\Ryan\Desktop\89mz50xm.exe
[2009/10/30 12:25:43 | 00,093,696 | ---- | C] () -- C:\Users\Ryan\Documents\CHEM 422 Xylene.doc
[2009/10/30 03:05:22 | 00,000,162 | -H-- | C] () -- C:\Users\Ryan\Desktop\~$8_review_exam_2.doc
[2009/10/30 03:05:05 | 00,084,992 | ---- | C] () -- C:\Users\Ryan\Desktop\328_review_exam_2.doc
[2009/10/29 11:25:56 | 00,050,176 | ---- | C] () -- C:\Users\Ryan\Desktop\Foreign Outreach Centralized Info.xls
[2009/10/28 21:22:02 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/10/28 21:21:10 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/10/28 21:01:35 | 00,040,960 | ---- | C] () -- C:\Users\Ryan\Documents\Brain Worksheet.doc
[2009/10/28 21:01:26 | 00,029,452 | ---- | C] () -- C:\Users\Ryan\Documents\Brain Worksheet.docx
[2009/10/27 21:50:17 | 00,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/26 17:50:05 | 00,053,248 | ---- | C] () -- C:\Users\Ryan\Desktop\Foreign Contacts (1).doc
[2009/10/26 17:42:30 | 00,072,192 | ---- | C] () -- C:\Users\Ryan\Desktop\SUP ROLES! new.doc
[2009/10/26 15:39:41 | 00,795,746 | ---- | C] () -- C:\Users\Ryan\Desktop\woms_713_f08_f6.pdf
[2009/10/23 15:32:35 | 00,093,515 | ---- | C] () -- C:\Users\Ryan\Desktop\09.docx
[2009/10/23 12:21:59 | 00,056,320 | ---- | C] () -- C:\Users\Ryan\Desktop\March 18th Talking Points.doc
[2009/10/23 12:21:45 | 00,063,488 | ---- | C] () -- C:\Users\Ryan\Desktop\Actual Proposal 318.doc
[2009/10/22 11:19:30 | 00,039,424 | ---- | C] () -- C:\Users\Ryan\Desktop\SFSU General Assembly October 21, 2009.doc
[2009/10/22 00:21:11 | 00,346,924 | ---- | C] () -- C:\Users\Ryan\Desktop\Call of Cthulhu Savegame.zip
[2009/10/20 19:49:52 | 00,010,104 | ---- | C] () -- C:\Users\Ryan\Documents\CHEM 422 FAAS Results Abstract.docx
[2009/10/20 19:39:39 | 00,021,504 | ---- | C] () -- C:\Users\Ryan\Desktop\tables for method.doc
[2009/10/20 19:38:45 | 00,181,384 | ---- | C] () -- C:\Users\Ryan\Desktop\es802544n.pdf
[2009/10/20 07:55:35 | 00,129,024 | ---- | C] () -- C:\Users\Ryan\Documents\CHEM 422 FAAS.doc
[2009/10/19 22:00:38 | 00,053,248 | ---- | C] () -- C:\Users\Ryan\Desktop\Foreign Contacts.doc
[2009/10/19 21:51:44 | 02,617,480 | ---- | C] () -- C:\Users\Ryan\Desktop\1-01 The Birds and the Bees - Thinking about Sex and Gender.mp3
[2009/10/19 21:32:23 | 00,062,976 | ---- | C] () -- C:\Users\Ryan\Desktop\Minutes101509.doc
[2009/10/19 17:13:22 | 00,331,264 | ---- | C] () -- C:\Users\Ryan\Desktop\dds.scr
[2009/10/19 17:00:35 | 00,106,424 | ---- | C] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2009/10/19 16:56:32 | 00,041,420 | ---- | C] () -- C:\Users\Ryan\Desktop\dixml.chm
[2009/10/19 16:55:47 | 00,000,914 | ---- | C] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2009/10/19 09:20:29 | 00,024,677 | ---- | C] () -- C:\Users\Ryan\Documents\CHEM 422 FAAS.docx
[2009/10/19 09:10:29 | 01,044,464 | ---- | C] () -- C:\Users\Ryan\Desktop\How to write journal articles F09 iLearn.pptm
[2009/10/19 09:10:24 | 00,049,152 | ---- | C] () -- C:\Users\Ryan\Desktop\CHEM 422 LAB REPORTS.doc
[2009/10/18 19:06:14 | 00,047,104 | ---- | C] () -- C:\Users\Ryan\Desktop\grad_spreadsheet.doc
[2009/10/18 19:04:52 | 00,011,697 | ---- | C] () -- C:\Users\Ryan\Desktop\cucdcr.rar
[2009/10/18 16:59:18 | 00,049,483 | ---- | C] () -- C:\Users\Ryan\Desktop\groupreport.rar
[2009/10/18 16:26:18 | 12,524,032 | ---- | C] () -- C:\Users\Ryan\Desktop\Persistent Fall whole 10.17.09.doc
[2009/10/17 16:40:45 | 00,034,816 | ---- | C] () -- C:\Windows\System32\drivers\tatertot.sys
[2009/10/17 16:38:15 | 00,034,816 | ---- | C] () -- C:\Windows\System32\drivers\tatertot.scr.sys
[2009/09/25 21:43:11 | 00,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/25 21:43:11 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/09/23 06:38:12 | 00,000,680 | ---- | C] () -- C:\Users\Ryan\AppData\Local\d3d9caps.dat
[2009/09/21 15:48:02 | 00,000,024 | ---- | C] () -- C:\Windows\tb60.ini
[2009/09/21 15:48:02 | 00,000,024 | ---- | C] () -- C:\Windows\tb50.ini
[2009/09/21 15:29:53 | 00,000,321 | ---- | C] () -- C:\Windows\winhlp32.ini
[2009/09/21 15:29:53 | 00,000,321 | ---- | C] () -- C:\Windows\winhelp.ini
[2009/09/21 15:24:45 | 00,000,551 | ---- | C] () -- C:\Windows\omnic32.ini
[2009/09/21 15:21:23 | 00,001,278 | ---- | C] () -- C:\Windows\OMUPDATE.INI
[2009/09/20 15:02:37 | 00,000,113 | ---- | C] () -- C:\Windows\photoimpression.ini
[2009/09/20 15:02:37 | 00,000,029 | ---- | C] () -- C:\Windows\videoimp.ini
[2009/09/20 15:01:36 | 00,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009/09/17 02:03:40 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/07 18:51:34 | 00,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/08/07 03:32:55 | 00,088,672 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/07 03:32:55 | 00,088,672 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/29 15:17:26 | 00,021,504 | -H-- | C] () -- C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/06 18:57:50 | 00,037,841 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Comma Separated Values (Windows).ADR
[2009/07/05 15:47:50 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/07/05 09:18:50 | 00,000,150 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009/06/20 18:47:18 | 00,048,104 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\nvModes.001
[2009/06/20 18:47:10 | 00,048,104 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\nvModes.dat
[2009/06/08 18:28:58 | 00,102,248 | -H-- | C] () -- C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/13 13:59:06 | 00,229,376 | ---- | C] () -- C:\Windows\System32\ISP2000.dll
[2007/12/13 23:09:56 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/12/13 15:30:00 | 00,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/03 15:25:56 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 04:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 04:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 02:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/01 23:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/11/03 10:45:04 | 00,000,488 | ---- | C] () -- C:\Windows\turbo32.ini
[2001/11/14 10:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/02/01 03:00:00 | 00,000,189 | ---- | C] () -- C:\Windows\NicBib.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:62E2D794
< End of report >

#9 myrti

Sillyberry

Malware Study Hall Admin
33,779 posts
OFFLINE

Gender:Female
Location:At home
Local time:02:54 PM

Posted 05 November 2009 - 03:36 PM

Hi,

this wasn't exactly what I expected. Please download the newest version of OTL from here: This is THE Mirror

and run the following script:
Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:otl
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-8439818098-2080355288-076337672-6009\dllrun32.exe) - C:\RECYCLER\S-1-5-21-8439818098-2080355288-076337672-6009\dllrun32.exe File not found
O20 - HKCU Winlogon: Shell - ("C:\Users\Ryan\fbbv.exe") - C:\Users\Ryan\fbbv.exe File not found
O33 - MountPoints2\{33c80e46-c8bd-11de-8cc6-001dd9e71551}\Shell\AutoRun\command - "" = _cache.tmp/game.exe
O33 - MountPoints2\{33c80e46-c8bd-11de-8cc6-001dd9e71551}\Shell\eXpLorE\cOMMand - "" = _cache.tmp/game.exe
O33 - MountPoints2\{33c80e46-c8bd-11de-8cc6-001dd9e71551}\Shell\oPen\CoMMAnd - "" = _cache.tmp/game.exe
O33 - MountPoints2\{6f9b534c-b285-11de-aee3-001dd9e71551}\Shell\AutoRun\command - "" = I:\tmp.folder\restore.exe -- File not found
O33 - MountPoints2\{6f9b534c-b285-11de-aee3-001dd9e71551}\Shell\ExploRE\CoMmaNd - "" = I:\tmp.folder\restore.exe -- File not found
O33 - MountPoints2\{6f9b534c-b285-11de-aee3-001dd9e71551}\Shell\OPeN\commAnd - "" = I:\tmp.folder\restore.exe -- File not found
O33 - MountPoints2\{82e4def8-92cf-11de-83a8-001c23fb81ca}\Shell\AutoRun\command - "" = tmp.folder/restore.exe
O33 - MountPoints2\{82e4def8-92cf-11de-83a8-001c23fb81ca}\Shell\ExploRE\CoMmaNd - "" = tmp.folder/restore.exe
O33 - MountPoints2\{82e4def8-92cf-11de-83a8-001c23fb81ca}\Shell\OPeN\commAnd - "" = tmp.folder/restore.exe
O33 - MountPoints2\{f9e4932b-5551-11de-9071-001dd9e71551}\Shell\AutoRun\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\{f9e4932b-5551-11de-9071-001dd9e71551}\Shell\explore\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\{f9e4932b-5551-11de-9071-001dd9e71551}\Shell\open\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\{f9e49344-5551-11de-9071-001dd9e71551}\Shell\AutoRun\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\{f9e49344-5551-11de-9071-001dd9e71551}\Shell\explore\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\{f9e49344-5551-11de-9071-001dd9e71551}\Shell\open\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\H\Shell\AutoRun\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\H\Shell\explore\command - "" = folder.tmp/tmp.exe
O33 - MountPoints2\H\Shell\open\command - "" = folder.tmp/tmp.exe

Then click the Run Fix button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

regards _temp_

Edited by _temp_, 05 November 2009 - 04:01 PM.

is that a bird? a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

Follow BleepingComputer on: Facebook | Twitter | Google+

#10 Purgatorios

Topic Starter

Members
29 posts
OFFLINE

Local time:05:54 AM

Posted 05 November 2009 - 03:46 PM

Downloaded that version and ran the custom script, it didn't ask me for a reboot:

========== OTL ==========
Registry value HEKY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-8439818098-2080355288-076337672-6009\dllrun32.exe deleted successfully.
Registry value HEKY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:"C:\Users\Ryan\fbbv.exe" deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33c80e46-c8bd-11de-8cc6-001dd9e71551}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33c80e46-c8bd-11de-8cc6-001dd9e71551}\ not found.
File _cache.tmp/game.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33c80e46-c8bd-11de-8cc6-001dd9e71551}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33c80e46-c8bd-11de-8cc6-001dd9e71551}\ not found.
File _cache.tmp/game.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33c80e46-c8bd-11de-8cc6-001dd9e71551}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33c80e46-c8bd-11de-8cc6-001dd9e71551}\ not found.
File _cache.tmp/game.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f9b534c-b285-11de-aee3-001dd9e71551}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f9b534c-b285-11de-aee3-001dd9e71551}\ not found.
File I:\tmp.folder\restore.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f9b534c-b285-11de-aee3-001dd9e71551}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f9b534c-b285-11de-aee3-001dd9e71551}\ not found.
File I:\tmp.folder\restore.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f9b534c-b285-11de-aee3-001dd9e71551}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f9b534c-b285-11de-aee3-001dd9e71551}\ not found.
File I:\tmp.folder\restore.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e4def8-92cf-11de-83a8-001c23fb81ca}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e4def8-92cf-11de-83a8-001c23fb81ca}\ not found.
File tmp.folder/restore.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e4def8-92cf-11de-83a8-001c23fb81ca}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e4def8-92cf-11de-83a8-001c23fb81ca}\ not found.
File tmp.folder/restore.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e4def8-92cf-11de-83a8-001c23fb81ca}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e4def8-92cf-11de-83a8-001c23fb81ca}\ not found.
File tmp.folder/restore.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9e4932b-5551-11de-9071-001dd9e71551}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9e4932b-5551-11de-9071-001dd9e71551}\ not found.
File folder.tmp/tmp.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9e4932b-5551-11de-9071-001dd9e71551}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9e4932b-5551-11de-9071-001dd9e71551}\ not found.
File folder.tmp/tmp.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9e4932b-5551-11de-9071-001dd9e71551}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9e4932b-5551-11de-9071-001dd9e71551}\ not found.
File folder.tmp/tmp.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9e49344-5551-11de-9071-001dd9e71551}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9e49344-5551-11de-9071-001dd9e71551}\ not found.
File folder.tmp/tmp.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9e49344-5551-11de-9071-001dd9e71551}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9e49344-5551-11de-9071-001dd9e71551}\ not found.
File folder.tmp/tmp.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9e49344-5551-11de-9071-001dd9e71551}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9e49344-5551-11de-9071-001dd9e71551}\ not found.
File folder.tmp/tmp.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
File folder.tmp/tmp.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File folder.tmp/tmp.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File folder.tmp/tmp.exe not found.

OTL by OldTimer - Version 3.1.3.3 log created on 11052009_124554

#11 myrti

Sillyberry

Malware Study Hall Admin
33,779 posts
OFFLINE

Gender:Female
Location:At home
Local time:02:54 PM

Posted 05 November 2009 - 04:05 PM

Hi,

this looks more like it.

How is your PC doing?

regards _temp_

is that a bird? a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

Follow BleepingComputer on: Facebook | Twitter | Google+

#12 Purgatorios

Topic Starter

Members
29 posts
OFFLINE

Local time:05:54 AM

Posted 05 November 2009 - 04:21 PM

Since that last custom fix, the symantec alerts haven't been popping up! Also CPU activity is down. I think you did it! But I'll keep an eye on it for a couplea days and report back. Thanks!

#13 myrti

Sillyberry

Malware Study Hall Admin
33,779 posts
OFFLINE

Gender:Female
Location:At home
Local time:02:54 PM

Posted 05 November 2009 - 05:19 PM

Heya,

not so fast, your not getting rid of me that easily.

For one I would like to make sure that nothing was missed by running an online scan with Eset:

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

Also I would like you to update your software:

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
Look for "Java Runtime Environment (JRE)" JRE 6 Update 17.
Click the Download button to the right.
Select your Platform: "Windows".
Select your Language: "Multi-language".
Read the License Agreement, and then check the box that says: "Accept License Agreement".
Click Continue and the page will refresh.
Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.

-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Your Adobe Reader is also out of date. Please uninstall it and download the latest version from Adobe: Download
Please untick all proposed toolbars unless you really want them.

Please post back with the log from Eset.
regards _temp_

is that a bird? a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

Follow BleepingComputer on: Facebook | Twitter | Google+