My Internet Explorer browser is redirecting when I click on a site in the results of the search. Often the tab says redirecting followed by various sites with /search.php at the end. Sometimes it redirects the redirect. I have run multiple programs to try to get rid of it and have had no success. I have run Malwarbyte, Spybot SD, SuperAntispyware and Hijackthis as well as some others and with McAfee as my security. No luck. I am NOT having the problem with my MSN browser, only Internet Explorer.
Spybot dectected Fast Click, Right Media, Win32.pornpopup and Zedo which seemed to reload on restart.
I've included the DDS info. When I tried to run GMER my computer shut down 3 times. I apologize for not getting the whole message on the dark screen. It went faster than I could process the info. It stated that a problem had been detected and windows shut down. I did not get a succesful result from GMER.
I would be most grateful for any help with this. I'm way over my head on this one.
Thank you.
Kungfuparachute
DDS (Ver_10-03-17.01) - NTFSx86
Run by Schmitz at 14:39:15.25 on Wed 06/09/2010
Internet Explorer: 8.0.6001.18904
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2045.704 [GMT -5:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\LEXPPS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k HPService
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Schmitz\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Bar = Preserve
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WD Anywhere Backup] c:\program files\wd\wd anywhere backup\MemeoLauncher2.exe --silent
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: turbotax.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {06305358-99CE-4C47-B59C-939B76856C2B} - hxxp://download.microsoft.com/download/A/C/4/AC43418A-8C86-4205-803E-249B637EE96B/pmupd806.exe
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://www.stonyfield.com/coupons/scriptX/smsx.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://vpn.co.scott.mn.us/vdesk/terminal/f5tunsrv.cab#version=6030,2008,904,1947
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://vpn.co.scott.mn.us/vdesk/terminal/InstallerControl.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/26.26/uploader2.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://vpn.co.scott.mn.us/vdesk/terminal/f5InspectionHost.cab#version=6030,2008,0904,1939
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.winkflash.com/photo/loaders/ImageUploader5.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - hxxps://vpn.co.scott.mn.us/vdesk/terminal/vdeskctrl.cab#version=6030,2008,0904,1946
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://vpn.co.scott.mn.us/vdesk/terminal/urxshost.cab#version=6030,2008,904,1945
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://vpn.co.scott.mn.us/vdesk/terminal/urxhost.cab#version=6030,2008,904,1940
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2010-06-08 14:33:52 0 ----a-w- c:\users\schmitz\defogger_reenable
2010-06-08 04:18:20 0 d-----w- c:\users\schmitz\appdata\roaming\Malwarebytes
2010-06-08 04:17:49 0 d-----w- c:\programdata\Malwarebytes
2010-06-08 04:17:47 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-08 03:40:14 0 d-----w- c:\program files\MSN Toolbar
2010-06-08 03:37:59 0 d-----w- c:\program files\MSN Toolbar Installer
2010-06-07 17:44:51 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-07 17:44:17 0 d-----w- c:\programdata\Lavasoft
2010-06-07 17:44:17 0 d-----w- c:\program files\Lavasoft
2010-06-07 04:07:06 0 d-----w- c:\users\schmitz\appdata\roaming\SUPERAntiSpyware.com
2010-06-07 04:07:06 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-06-07 04:06:26 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-07 03:58:36 0 d-----w- c:\users\schmitz\Tracing
2010-06-07 03:53:52 0 d-----w- c:\program files\Microsoft
2010-06-07 03:42:21 0 d-----w- c:\program files\common files\Windows Live
2010-06-07 02:59:13 0 d---a-w- c:\programdata\TEMP
2010-06-06 22:59:50 0 d-----w- c:\program files\Trend Micro
2010-06-06 13:54:49 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-06 13:54:49 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-06 01:56:30 65536 ----a-w- c:\windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
2010-06-06 01:56:30 3342336 ----a-w- c:\windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2010-06-06 01:56:30 196608 ----a-w- c:\windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
2010-06-06 01:56:27 0 d-----w- c:\program files\Microsoft ATS
2010-06-06 01:53:27 244 ---ha-w- C:\sqmnoopt18.sqm
2010-06-06 01:53:27 232 ---ha-w- C:\sqmdata18.sqm
2010-06-05 23:44:24 0 d-----w- c:\windows\system32\eu-ES
2010-06-05 23:44:24 0 d-----w- c:\windows\system32\ca-ES
2010-06-05 23:44:22 0 d-----w- c:\windows\system32\vi-VN
2010-05-26 14:03:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-21 18:53:10 0 d-----w- c:\users\schmitz\appdata\roaming\E-centives
2010-05-20 23:33:35 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-20 23:33:35 0 d-----w- c:\program files\iTunes
2010-05-20 23:23:33 0 d-----w- c:\program files\Bonjour
2010-05-19 14:12:31 0 d-----w- c:\programdata\Sun
2010-05-12 11:54:34 738816 ----a-w- c:\windows\system32\inetcomm.dll
==================== Find3M ====================
2010-06-09 19:13:42 13119 ----a-w- c:\users\schmitz\appdata\roaming\nvModes.dat
2010-06-05 23:52:50 86016 ----a-w- c:\windows\inf\infpub.dat
2010-06-05 23:52:50 143360 ----a-w- c:\windows\inf\infstor.dat
2010-06-05 23:52:49 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-05 23:44:12 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-05 23:24:58 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-05-12 16:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-05 19:30:43 129344 ----a-w- c:\users\schmitz\appdata\roaming\GDIPFONTCACHEV1.DAT
2010-04-08 18:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-09-29 18:52:11 28868320 ----a-w- c:\program files\FileFormatConverters.exe
2008-09-27 15:40:06 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-25 01:31:50 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
============= FINISH: 14:43:10.36 ===============