Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Computer in continuous repair wont boot due to virus


  • Please log in to reply
29 replies to this topic

#1 andy0110

andy0110

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 24 August 2011 - 08:17 PM

While surfing my computer started to freeze. It then shut Internet Exploer down. I could still here a radio show even though IE was closed. In 15 seconds, the computer shut down and tried to reboot itself. All it does now is try to repair itself. i tried restaring it in safe mode with networking or just safe mode and it goes back to trying to repair itself.

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,576 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:51 PM

Posted 25 August 2011 - 08:56 AM

Hi, :welcome:

Lets give it a try.

We will need to view the system status from an external environment. You will need a USB drive and a CD to burn. There will be several steps to follow.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Also Download Query.exe to the USB drive. In your working computer, navigate to the USB drive and click on the Query.exe. A folder and a file, query.sh, will be extracted.
  • Remove the USB & CD and insert them in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • In some computers you need to tap F12 and choose to boot from the CD, in others is the Esc key. Please consult your computer's documentation.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Then type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    Winlogon.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    volsnap.sys

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    explorer.exe

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    Userinit.exe

  • Press Enter
  • After the search is completed type Exit and press Enter.
  • After it has finished a report will be located in the USB drive as filefind.txt
  • While still in the Open Terminal, type bash query.sh
  • Press Enter
  • After it has finished a report will be located in the USB drive as RegReport.txt
  • Then type dd if=/dev/sda of=mbr.bin bs=512 count=1


    Leave a space among the following Statements:

    dd is the executable application used to create the backup
    if=/dev/sda is the device the backup is created from - the hard drive when only one HDD exists
    of=mbr.bin is the backup file to create - note the lack of a path - it will be created in the directory currently open in the Terminal
    bs=512 is the number of bytes in the backup
    count=1 says to backup just 1 sector


    It is extremely important that the if and of statements are correctly entered.

  • Press Enter
  • After it has finished a report will be located in the USB drive as mbr.bin
  • Plug the USB back into the clean computer, zip the mbr.bin, and except for the mbr.bin zipped file, post the contents of the report.txt, filefind.txt and RegReport.txt in your next reply. The mbr.bin zipped file must be attached to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 andy0110

andy0110
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 25 August 2011 - 09:27 AM

Thank you, I will do as directed.

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,576 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:51 PM

Posted 25 August 2011 - 10:04 AM

:thumbup2:

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 andy0110

andy0110
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 25 August 2011 - 06:05 PM

Ok, so I downloaded the boot disk and it looks like it is ok and the other programs to the USB. I put them inot the infected computer and the XPUD entry screen came up with "choose your language", and an autoboot in 8 seconds countdown which then tried to boot the computer. I received the following:

Please consult the X.orgfoundation support @http//wiki.x.org for help

Please also check the log file at "var/log/xorg.o.log" for additional information

DDXSIGGIVEUP:Closing log

[7.0641077 SDS:0:):)(sdf) assuming drive code:write:through giving up

xinit:no such file or directory (errno2):unable to connect to x server
xinit: no such process(errno3):server error
xauth: (argu):1:bad display none "9non):0 in remove command sh: no job control in this shell
sh.4.0#
(==) log file: "var/log/xorg.0.log, time Aug 25 23:06:09 2011
EE no devices attached

Ok so what does all that mean? I think I downloaded and burned the XPUD correctly because on the CD there are the correct files. Is there a solution? More importantly, can I get my files off the hard drive even if I have to pull it and hook it to another clean computer? Any help would be appreciated.

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,576 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:51 PM

Posted 25 August 2011 - 07:01 PM

Let me know the specs of your computer, including the Operating System installed. If Vista or Win 7, do you have a CD we can run to reach the Repair Console?

Also, tap on F8 every other second during start-up. Are you able to get into the Advanced Menu where choices such as Safe Mode are available?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 andy0110

andy0110
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 25 August 2011 - 08:36 PM

The machine is a Dell with a I-5 processor, 4mb, 500mb hard drive. 3.2 speed. It has windows seven operating system. I can get into safe mode or safe with networking, but when it trys to open, it just goes into repair mode with a continious loop. I think this is a virus because about one week ago I had a virus and hired a remote repair company to fix it. They removed two viruses. 1) was a "fake Alert virus, and 2) was a root kit virus that had been on the machine they said for about a week. It had replacted itself about six times into other areas of the machine including safe mode. I couldnt even get on the internet in safe mode. Maybe it also installed a back door? Allowing this recent attack? I do not have a CD because I recently moved and have a 5 bedroom house in storage which is to say I have one, it just might be faster to have Dell overnight me a new one. Again, thank you for all your help. God forbid I get to sit on a jury judging a hacker or virus writer someday!!!!!!!!!! That persons defense counsel will not want me to be the forman. LOL.

#8 andy0110

andy0110
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 25 August 2011 - 08:41 PM

Do you think the X Org folks have anythng to do with this. I visited the site and it actually exists. It looks like someone is trying to do a operating system that is open source? Why would a virus maker try to reference them? Sorry, just interesting questions from a wanna be nerd.

#9 andy0110

andy0110
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 25 August 2011 - 08:43 PM

Also, I really can spell, i just can't type. LOL.

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,576 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:51 PM

Posted 25 August 2011 - 09:28 PM

As part of the Advanced Menu, there should also be an Option to "Repair your computer". This option should bring you to the Repair Console with various Recovery Options such as, a Command prompt. If so, please follow these steps:

Assuming your installation is a 64 bit system, download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter the Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press the Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 andy0110

andy0110
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 26 August 2011 - 11:10 AM

ok will do in about 5 hours

#12 andy0110

andy0110
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 26 August 2011 - 09:04 PM

Ok so i did as you asked and the first two times, the computer just went into its loop. The third time worked and I got the log below. Now what?



Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.1
Ran by SYSTEM at 2011-08-27 09:31:47
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [286720 2007-12-11] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2008-12-16] (Nikon Corporation)
HKU\Jim Wellman\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3883856 2009-07-26] (Microsoft Corporation)
HKU\Jim Wellman\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2011-08-05] (Valve Corporation)
HKU\Jim Wellman\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\Jim Wellman\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [639864 2011-08-21] (BitTorrent, Inc.)
HKU\Jim Wellman\...\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [417112 2011-08-09] (IObit)
HKU\UpdatusUser\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3883856 2009-07-26] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [417112 2011-08-09] (IObit)
HKU\UpdatusUser\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2011-08-05] (Valve Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 10.1.2.1

==================== Services (Whitelisted) ======

2 AdvancedSystemCareService; C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [328536 2011-08-09] (IObit)
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-04] (Macrovision Corporation)
2 IntuitUpdateService; "C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13672 2010-08-23] (Intuit Inc.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

3 VClone; C:\Windows\System32\DRIVERS\VClone.sys [36352 2011-01-15] (Elaborate Bytes AG)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [x]

========================== NetSvcs ========================

============ One Month Created Files and Folders ==============

2011-08-27 09:31 - 2011-08-27 09:31 - 0000000 ____D C:\FRST
2011-08-24 17:06 - 2011-08-24 17:06 - 1590048 ___AH C:\Users\Jim Wellman\Local Settings\IconCache.db
2011-08-24 17:06 - 2011-08-24 17:06 - 1590048 ___AH C:\Users\Jim Wellman\Local Settings\Application Data\IconCache.db
2011-08-24 17:06 - 2011-08-24 17:06 - 1590048 ___AH C:\Users\Jim Wellman\AppData\Local\IconCache.db
2011-08-24 16:40 - 2011-08-24 22:58 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-24 10:09 - 2011-08-24 10:09 - 9466208 ____A (Malwarebytes Corporation ) C:\Users\Jim Wellman\Downloads\mbam-setup-1.51.1.1800.exe
2011-08-24 10:01 - 2011-08-24 10:01 - 0001205 ____A C:\Users\Public\Desktop\Quick Care.lnk
2011-08-24 10:01 - 2011-08-24 10:01 - 0001205 ____A C:\Users\All Users\Desktop\Quick Care.lnk
2011-08-24 10:01 - 2011-08-24 10:01 - 0001183 ____A C:\Users\Public\Desktop\Advanced SystemCare 4.lnk
2011-08-24 10:01 - 2011-08-24 10:01 - 0001183 ____A C:\Users\All Users\Desktop\Advanced SystemCare 4.lnk
2011-08-24 10:00 - 2011-08-24 10:00 - 30071680 ____A (IObit ) C:\Users\Jim Wellman\Downloads\asc-setup.exe
2011-08-22 22:20 - 2011-08-22 22:20 - 0197632 ____A (Delia Lsd Domed Heirs) C:\Users\Jim Wellman\Desktop\0.6478276640194541.exe
2011-08-21 18:21 - 2011-08-21 18:23 - 0000000 ____D C:\Users\Jim Wellman\Downloads\LIMITLESS_UNRATED_2011_1080p_BluRay_QEBS_5_AAC51_PS3_MP4-FASM
2011-08-21 18:21 - 2011-08-21 18:21 - 0000905 ____A C:\Users\Public\Desktop\Torrent.lnk
2011-08-21 18:21 - 2011-08-21 18:21 - 0000905 ____A C:\Users\All Users\Desktop\Torrent.lnk
2011-08-21 18:21 - 2011-08-21 18:21 - 0000000 ____D C:\Program Files (x86)\uTorrent
2011-08-21 18:20 - 2011-08-21 18:20 - 0170876 ____A C:\Users\Jim Wellman\Downloads\LIMITLESS_UNRATED_2011_1080p_BluRay_QEBS_5_AAC51_PS3_MP4-FASM.6609149.TPB.torrent
2011-08-21 18:20 - 2011-08-21 18:20 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\uTorrent
2011-08-21 18:20 - 2011-08-21 18:20 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\Application Data\uTorrent
2011-08-21 18:20 - 2011-08-21 18:20 - 0000000 ____D C:\Users\Jim Wellman\AppData\Local\uTorrent
2011-08-20 15:01 - 2011-08-20 15:01 - 0000000 ____D C:\Users\Jim Wellman\Application Data\Malwarebytes
2011-08-20 15:01 - 2011-08-20 15:01 - 0000000 ____D C:\Users\Jim Wellman\AppData\Roaming\Malwarebytes
2011-08-20 15:01 - 2011-08-20 15:01 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-08-20 15:01 - 2011-08-20 15:01 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2011-08-20 15:01 - 2011-08-20 15:01 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-08-20 15:01 - 2011-07-06 18:52 - 0025912 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-08-20 14:50 - 2011-08-20 14:50 - 0110456 ____A C:\Users\Jim Wellman\g2ax_customer_downloadhelper_win32_x86.exe
2011-08-20 14:50 - 2011-08-20 14:50 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\Citrix
2011-08-20 14:50 - 2011-08-20 14:50 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\Application Data\Citrix
2011-08-20 14:50 - 2011-08-20 14:50 - 0000000 ____D C:\Users\Jim Wellman\AppData\Local\Citrix
2011-08-20 14:48 - 2011-08-20 14:48 - 0000405 ____A C:\rkill.log
2011-08-20 13:26 - 2011-08-20 13:26 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\PowerDVD DX
2011-08-20 13:26 - 2011-08-20 13:26 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\Application Data\PowerDVD DX
2011-08-20 13:26 - 2011-08-20 13:26 - 0000000 ____D C:\Users\Jim Wellman\AppData\Local\PowerDVD DX
2011-08-20 13:26 - 2011-08-20 13:26 - 0000000 ____D C:\Users\All Users\CyberLink
2011-08-20 13:26 - 2011-08-20 13:26 - 0000000 ____D C:\Users\All Users\Application Data\CyberLink
2011-08-20 13:26 - 2011-08-20 13:26 - 0000000 ____D C:\ProgramData\CyberLink
2011-08-18 20:21 - 2011-08-20 14:09 - 0012908 __ASH C:\Users\Jim Wellman\Local Settings\Application Data\23j10747gywo60hk5q6pg37857d86kdg0busyq5cjl27
2011-08-18 20:21 - 2011-08-20 14:09 - 0012908 __ASH C:\Users\Jim Wellman\Local Settings\23j10747gywo60hk5q6pg37857d86kdg0busyq5cjl27
2011-08-18 20:21 - 2011-08-20 14:09 - 0012908 __ASH C:\Users\Jim Wellman\AppData\Local\23j10747gywo60hk5q6pg37857d86kdg0busyq5cjl27
2011-08-18 20:21 - 2011-08-20 14:09 - 0012908 __ASH C:\Users\All Users\Application Data\23j10747gywo60hk5q6pg37857d86kdg0busyq5cjl27
2011-08-18 20:21 - 2011-08-20 14:09 - 0012908 __ASH C:\Users\All Users\23j10747gywo60hk5q6pg37857d86kdg0busyq5cjl27
2011-08-18 20:21 - 2011-08-20 14:09 - 0012908 __ASH C:\ProgramData\23j10747gywo60hk5q6pg37857d86kdg0busyq5cjl27
2011-08-18 20:06 - 2011-08-18 20:06 - 0000036 ____A C:\Users\Jim Wellman\Local Settings\housecall.guid.cache
2011-08-18 20:06 - 2011-08-18 20:06 - 0000036 ____A C:\Users\Jim Wellman\Local Settings\Application Data\housecall.guid.cache
2011-08-18 20:06 - 2011-08-18 20:06 - 0000036 ____A C:\Users\Jim Wellman\AppData\Local\housecall.guid.cache
2011-08-18 19:45 - 2011-08-18 19:45 - 0000000 ____D C:\Users\Jim Wellman\Desktop\backup
2011-08-18 19:30 - 2011-08-18 19:30 - 0000017 ____A C:\Users\Jim Wellman\Local Settings\resmon.resmoncfg
2011-08-18 19:30 - 2011-08-18 19:30 - 0000017 ____A C:\Users\Jim Wellman\Local Settings\Application Data\resmon.resmoncfg
2011-08-18 19:30 - 2011-08-18 19:30 - 0000017 ____A C:\Users\Jim Wellman\AppData\Local\resmon.resmoncfg
2011-08-18 19:14 - 2011-08-18 19:14 - 0000000 ____D C:\Users\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-08-18 19:14 - 2011-08-18 19:14 - 0000000 ____D C:\Users\All Users\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-08-18 19:14 - 2011-08-18 19:14 - 0000000 ____D C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-08-18 19:12 - 2011-08-18 19:14 - 0000000 ____D C:\Users\All Users\RegWork
2011-08-18 19:12 - 2011-08-18 19:14 - 0000000 ____D C:\Users\All Users\Application Data\RegWork
2011-08-18 19:12 - 2011-08-18 19:14 - 0000000 ____D C:\ProgramData\RegWork
2011-08-18 19:12 - 2011-08-18 19:12 - 0000350 ____A C:\Windows\Tasks\Regwork.job
2011-08-18 19:09 - 2011-08-18 19:09 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\PackageAware
2011-08-18 19:09 - 2011-08-18 19:09 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\Application Data\PackageAware
2011-08-18 19:09 - 2011-08-18 19:09 - 0000000 ____D C:\Users\Jim Wellman\AppData\Local\PackageAware
2011-08-17 20:07 - 2011-08-17 20:07 - 0000000 ____D C:\Program Files (x86)\7-Zip
2011-08-12 09:05 - 2011-08-12 09:05 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2011-08-11 08:14 - 2011-07-22 02:34 - 9322496 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-08-11 08:14 - 2011-07-22 01:38 - 5989376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-08-11 08:14 - 2011-07-22 00:35 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-08-11 08:14 - 2011-07-21 23:56 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-08-11 08:14 - 2011-07-16 00:26 - 0362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2011-08-11 08:14 - 2011-07-16 00:26 - 0243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2011-08-11 08:14 - 2011-07-16 00:26 - 0214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2011-08-11 08:14 - 2011-07-16 00:26 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2011-08-11 08:14 - 2011-07-16 00:24 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2011-08-11 08:14 - 2011-07-16 00:21 - 1162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2011-08-11 08:14 - 2011-07-16 00:21 - 0422400 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2011-08-11 08:14 - 2011-07-16 00:17 - 0338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2011-08-11 08:14 - 2011-07-16 00:04 - 0006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-11 08:14 - 2011-07-16 00:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 23:36 - 0014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2011-08-11 08:14 - 2011-07-15 23:31 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2011-08-11 08:14 - 2011-07-15 23:30 - 1048576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2011-08-11 08:14 - 2011-07-15 23:30 - 0272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2011-08-11 08:14 - 2011-07-15 23:30 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2011-08-11 08:14 - 2011-07-15 23:19 - 0005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 23:19 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 23:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 23:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 23:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 23:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 23:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 23:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 23:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 23:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 23:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 23:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 23:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 23:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 21:26 - 0007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2011-08-11 08:14 - 2011-07-15 21:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2011-08-11 08:14 - 2011-07-15 21:21 - 0006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 21:21 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 21:21 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-11 08:14 - 2011-07-15 21:21 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-11 08:14 - 2011-07-08 21:44 - 0287744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2011-08-11 08:14 - 2011-06-23 00:29 - 5507968 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-08-11 08:14 - 2011-06-22 23:38 - 3957120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2011-08-11 08:14 - 2011-06-22 23:38 - 3902336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2011-08-11 08:14 - 2011-06-21 01:27 - 1896832 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-08-11 08:14 - 2011-06-21 01:20 - 1499648 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-08-11 08:14 - 2011-06-21 01:20 - 1197056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-08-11 08:14 - 2011-06-21 01:20 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-08-11 08:14 - 2011-06-21 01:20 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-08-11 08:14 - 2011-06-21 01:20 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-08-11 08:14 - 2011-06-21 01:20 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-08-11 08:14 - 2011-06-21 01:20 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-08-11 08:14 - 2011-06-21 01:20 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-08-11 08:14 - 2011-06-21 01:19 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-08-11 08:14 - 2011-06-21 01:19 - 12371456 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-08-11 08:14 - 2011-06-21 01:19 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-08-11 08:14 - 2011-06-21 01:19 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-08-11 08:14 - 2011-06-21 01:19 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-08-11 08:14 - 2011-06-21 01:19 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-08-11 08:14 - 2011-06-21 01:17 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-08-11 08:14 - 2011-06-21 00:36 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-08-11 08:14 - 2011-06-21 00:36 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-08-11 08:14 - 2011-06-21 00:36 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-08-11 08:14 - 2011-06-21 00:35 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-08-11 08:14 - 2011-06-21 00:35 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-08-11 08:14 - 2011-06-21 00:35 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-08-11 08:14 - 2011-06-21 00:35 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-08-11 08:14 - 2011-06-21 00:35 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-08-11 08:14 - 2011-06-21 00:34 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-08-11 08:14 - 2011-06-21 00:34 - 10989568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-08-11 08:14 - 2011-06-21 00:34 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-08-11 08:14 - 2011-06-21 00:34 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-08-11 08:14 - 2011-06-21 00:34 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-08-11 08:14 - 2011-06-21 00:34 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-08-11 08:14 - 2011-06-21 00:32 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-08-11 08:14 - 2011-06-21 00:05 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-08-11 08:14 - 2011-06-20 23:26 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-08-11 08:14 - 2011-06-16 00:31 - 0199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2011-08-11 08:14 - 2011-06-15 23:35 - 0180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2011-08-11 08:14 - 2011-06-15 04:58 - 0212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2011-08-11 08:14 - 2011-06-15 04:58 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2011-08-11 08:14 - 2011-06-15 04:58 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2011-08-11 08:14 - 2011-06-15 04:58 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2011-08-11 08:14 - 2011-06-15 04:04 - 0319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2011-08-11 08:14 - 2011-06-15 04:04 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2011-08-11 08:14 - 2011-06-15 04:04 - 0122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2011-08-11 08:14 - 2011-06-15 04:04 - 0086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2011-08-11 08:14 - 2011-06-15 04:04 - 0081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2011-08-05 19:54 - 2011-08-24 16:20 - 0000000 ____D C:\Program Files (x86)\Steam
2011-08-04 17:00 - 2011-08-04 17:00 - 0000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2011-08-04 17:00 - 2011-08-04 17:00 - 0000000 ____D C:\Users\All Users\Documents\DAEMON Tools Images
2011-08-04 16:16 - 2008-10-15 05:22 - 5631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2011-08-04 16:16 - 2008-10-15 05:22 - 4379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2011-08-04 16:16 - 2008-10-15 05:22 - 2605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2011-08-04 16:16 - 2008-10-15 05:22 - 2036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2011-08-04 16:16 - 2008-10-15 05:22 - 0519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2011-08-04 16:16 - 2008-10-15 05:22 - 0452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2011-08-04 15:33 - 2011-08-04 15:33 - 0000000 ____D C:\Users\Jim Wellman\Application Data\AVG10
2011-08-04 15:33 - 2011-08-04 15:33 - 0000000 ____D C:\Users\Jim Wellman\AppData\Roaming\AVG10
2011-08-04 15:31 - 2011-08-08 20:51 - 0000000 ____D C:\Users\All Users\AVG10
2011-08-04 15:31 - 2011-08-08 20:51 - 0000000 ____D C:\Users\All Users\Application Data\AVG10
2011-08-04 15:31 - 2011-08-08 20:51 - 0000000 ____D C:\ProgramData\AVG10
2011-08-04 15:31 - 2011-08-08 20:24 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2011-08-04 15:30 - 2011-08-08 20:38 - 0000000 ____D C:\Program Files (x86)\AVG
2011-08-04 15:17 - 2011-08-08 20:38 - 0000000 ____D C:\Users\All Users\MFAData
2011-08-04 15:17 - 2011-08-08 20:38 - 0000000 ____D C:\Users\All Users\Application Data\MFAData
2011-08-04 15:17 - 2011-08-08 20:38 - 0000000 ____D C:\ProgramData\MFAData
2011-08-02 20:07 - 2011-08-02 20:07 - 0000000 ____D C:\Program Files (x86)\Elaborate Bytes
2011-08-02 20:06 - 2011-08-02 20:07 - 1587696 ____A C:\Users\Jim Wellman\Downloads\SetupVirtualCloneDrive5450.exe
2011-08-02 19:52 - 2011-08-04 17:07 - 0000000 ____D C:\Users\All Users\DAEMON Tools Lite
2011-08-02 19:52 - 2011-08-04 17:07 - 0000000 ____D C:\Users\All Users\Application Data\DAEMON Tools Lite
2011-08-02 19:52 - 2011-08-04 17:07 - 0000000 ____D C:\ProgramData\DAEMON Tools Lite
2011-08-02 19:52 - 2011-08-04 17:00 - 0000000 ____D C:\Users\Jim Wellman\Application Data\DAEMON Tools Lite
2011-08-02 19:52 - 2011-08-04 17:00 - 0000000 ____D C:\Users\Jim Wellman\AppData\Roaming\DAEMON Tools Lite
2011-08-01 19:34 - 2011-08-01 19:34 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\My Games
2011-08-01 19:34 - 2011-08-01 19:34 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\Application Data\My Games
2011-08-01 19:34 - 2011-08-01 19:34 - 0000000 ____D C:\Users\Jim Wellman\AppData\Local\My Games
2011-07-31 18:50 - 2011-08-24 22:58 - 0000000 ____D C:\users\UpdatusUser
2011-07-31 18:50 - 2011-07-31 18:50 - 0000020 __ASH C:\Users\UpdatusUser\ntuser.ini
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\Templates
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\Start Menu
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\PrintHood
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\NetHood
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\My Documents\My Videos
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\My Documents\My Pictures
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\My Documents\My Music
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\My Documents
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\Local Settings\Temporary Internet Files
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\Local Settings\History
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\Local Settings\Application Data\Temporary Internet Files
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\Local Settings\Application Data\History
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Videos
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Pictures
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Music
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\History
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 ____D C:\Users\UpdatusUser\AppData\LocalLow
2011-07-31 18:50 - 2010-02-02 01:43 - 0000000 ____D C:\Users\UpdatusUser\Local Settings\SoftThinks
2011-07-31 18:50 - 2010-02-02 01:43 - 0000000 ____D C:\Users\UpdatusUser\Local Settings\Application Data\SoftThinks
2011-07-31 18:50 - 2010-02-02 01:43 - 0000000 ____D C:\Users\UpdatusUser\AppData\Local\SoftThinks
2011-07-31 18:50 - 2010-02-02 01:35 - 0001928 ____A C:\Users\UpdatusUser\Start Menu\Programs\Startup\Dell Dock First Run.lnk
2011-07-31 18:50 - 2010-02-02 01:35 - 0001928 ____A C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
2011-07-31 18:50 - 2009-07-14 02:44 - 0000000 ____D C:\Users\UpdatusUser\Application Data\Media Center Programs
2011-07-31 18:50 - 2009-07-14 02:44 - 0000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Media Center Programs
2011-07-31 18:49 - 2011-07-31 18:50 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2011-07-31 18:48 - 2011-08-08 20:22 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2011-07-31 18:48 - 2011-07-31 18:48 - 0000000 ____D C:\Users\All Users\NVIDIA Corporation
2011-07-31 18:48 - 2011-07-31 18:48 - 0000000 ____D C:\Users\All Users\Application Data\NVIDIA Corporation
2011-07-31 18:48 - 2011-07-31 18:48 - 0000000 ____D C:\ProgramData\NVIDIA Corporation
2011-07-31 18:48 - 2011-05-25 02:25 - 7123560 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2011-07-31 18:48 - 2011-05-25 02:25 - 6555240 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2011-07-31 18:48 - 2011-05-25 02:25 - 5301352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2011-07-31 18:48 - 2011-05-25 02:25 - 2943592 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2011-07-31 18:48 - 2011-05-25 02:25 - 2804328 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2011-07-31 18:48 - 2011-05-25 02:25 - 2335848 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2011-07-31 18:48 - 2011-05-25 02:25 - 22286952 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2011-07-31 18:48 - 2011-05-25 02:25 - 2212968 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2011-07-31 18:48 - 2011-05-25 02:25 - 2082408 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2011-07-31 18:48 - 2011-05-25 02:25 - 18583144 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2011-07-31 18:48 - 2011-05-25 02:25 - 16456296 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2011-07-31 18:48 - 2011-05-25 02:25 - 15223912 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2011-07-31 18:48 - 2011-05-25 02:25 - 1496168 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco6420150.dll
2011-07-31 18:48 - 2011-05-25 02:25 - 1427048 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco642090.dll
2011-07-31 18:48 - 2011-05-25 02:25 - 1426536 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco642040.dll
2011-07-31 18:48 - 2011-05-25 02:25 - 13206120 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2011-07-31 18:48 - 2011-05-25 02:25 - 13011560 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2011-07-31 18:48 - 2011-05-25 02:25 - 0739432 ____A (NVIDIA Corporation) C:\Windows\System32\easyupdatusapiu64.dll
2011-07-31 18:48 - 2011-05-25 02:25 - 0174184 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2011-07-31 18:48 - 2011-05-25 02:25 - 0067176 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2011-07-31 18:48 - 2011-05-25 02:25 - 0057960 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2011-07-31 18:48 - 2011-05-25 02:25 - 0029288 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2011-07-31 18:48 - 2011-05-25 02:25 - 0012392 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvBridge.kmd
2011-07-31 18:48 - 2011-05-25 02:25 - 0007384 ____A C:\Windows\System32\nvinfo.pb
2011-07-31 18:47 - 2011-07-31 18:47 - 0000000 ____D C:\NVIDIA
2011-07-31 18:42 - 2011-07-06 20:42 - 3148904 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2011-07-31 18:42 - 2011-06-14 19:35 - 0625752 ____A (Creative Technology Ltd.) C:\Windows\System32\MBTHX64.dll
2011-07-31 18:42 - 2010-12-23 18:06 - 0876120 ____A (Creative Technology Ltd.) C:\Windows\System32\MBAPO64.dll
2011-07-31 18:42 - 2010-07-02 18:40 - 0080984 ____A (Creative Technology Ltd.) C:\Windows\System32\MBWrp64.dll
2011-07-31 17:35 - 2010-06-02 03:55 - 0527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2011-07-31 17:35 - 2010-06-02 03:55 - 0518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2011-07-31 17:35 - 2010-06-02 03:55 - 0239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2011-07-31 17:35 - 2010-06-02 03:55 - 0176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2011-07-31 17:35 - 2010-06-02 03:55 - 0077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2011-07-31 17:35 - 2010-06-02 03:55 - 0074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2011-07-31 17:35 - 2010-05-26 10:41 - 2526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2011-07-31 17:35 - 2010-05-26 10:41 - 2401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2011-07-31 17:35 - 2010-05-26 10:41 - 2106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2011-07-31 17:35 - 2010-05-26 10:41 - 1998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2011-07-31 17:35 - 2010-05-26 10:41 - 1907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2011-07-31 17:35 - 2010-05-26 10:41 - 1868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2011-07-31 17:35 - 2010-05-26 10:41 - 0511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2011-07-31 17:35 - 2010-05-26 10:41 - 0470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2011-07-31 17:35 - 2010-05-26 10:41 - 0276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2011-07-31 17:35 - 2010-05-26 10:41 - 0248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2011-07-31 17:35 - 2010-02-04 09:01 - 0530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2011-07-31 17:35 - 2010-02-04 09:01 - 0528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2011-07-31 17:35 - 2010-02-04 09:01 - 0238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2011-07-31 17:35 - 2010-02-04 09:01 - 0176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2011-07-31 17:35 - 2010-02-04 09:01 - 0078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2011-07-31 17:35 - 2010-02-04 09:01 - 0074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2011-07-31 17:35 - 2010-02-04 09:01 - 0024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2011-07-31 17:35 - 2010-02-04 09:01 - 0022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2011-07-31 17:35 - 2009-09-04 16:44 - 0517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2011-07-31 17:35 - 2009-09-04 16:44 - 0238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2011-07-31 17:35 - 2009-09-04 16:44 - 0176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2011-07-31 17:35 - 2009-09-04 16:44 - 0073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2011-07-31 17:35 - 2009-09-04 16:29 - 5554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2011-07-31 17:35 - 2009-09-04 16:29 - 5501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2011-07-31 17:35 - 2009-09-04 16:29 - 2582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2011-07-31 17:35 - 2009-09-04 16:29 - 2475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2011-07-31 17:35 - 2009-09-04 16:29 - 1974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2011-07-31 17:35 - 2009-09-04 16:29 - 1892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2011-07-31 17:35 - 2009-09-04 16:29 - 0285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2011-07-31 17:35 - 2009-09-04 16:29 - 0235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2011-07-31 17:35 - 2009-03-16 13:18 - 0521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2011-07-31 17:35 - 2009-03-16 13:18 - 0517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2011-07-31 17:35 - 2009-03-16 13:18 - 0235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2011-07-31 17:35 - 2009-03-16 13:18 - 0174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2011-07-31 17:35 - 2009-03-16 13:18 - 0024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2011-07-31 17:35 - 2009-03-16 13:18 - 0022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2011-07-31 17:35 - 2009-03-09 14:27 - 5425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2011-07-31 17:35 - 2009-03-09 14:27 - 4178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2011-07-31 17:35 - 2009-03-09 14:27 - 2430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2011-07-31 17:35 - 2009-03-09 14:27 - 1846632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2011-07-31 17:35 - 2009-03-09 14:27 - 0520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2011-07-31 17:35 - 2009-03-09 14:27 - 0453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2011-07-31 17:35 - 2008-10-27 09:04 - 0518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2011-07-31 17:35 - 2008-10-27 09:04 - 0514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2011-07-31 17:35 - 2008-10-27 09:04 - 0235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2011-07-31 17:35 - 2008-10-27 09:04 - 0175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2011-07-31 17:35 - 2008-10-27 09:04 - 0074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2011-07-31 17:35 - 2008-10-27 09:04 - 0070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2011-07-31 17:35 - 2008-10-27 09:04 - 0025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2011-07-31 17:35 - 2008-10-27 09:04 - 0023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2011-07-31 17:35 - 2008-07-31 09:41 - 0238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2011-07-31 17:35 - 2008-07-31 09:41 - 0177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2011-07-31 17:35 - 2008-07-31 09:41 - 0072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2011-07-31 17:35 - 2008-07-31 09:41 - 0068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2011-07-31 17:35 - 2008-07-31 09:40 - 0513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2011-07-31 17:35 - 2008-07-31 09:40 - 0509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2011-07-31 17:35 - 2008-07-10 10:01 - 0467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2011-07-31 17:35 - 2008-07-10 10:00 - 4992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2011-07-31 17:35 - 2008-07-10 10:00 - 3851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2011-07-31 17:35 - 2008-07-10 10:00 - 1942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2011-07-31 17:35 - 2008-07-10 10:00 - 1493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2011-07-31 17:35 - 2008-07-10 10:00 - 0540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2011-07-31 17:35 - 2008-05-30 13:19 - 0511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2011-07-31 17:35 - 2008-05-30 13:19 - 0507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2011-07-31 17:35 - 2008-05-30 13:18 - 0238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2011-07-31 17:35 - 2008-05-30 13:18 - 0177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2011-07-31 17:35 - 2008-05-30 13:17 - 0068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2011-07-31 17:35 - 2008-05-30 13:17 - 0065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2011-07-31 17:35 - 2008-05-30 13:17 - 0025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2011-07-31 17:35 - 2008-05-30 13:16 - 0028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2011-07-31 17:35 - 2008-05-30 13:11 - 4991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2011-07-31 17:35 - 2008-05-30 13:11 - 3850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2011-07-31 17:35 - 2008-05-30 13:11 - 1941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2011-07-31 17:35 - 2008-05-30 13:11 - 1491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2011-07-31 17:35 - 2008-05-30 13:11 - 0540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2011-07-31 17:35 - 2008-05-30 13:11 - 0467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2011-07-31 17:35 - 2008-03-05 15:04 - 0489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2011-07-31 17:35 - 2008-03-05 15:03 - 0479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2011-07-31 17:35 - 2008-03-05 15:03 - 0238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2011-07-31 17:35 - 2008-03-05 15:03 - 0177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2011-07-31 17:35 - 2008-03-05 15:00 - 0028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2011-07-31 17:35 - 2008-03-05 15:00 - 0025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2011-07-31 17:35 - 2008-03-05 14:56 - 4910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2011-07-31 17:35 - 2008-03-05 14:56 - 3786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2011-07-31 17:35 - 2008-03-05 14:56 - 1860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2011-07-31 17:35 - 2008-03-05 14:56 - 1420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2011-07-31 17:35 - 2008-02-05 22:07 - 0529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2011-07-31 17:35 - 2008-02-05 22:07 - 0462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2011-07-31 17:35 - 2007-10-22 02:40 - 0411656 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
2011-07-31 17:35 - 2007-10-22 02:39 - 0267272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2011-07-31 17:35 - 2007-10-22 02:37 - 0021000 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
2011-07-31 17:35 - 2007-10-22 02:37 - 0017928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2011-07-31 17:35 - 2007-10-12 14:14 - 5081608 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
2011-07-31 17:35 - 2007-10-12 14:14 - 3734536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2011-07-31 17:35 - 2007-10-12 14:14 - 2006552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
2011-07-31 17:35 - 2007-10-12 14:14 - 1374232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2011-07-31 17:35 - 2007-10-02 08:56 - 0508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
2011-07-31 17:35 - 2007-10-02 08:56 - 0444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2011-07-31 17:35 - 2007-07-19 23:57 - 0411496 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
2011-07-31 17:35 - 2007-07-19 23:57 - 0267112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2011-07-31 17:35 - 2007-07-19 17:14 - 5073256 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
2011-07-31 17:35 - 2007-07-19 17:14 - 3727720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2011-07-31 17:35 - 2007-07-19 17:14 - 1985904 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
2011-07-31 17:35 - 2007-07-19 17:14 - 1358192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2011-07-31 17:35 - 2007-07-19 17:14 - 0508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
2011-07-31 17:35 - 2007-07-19 17:14 - 0444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2011-07-31 17:35 - 2007-06-20 19:49 - 0409960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
2011-07-31 17:35 - 2007-06-20 19:46 - 0266088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2011-07-31 17:35 - 2007-05-16 15:45 - 4496232 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
2011-07-31 17:35 - 2007-05-16 15:45 - 3497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2011-07-31 17:35 - 2007-05-16 15:45 - 1401200 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
2011-07-31 17:35 - 2007-05-16 15:45 - 1124720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2011-07-31 17:35 - 2007-05-16 15:45 - 0506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
2011-07-31 17:35 - 2007-05-16 15:45 - 0443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2011-07-31 17:35 - 2007-04-04 17:55 - 0403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2011-07-31 17:35 - 2007-04-04 17:55 - 0261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2011-07-31 17:35 - 2007-04-04 17:54 - 0107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2011-07-31 17:35 - 2007-04-04 17:53 - 0081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2011-07-31 17:35 - 2007-03-15 15:57 - 0506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2011-07-31 17:35 - 2007-03-15 15:57 - 0443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2011-07-31 17:35 - 2007-03-12 15:42 - 4494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2011-07-31 17:35 - 2007-03-12 15:42 - 3495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2011-07-31 17:35 - 2007-03-12 15:42 - 1400176 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2011-07-31 17:35 - 2007-03-12 15:42 - 1123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2011-07-31 17:35 - 2007-03-05 11:42 - 0017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2011-07-31 17:35 - 2007-03-05 11:42 - 0015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2011-07-31 17:35 - 2007-01-24 14:27 - 0393576 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
2011-07-31 17:35 - 2007-01-24 14:27 - 0255848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2011-07-31 17:35 - 2006-12-08 11:02 - 0251672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2011-07-31 17:35 - 2006-12-08 11:00 - 0390424 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
2011-07-31 17:35 - 2006-11-29 12:06 - 0469264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
2011-07-31 17:35 - 2006-11-29 12:06 - 0440080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2011-07-31 17:35 - 2006-09-28 15:05 - 3977496 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
2011-07-31 17:35 - 2006-09-28 15:05 - 2414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2011-07-31 17:35 - 2006-09-28 15:05 - 0237848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2011-07-31 17:35 - 2006-09-28 15:04 - 0364824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
2011-07-31 17:35 - 2006-07-28 08:31 - 0083736 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
2011-07-31 17:35 - 2006-07-28 08:30 - 0363288 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
2011-07-31 17:35 - 2006-07-28 08:30 - 0236824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2011-07-31 17:35 - 2006-07-28 08:30 - 0062744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2011-07-31 17:35 - 2006-05-31 06:24 - 0230168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2011-07-31 17:35 - 2006-05-31 06:22 - 0354072 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
2011-07-31 17:35 - 2006-03-31 11:41 - 3927248 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
2011-07-31 17:35 - 2006-03-31 11:40 - 2388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2011-07-31 17:35 - 2006-03-31 11:40 - 0352464 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
2011-07-31 17:35 - 2006-03-31 11:39 - 0229584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2011-07-31 17:35 - 2006-03-31 11:39 - 0083664 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
2011-07-31 17:35 - 2006-03-31 11:39 - 0062672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2011-07-31 17:35 - 2006-02-03 07:43 - 3830992 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
2011-07-31 17:35 - 2006-02-03 07:43 - 2332368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2011-07-31 17:35 - 2006-02-03 07:42 - 0355536 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
2011-07-31 17:35 - 2006-02-03 07:42 - 0230096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2011-07-31 17:35 - 2006-02-03 07:41 - 0016592 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
2011-07-31 17:35 - 2006-02-03 07:41 - 0014032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2011-07-31 17:35 - 2005-12-05 17:09 - 3815120 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
2011-07-31 17:35 - 2005-12-05 17:09 - 2323664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2011-07-31 17:34 - 2005-07-22 18:59 - 3807440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
2011-07-31 17:34 - 2005-07-22 18:59 - 2319568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2011-07-31 17:34 - 2005-03-18 16:19 - 3823312 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
2011-07-31 17:34 - 2005-03-18 16:19 - 2337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2011-07-31 17:34 - 2005-02-05 18:45 - 3544272 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
2011-07-31 17:34 - 2005-02-05 18:45 - 2222800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2011-07-31 17:21 - 2011-07-31 17:35 - 0000000 ____D C:\Windows\SysWOW64\directx
2011-07-31 17:21 - 2011-07-31 17:34 - 0000000 ___HD C:\Windows\msdownld.tmp

============ 3 Months Modified Files and Folders =============

2011-08-27 09:31 - 2011-08-27 09:31 - 0000000 ____D C:\FRST
2011-08-24 22:58 - 2011-08-24 16:40 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-24 22:58 - 2011-07-31 18:50 - 0000000 ____D C:\users\UpdatusUser
2011-08-24 22:58 - 2011-07-22 18:36 - 0000000 ____D C:\Users\All Users\McAfee Security Scan
2011-08-24 22:58 - 2011-07-22 18:36 - 0000000 ____D C:\Users\All Users\Application Data\McAfee Security Scan
2011-08-24 22:58 - 2011-07-22 18:36 - 0000000 ____D C:\ProgramData\McAfee Security Scan
2011-08-24 22:58 - 2011-02-18 18:57 - 0000000 ____D C:\Users\Jim Wellman\Application Data\uTorrent
2011-08-24 22:58 - 2011-02-18 18:57 - 0000000 ____D C:\Users\Jim Wellman\AppData\Roaming\uTorrent
2011-08-24 22:58 - 2010-03-05 14:44 - 0000000 ____D C:\users\Jim Wellman
2011-08-24 22:58 - 2010-02-02 01:19 - 0000000 ____D C:\Users\All Users\NVIDIA
2011-08-24 22:58 - 2010-02-02 01:19 - 0000000 ____D C:\Users\All Users\Application Data\NVIDIA
2011-08-24 22:58 - 2010-02-02 01:19 - 0000000 ____D C:\ProgramData\NVIDIA
2011-08-24 22:58 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\servicing
2011-08-24 22:57 - 2009-07-14 02:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2011-08-24 22:57 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\registration
2011-08-24 17:23 - 2011-06-26 17:11 - 0524288 __ASH C:\Windows\System32\config\COMPONENTS{9906c6b6-a040-11e0-bea2-002564eba3a8}.TMContainer00000000000000000002.regtrans-ms
2011-08-24 17:23 - 2011-06-26 17:11 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{9906c6b6-a040-11e0-bea2-002564eba3a8}.TM.blf
2011-08-24 17:08 - 2010-03-14 12:18 - 0000000 ____D C:\Users\Jim Wellman\Tracing
2011-08-24 17:07 - 2010-02-02 03:13 - 2090164224 __ASH C:\hiberfil.sys
2011-08-24 17:06 - 2011-08-24 17:06 - 1590048 ___AH C:\Users\Jim Wellman\Local Settings\IconCache.db
2011-08-24 17:06 - 2011-08-24 17:06 - 1590048 ___AH C:\Users\Jim Wellman\Local Settings\Application Data\IconCache.db
2011-08-24 17:06 - 2011-08-24 17:06 - 1590048 ___AH C:\Users\Jim Wellman\AppData\Local\IconCache.db
2011-08-24 16:25 - 2009-07-14 00:10 - 1121799 ____A C:\Windows\WindowsUpdate.log
2011-08-24 16:24 - 2009-07-14 00:13 - 0747282 ____A C:\Windows\System32\PerfStringBackup.INI
2011-08-24 16:20 - 2011-08-05 19:54 - 0000000 ____D C:\Program Files (x86)\Steam
2011-08-24 10:09 - 2011-08-24 10:09 - 9466208 ____A (Malwarebytes Corporation ) C:\Users\Jim Wellman\Downloads\mbam-setup-1.51.1.1800.exe
2011-08-24 10:01 - 2011-08-24 10:01 - 0001205 ____A C:\Users\Public\Desktop\Quick Care.lnk
2011-08-24 10:01 - 2011-08-24 10:01 - 0001205 ____A C:\Users\All Users\Desktop\Quick Care.lnk
2011-08-24 10:01 - 2011-08-24 10:01 - 0001183 ____A C:\Users\Public\Desktop\Advanced SystemCare 4.lnk
2011-08-24 10:01 - 2011-08-24 10:01 - 0001183 ____A C:\Users\All Users\Desktop\Advanced SystemCare 4.lnk
2011-08-24 10:00 - 2011-08-24 10:00 - 30071680 ____A (IObit ) C:\Users\Jim Wellman\Downloads\asc-setup.exe
2011-08-23 22:49 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-08-23 22:49 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-08-23 12:17 - 2011-06-26 19:34 - 0000020 ____H C:\Users\All Users\PKP_DLbx.DAT
2011-08-23 12:17 - 2011-06-26 19:34 - 0000020 ____H C:\Users\All Users\Application Data\PKP_DLbx.DAT
2011-08-23 12:17 - 2011-06-26 19:34 - 0000020 ____H C:\ProgramData\PKP_DLbx.DAT
2011-08-22 22:20 - 2011-08-22 22:20 - 0197632 ____A (Delia Lsd Domed Heirs) C:\Users\Jim Wellman\Desktop\0.6478276640194541.exe
2011-08-21 21:00 - 2010-03-05 15:05 - 0000420 ____A C:\Windows\Tasks\SmartDefrag.job
2011-08-21 18:23 - 2011-08-21 18:21 - 0000000 ____D C:\Users\Jim Wellman\Downloads\LIMITLESS_UNRATED_2011_1080p_BluRay_QEBS_5_AAC51_PS3_MP4-FASM
2011-08-21 18:21 - 2011-08-21 18:21 - 0000905 ____A C:\Users\Public\Desktop\Torrent.lnk
2011-08-21 18:21 - 2011-08-21 18:21 - 0000905 ____A C:\Users\All Users\Desktop\Torrent.lnk
2011-08-21 18:21 - 2011-08-21 18:21 - 0000000 ____D C:\Program Files (x86)\uTorrent
2011-08-21 18:20 - 2011-08-21 18:20 - 0170876 ____A C:\Users\Jim Wellman\Downloads\LIMITLESS_UNRATED_2011_1080p_BluRay_QEBS_5_AAC51_PS3_MP4-FASM.6609149.TPB.torrent
2011-08-21 18:20 - 2011-08-21 18:20 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\uTorrent
2011-08-21 18:20 - 2011-08-21 18:20 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\Application Data\uTorrent
2011-08-21 18:20 - 2011-08-21 18:20 - 0000000 ____D C:\Users\Jim Wellman\AppData\Local\uTorrent
2011-08-20 15:54 - 2010-02-02 01:23 - 0000000 ____D C:\Program Files (x86)\Citrix
2011-08-20 15:09 - 2010-03-05 15:07 - 0000418 ____A C:\Windows\Tasks\AutoSmartDefrag.job
2011-08-20 15:09 - 2009-07-14 00:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-08-20 15:01 - 2011-08-20 15:01 - 0000000 ____D C:\Users\Jim Wellman\Application Data\Malwarebytes
2011-08-20 15:01 - 2011-08-20 15:01 - 0000000 ____D C:\Users\Jim Wellman\AppData\Roaming\Malwarebytes
2011-08-20 15:01 - 2011-08-20 15:01 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-08-20 15:01 - 2011-08-20 15:01 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2011-08-20 15:01 - 2011-08-20 15:01 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-08-20 14:50 - 2011-08-20 14:50 - 0110456 ____A C:\Users\Jim Wellman\g2ax_customer_downloadhelper_win32_x86.exe
2011-08-20 14:50 - 2011-08-20 14:50 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\Citrix
2011-08-20 14:50 - 2011-08-20 14:50 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\Application Data\Citrix
2011-08-20 14:50 - 2011-08-20 14:50 - 0000000 ____D C:\Users\Jim Wellman\AppData\Local\Citrix
2011-08-20 14:48 - 2011-08-20 14:48 - 0000405 ____A C:\rkill.log
2011-08-20 14:09 - 2011-08-18 20:21 - 0012908 __ASH C:\Users\Jim Wellman\Local Settings\Application Data\23j10747gywo60hk5q6pg37857d86kdg0busyq5cjl27
2011-08-20 14:09 - 2011-08-18 20:21 - 0012908 __ASH C:\Users\Jim Wellman\Local Settings\23j10747gywo60hk5q6pg37857d86kdg0busyq5cjl27
2011-08-20 14:09 - 2011-08-18 20:21 - 0012908 __ASH C:\Users\Jim Wellman\AppData\Local\23j10747gywo60hk5q6pg37857d86kdg0busyq5cjl27
2011-08-20 14:09 - 2011-08-18 20:21 - 0012908 __ASH C:\Users\All Users\Application Data\23j10747gywo60hk5q6pg37857d86kdg0busyq5cjl27
2011-08-20 14:09 - 2011-08-18 20:21 - 0012908 __ASH C:\Users\All Users\23j10747gywo60hk5q6pg37857d86kdg0busyq5cjl27
2011-08-20 14:09 - 2011-08-18 20:21 - 0012908 __ASH C:\ProgramData\23j10747gywo60hk5q6pg37857d86kdg0busyq5cjl27
2011-08-20 14:07 - 2010-03-05 14:51 - 0007144 ____A C:\Users\Jim Wellman\Application Data\wklnhst.dat
2011-08-20 14:07 - 2010-03-05 14:51 - 0007144 ____A C:\Users\Jim Wellman\AppData\Roaming\wklnhst.dat
2011-08-20 13:26 - 2011-08-20 13:26 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\PowerDVD DX
2011-08-20 13:26 - 2011-08-20 13:26 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\Application Data\PowerDVD DX
2011-08-20 13:26 - 2011-08-20 13:26 - 0000000 ____D C:\Users\Jim Wellman\AppData\Local\PowerDVD DX
2011-08-20 13:26 - 2011-08-20 13:26 - 0000000 ____D C:\Users\All Users\CyberLink
2011-08-20 13:26 - 2011-08-20 13:26 - 0000000 ____D C:\Users\All Users\Application Data\CyberLink
2011-08-20 13:26 - 2011-08-20 13:26 - 0000000 ____D C:\ProgramData\CyberLink
2011-08-20 13:04 - 2011-02-28 13:32 - 0746438 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-08-20 12:58 - 2010-02-02 01:43 - 0000072 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log
2011-08-20 12:58 - 2010-02-02 01:27 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2011-08-18 20:32 - 2010-03-05 14:44 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\SoftThinks
2011-08-18 20:32 - 2010-03-05 14:44 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\Application Data\SoftThinks
2011-08-18 20:32 - 2010-03-05 14:44 - 0000000 ____D C:\Users\Jim Wellman\AppData\Local\SoftThinks
2011-08-18 20:06 - 2011-08-18 20:06 - 0000036 ____A C:\Users\Jim Wellman\Local Settings\housecall.guid.cache
2011-08-18 20:06 - 2011-08-18 20:06 - 0000036 ____A C:\Users\Jim Wellman\Local Settings\Application Data\housecall.guid.cache
2011-08-18 20:06 - 2011-08-18 20:06 - 0000036 ____A C:\Users\Jim Wellman\AppData\Local\housecall.guid.cache
2011-08-18 19:45 - 2011-08-18 19:45 - 0000000 ____D C:\Users\Jim Wellman\Desktop\backup
2011-08-18 19:30 - 2011-08-18 19:30 - 0000017 ____A C:\Users\Jim Wellman\Local Settings\resmon.resmoncfg
2011-08-18 19:30 - 2011-08-18 19:30 - 0000017 ____A C:\Users\Jim Wellman\Local Settings\Application Data\resmon.resmoncfg
2011-08-18 19:30 - 2011-08-18 19:30 - 0000017 ____A C:\Users\Jim Wellman\AppData\Local\resmon.resmoncfg
2011-08-18 19:14 - 2011-08-18 19:14 - 0000000 ____D C:\Users\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-08-18 19:14 - 2011-08-18 19:14 - 0000000 ____D C:\Users\All Users\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-08-18 19:14 - 2011-08-18 19:14 - 0000000 ____D C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-08-18 19:14 - 2011-08-18 19:12 - 0000000 ____D C:\Users\All Users\RegWork
2011-08-18 19:14 - 2011-08-18 19:12 - 0000000 ____D C:\Users\All Users\Application Data\RegWork
2011-08-18 19:14 - 2011-08-18 19:12 - 0000000 ____D C:\ProgramData\RegWork
2011-08-18 19:12 - 2011-08-18 19:12 - 0000350 ____A C:\Windows\Tasks\Regwork.job
2011-08-18 19:09 - 2011-08-18 19:09 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\PackageAware
2011-08-18 19:09 - 2011-08-18 19:09 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\Application Data\PackageAware
2011-08-18 19:09 - 2011-08-18 19:09 - 0000000 ____D C:\Users\Jim Wellman\AppData\Local\PackageAware
2011-08-17 20:07 - 2011-08-17 20:07 - 0000000 ____D C:\Program Files (x86)\7-Zip
2011-08-16 21:07 - 2011-02-28 13:32 - 0000000 ____D C:\Program Files\Microsoft Security Client
2011-08-12 09:06 - 2011-02-28 13:32 - 0001945 ____A C:\Windows\epplauncher.mif
2011-08-12 09:05 - 2011-08-12 09:05 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2011-08-12 02:05 - 2010-03-05 15:54 - 54065608 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-08-12 02:04 - 2011-03-03 14:06 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-08-12 02:04 - 2011-03-03 14:06 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2011-08-12 02:04 - 2011-03-03 14:06 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-08-08 20:51 - 2011-08-04 15:31 - 0000000 ____D C:\Users\All Users\AVG10
2011-08-08 20:51 - 2011-08-04 15:31 - 0000000 ____D C:\Users\All Users\Application Data\AVG10
2011-08-08 20:51 - 2011-08-04 15:31 - 0000000 ____D C:\ProgramData\AVG10
2011-08-08 20:47 - 2011-07-22 11:48 - 0000000 ____D C:\Users\Jim Wellman\Application Data\Mozilla
2011-08-08 20:47 - 2011-07-22 11:48 - 0000000 ____D C:\Users\Jim Wellman\AppData\Roaming\Mozilla
2011-08-08 20:45 - 2010-03-05 15:05 - 0000000 ____D C:\Program Files (x86)\IObit
2011-08-08 20:45 - 2010-02-02 01:27 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-08-08 20:39 - 2009-07-14 00:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2011-08-08 20:38 - 2011-08-04 15:30 - 0000000 ____D C:\Program Files (x86)\AVG
2011-08-08 20:38 - 2011-08-04 15:17 - 0000000 ____D C:\Users\All Users\MFAData
2011-08-08 20:38 - 2011-08-04 15:17 - 0000000 ____D C:\Users\All Users\Application Data\MFAData
2011-08-08 20:38 - 2011-08-04 15:17 - 0000000 ____D C:\ProgramData\MFAData
2011-08-08 20:24 - 2011-08-04 15:31 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2011-08-08 20:22 - 2011-07-31 18:48 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2011-08-08 20:20 - 2011-02-20 19:12 - 0000000 ____D C:\Program Files (x86)\Bejeweled 3
2011-08-05 18:32 - 2010-03-05 15:05 - 0000000 ____D C:\Users\Jim Wellman\Application Data\IObit
2011-08-05 18:32 - 2010-03-05 15:05 - 0000000 ____D C:\Users\Jim Wellman\AppData\Roaming\IObit
2011-08-04 17:07 - 2011-08-02 19:52 - 0000000 ____D C:\Users\All Users\DAEMON Tools Lite
2011-08-04 17:07 - 2011-08-02 19:52 - 0000000 ____D C:\Users\All Users\Application Data\DAEMON Tools Lite
2011-08-04 17:07 - 2011-08-02 19:52 - 0000000 ____D C:\ProgramData\DAEMON Tools Lite
2011-08-04 17:00 - 2011-08-04 17:00 - 0000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2011-08-04 17:00 - 2011-08-04 17:00 - 0000000 ____D C:\Users\All Users\Documents\DAEMON Tools Images
2011-08-04 17:00 - 2011-08-02 19:52 - 0000000 ____D C:\Users\Jim Wellman\Application Data\DAEMON Tools Lite
2011-08-04 17:00 - 2011-08-02 19:52 - 0000000 ____D C:\Users\Jim Wellman\AppData\Roaming\DAEMON Tools Lite
2011-08-04 16:27 - 2011-06-26 17:11 - 0524288 __ASH C:\Windows\System32\config\COMPONENTS{9906c6b6-a040-11e0-bea2-002564eba3a8}.TMContainer00000000000000000001.regtrans-ms
2011-08-04 15:33 - 2011-08-04 15:33 - 0000000 ____D C:\Users\Jim Wellman\Application Data\AVG10
2011-08-04 15:33 - 2011-08-04 15:33 - 0000000 ____D C:\Users\Jim Wellman\AppData\Roaming\AVG10
2011-08-02 20:07 - 2011-08-02 20:07 - 0000000 ____D C:\Program Files (x86)\Elaborate Bytes
2011-08-02 20:07 - 2011-08-02 20:06 - 1587696 ____A C:\Users\Jim Wellman\Downloads\SetupVirtualCloneDrive5450.exe
2011-08-02 02:00 - 2009-07-13 22:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-08-01 19:34 - 2011-08-01 19:34 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\My Games
2011-08-01 19:34 - 2011-08-01 19:34 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\Application Data\My Games
2011-08-01 19:34 - 2011-08-01 19:34 - 0000000 ____D C:\Users\Jim Wellman\AppData\Local\My Games
2011-08-01 19:34 - 2011-04-05 17:28 - 0000000 ____D C:\Users\Jim Wellman\My Documents\My Games
2011-08-01 19:34 - 2011-04-05 17:28 - 0000000 ____D C:\Users\Jim Wellman\Documents\My Games
2011-07-31 18:50 - 2011-07-31 18:50 - 0000020 __ASH C:\Users\UpdatusUser\ntuser.ini
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\Templates
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\Start Menu
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\PrintHood
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\NetHood
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\My Documents\My Videos
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\My Documents\My Pictures
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\My Documents\My Music
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\My Documents
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\Local Settings\Temporary Internet Files
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\Local Settings\History
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\Local Settings\Application Data\Temporary Internet Files
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\Local Settings\Application Data\History
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Videos
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Pictures
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Music
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\History
2011-07-31 18:50 - 2011-07-31 18:50 - 0000000 ____D C:\Users\UpdatusUser\AppData\LocalLow
2011-07-31 18:50 - 2011-07-31 18:49 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2011-07-31 18:48 - 2011-07-31 18:48 - 0000000 ____D C:\Users\All Users\NVIDIA Corporation
2011-07-31 18:48 - 2011-07-31 18:48 - 0000000 ____D C:\Users\All Users\Application Data\NVIDIA Corporation
2011-07-31 18:48 - 2011-07-31 18:48 - 0000000 ____D C:\ProgramData\NVIDIA Corporation
2011-07-31 18:47 - 2011-07-31 18:47 - 0000000 ____D C:\NVIDIA
2011-07-31 18:41 - 2010-03-05 14:44 - 0206712 ____A C:\Users\Jim Wellman\Local Settings\GDIPFONTCACHEV1.DAT
2011-07-31 18:41 - 2010-03-05 14:44 - 0206712 ____A C:\Users\Jim Wellman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2011-07-31 18:41 - 2010-03-05 14:44 - 0206712 ____A C:\Users\Jim Wellman\AppData\Local\GDIPFONTCACHEV1.DAT
2011-07-31 18:41 - 2009-07-13 23:45 - 0637920 ____A C:\Windows\System32\FNTCACHE.DAT
2011-07-31 17:35 - 2011-07-31 17:21 - 0000000 ____D C:\Windows\SysWOW64\directx
2011-07-31 17:34 - 2011-07-31 17:21 - 0000000 ___HD C:\Windows\msdownld.tmp
2011-07-29 20:01 - 2011-04-17 20:10 - 0000000 ____D C:\Windows\Minidump
2011-07-26 19:26 - 2011-07-22 18:36 - 0001866 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2011-07-26 19:26 - 2011-07-22 18:36 - 0001866 ____A C:\Users\All Users\Desktop\McAfee Security Scan Plus.lnk
2011-07-26 19:26 - 2011-07-22 18:36 - 0001864 ____A C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
2011-07-26 19:26 - 2011-07-22 18:36 - 0000000 ____D C:\Program Files (x86)\McAfee Security Scan
2011-07-25 08:48 - 2010-03-05 14:44 - 0000000 ____D C:\Users\Jim Wellman\AppData\LocalLow
2011-07-22 18:37 - 2011-07-22 12:44 - 0069632 ____A C:\Users\Jim Wellman\My Documents\leepa page.wps
2011-07-22 18:37 - 2011-07-22 12:44 - 0069632 ____A C:\Users\Jim Wellman\Documents\leepa page.wps
2011-07-22 18:36 - 2011-07-22 18:36 - 0404640 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-07-22 18:36 - 2010-02-02 01:38 - 0000000 ____D C:\Users\All Users\McAfee
2011-07-22 18:36 - 2010-02-02 01:38 - 0000000 ____D C:\Users\All Users\Application Data\McAfee
2011-07-22 18:36 - 2010-02-02 01:38 - 0000000 ____D C:\ProgramData\McAfee
2011-07-22 12:36 - 2010-03-05 15:36 - 0000000 ____D C:\Users\Jim Wellman\My Documents\My Scans
2011-07-22 12:36 - 2010-03-05 15:36 - 0000000 ____D C:\Users\Jim Wellman\Documents\My Scans
2011-07-22 12:04 - 2011-07-22 12:04 - 0069632 ____A C:\Users\Jim Wellman\Downloads\leepa page.wps
2011-07-22 11:48 - 2011-07-22 11:48 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\Mozilla
2011-07-22 11:48 - 2011-07-22 11:48 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\Application Data\Mozilla
2011-07-22 11:48 - 2011-07-22 11:48 - 0000000 ____D C:\Users\Jim Wellman\AppData\Local\Mozilla
2011-07-22 11:48 - 2011-07-22 11:48 - 0000000 ____A C:\Windows\nsreg.dat
2011-07-22 09:25 - 2011-07-22 09:25 - 0000268 ___RH C:\Users\Jim Wellman\Application Data\Applause and Laugher
2011-07-22 09:25 - 2011-07-22 09:25 - 0000268 ___RH C:\Users\Jim Wellman\Application Data\Animals
2011-07-22 09:25 - 2011-07-22 09:25 - 0000268 ___RH C:\Users\Jim Wellman\AppData\Roaming\Applause and Laugher
2011-07-22 09:25 - 2011-07-22 09:25 - 0000268 ___RH C:\Users\Jim Wellman\AppData\Roaming\Animals
2011-07-22 09:25 - 2011-07-22 09:25 - 0000268 ___RH C:\Users\All Users\Audio
2011-07-22 09:25 - 2011-07-22 09:25 - 0000268 ___RH C:\Users\All Users\Applications
2011-07-22 09:25 - 2011-07-22 09:25 - 0000268 ___RH C:\Users\All Users\Application Data\Audio
2011-07-22 09:25 - 2011-07-22 09:25 - 0000268 ___RH C:\Users\All Users\Application Data\Applications
2011-07-22 09:25 - 2011-07-22 09:25 - 0000268 ___RH C:\ProgramData\Audio
2011-07-22 09:25 - 2011-07-22 09:25 - 0000268 ___RH C:\ProgramData\Applications
2011-07-22 09:25 - 2011-07-22 09:25 - 0000020 ____H C:\Users\All Users\PKP_DLck.DAT
2011-07-22 09:25 - 2011-07-22 09:25 - 0000020 ____H C:\Users\All Users\Application Data\PKP_DLck.DAT
2011-07-22 09:25 - 2011-07-22 09:25 - 0000020 ____H C:\ProgramData\PKP_DLck.DAT
2011-07-22 09:25 - 2011-07-22 09:25 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\Nikon
2011-07-22 09:25 - 2011-07-22 09:25 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\Application Data\Nikon
2011-07-22 09:25 - 2011-07-22 09:25 - 0000000 ____D C:\Users\Jim Wellman\AppData\Local\Nikon
2011-07-22 09:25 - 2011-07-22 09:25 - 0000000 ____D C:\Users\All Users\Database
2011-07-22 09:25 - 2011-07-22 09:25 - 0000000 ____D C:\Users\All Users\Contents
2011-07-22 09:25 - 2011-07-22 09:25 - 0000000 ____D C:\Users\All Users\Application Data\Database
2011-07-22 09:25 - 2011-07-22 09:25 - 0000000 ____D C:\Users\All Users\Application Data\Contents
2011-07-22 09:25 - 2011-07-22 09:25 - 0000000 ____D C:\ProgramData\Database
2011-07-22 09:25 - 2011-07-22 09:25 - 0000000 ____D C:\ProgramData\Contents
2011-07-22 09:25 - 2010-03-12 11:40 - 0000000 ____D C:\Users\Jim Wellman\Application Data\Nikon
2011-07-22 09:25 - 2010-03-12 11:40 - 0000000 ____D C:\Users\Jim Wellman\AppData\Roaming\Nikon
2011-07-22 09:25 - 2010-03-12 11:04 - 0000000 ____D C:\Users\All Users\Ultima_T15
2011-07-22 09:25 - 2010-03-12 11:04 - 0000000 ____D C:\Users\All Users\EnterNHelp
2011-07-22 09:25 - 2010-03-12 11:04 - 0000000 ____D C:\Users\All Users\Application Data\Ultima_T15
2011-07-22 09:25 - 2010-03-12 11:04 - 0000000 ____D C:\Users\All Users\Application Data\EnterNHelp
2011-07-22 09:25 - 2010-03-12 11:04 - 0000000 ____D C:\ProgramData\Ultima_T15
2011-07-22 09:25 - 2010-03-12 11:04 - 0000000 ____D C:\ProgramData\EnterNHelp
2011-07-22 02:34 - 2011-08-11 08:14 - 9322496 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-07-22 01:38 - 2011-08-11 08:14 - 5989376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-07-22 00:35 - 2011-08-11 08:14 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-07-21 23:56 - 2011-08-11 08:14 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-07-16 00:26 - 2011-08-11 08:14 - 0362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2011-07-16 00:26 - 2011-08-11 08:14 - 0243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2011-07-16 00:26 - 2011-08-11 08:14 - 0214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2011-07-16 00:26 - 2011-08-11 08:14 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2011-07-16 00:24 - 2011-08-11 08:14 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2011-07-16 00:21 - 2011-08-11 08:14 - 1162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2011-07-16 00:21 - 2011-08-11 08:14 - 0422400 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2011-07-16 00:17 - 2011-08-11 08:14 - 0338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2011-07-16 00:04 - 2011-08-11 08:14 - 0006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 00:04 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2011-07-15 23:36 - 2011-08-11 08:14 - 0014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2011-07-15 23:31 - 2011-08-11 08:14 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2011-07-15 23:30 - 2011-08-11 08:14 - 1048576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2011-07-15 23:30 - 2011-08-11 08:14 - 0272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2011-07-15 23:30 - 2011-08-11 08:14 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2011-07-15 23:19 - 2011-08-11 08:14 - 0005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-15 23:19 - 2011-08-11 08:14 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-15 23:19 - 2011-08-11 08:14 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-15 23:19 - 2011-08-11 08:14 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-15 23:19 - 2011-08-11 08:14 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-15 23:19 - 2011-08-11 08:14 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-15 23:19 - 2011-08-11 08:14 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-15 23:19 - 2011-08-11 08:14 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-15 23:19 - 2011-08-11 08:14 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-15 23:19 - 2011-08-11 08:14 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-15 23:19 - 2011-08-11 08:14 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-15 23:19 - 2011-08-11 08:14 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-15 23:19 - 2011-08-11 08:14 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-15 23:19 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-15 23:19 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-15 23:19 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-15 23:19 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-15 23:19 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-15 23:19 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-15 23:19 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-15 23:19 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-15 23:19 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-15 23:19 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-15 23:19 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-15 21:26 - 2011-08-11 08:14 - 0007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2011-07-15 21:26 - 2011-08-11 08:14 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2011-07-15 21:21 - 2011-08-11 08:14 - 0006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-15 21:21 - 2011-08-11 08:14 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-15 21:21 - 2011-08-11 08:14 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-15 21:21 - 2011-08-11 08:14 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-08 21:44 - 2011-08-11 08:14 - 0287744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2011-07-06 20:42 - 2011-07-31 18:42 - 3148904 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2011-07-06 18:52 - 2011-08-20 15:01 - 0025912 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-06-26 21:07 - 2011-06-26 21:00 - 0016384 ____A C:\Users\Jim Wellman\Downloads\computer instructions-Andy camera to computer-copy-folder in mypictures-email.wps
2011-06-26 19:38 - 2011-06-26 19:38 - 0002147 ____A C:\Users\Public\Desktop\Thumbnail Selector.lnk
2011-06-26 19:38 - 2011-06-26 19:38 - 0002147 ____A C:\Users\All Users\Desktop\Thumbnail Selector.lnk
2011-06-26 19:38 - 2011-06-26 19:38 - 0000268 ___RH C:\Users\Jim Wellman\Application Data\Sounds
2011-06-26 19:38 - 2011-06-26 19:38 - 0000268 ___RH C:\Users\Jim Wellman\AppData\Roaming\Sounds
2011-06-26 19:38 - 2011-06-26 19:38 - 0000268 ___RH C:\Users\All Users\Specifications
2011-06-26 19:38 - 2011-06-26 19:38 - 0000268 ___RH C:\Users\All Users\Application Data\Specifications
2011-06-26 19:38 - 2011-06-26 19:38 - 0000268 ___RH C:\ProgramData\Specifications
2011-06-26 19:38 - 2011-06-26 19:38 - 0000020 ____H C:\Users\All Users\PKP_DLdx.DAT
2011-06-26 19:38 - 2011-06-26 19:38 - 0000020 ____H C:\Users\All Users\Application Data\PKP_DLdx.DAT
2011-06-26 19:38 - 2011-06-26 19:38 - 0000020 ____H C:\ProgramData\PKP_DLdx.DAT
2011-06-26 19:38 - 2011-06-26 19:38 - 0000012 ___RH C:\Users\All Users\StatusSheet
2011-06-26 19:38 - 2011-06-26 19:38 - 0000012 ___RH C:\Users\All Users\Application Data\StatusSheet
2011-06-26 19:38 - 2011-06-26 19:38 - 0000012 ___RH C:\ProgramData\StatusSheet
2011-06-26 19:38 - 2010-03-12 11:06 - 0000000 ____D C:\Program Files (x86)\Nikon
2011-06-26 19:37 - 2011-06-26 19:37 - 0002123 ____A C:\Users\Public\Desktop\WT-4 Setup Utility.lnk
2011-06-26 19:37 - 2011-06-26 19:37 - 0002123 ____A C:\Users\All Users\Desktop\WT-4 Setup Utility.lnk
2011-06-26 19:36 - 2011-06-26 19:36 - 0000268 ___RH C:\Users\Jim Wellman\Application Data\Speech Enhancer
2011-06-26 19:36 - 2011-06-26 19:36 - 0000268 ___RH C:\Users\Jim Wellman\AppData\Roaming\Speech Enhancer
2011-06-26 19:36 - 2011-06-26 19:36 - 0000020 ____H C:\Users\All Users\PKP_DLeq.DAT
2011-06-26 19:36 - 2011-06-26 19:36 - 0000020 ____H C:\Users\All Users\Application Data\PKP_DLeq.DAT
2011-06-26 19:36 - 2011-06-26 19:36 - 0000020 ____H C:\ProgramData\PKP_DLeq.DAT
2011-06-26 19:36 - 2011-06-26 19:36 - 0000012 ___RH C:\Users\All Users\Synth Leads
2011-06-26 19:36 - 2011-06-26 19:36 - 0000012 ___RH C:\Users\All Users\Application Data\Synth Leads
2011-06-26 19:36 - 2011-06-26 19:36 - 0000012 ___RH C:\ProgramData\Synth Leads
2011-06-26 19:36 - 2010-03-12 11:04 - 0000268 ___RH C:\Users\All Users\StartupItems
2011-06-26 19:36 - 2010-03-12 11:04 - 0000268 ___RH C:\Users\All Users\Application Data\StartupItems
2011-06-26 19:36 - 2010-03-12 11:04 - 0000268 ___RH C:\ProgramData\StartupItems
2011-06-26 19:35 - 2011-06-26 19:35 - 0001151 ____A C:\Users\Public\Desktop\Capture NX 2.lnk
2011-06-26 19:35 - 2011-06-26 19:35 - 0001151 ____A C:\Users\All Users\Desktop\Capture NX 2.lnk
2011-06-26 19:17 - 2010-02-02 01:29 - 0106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ATL71.DLL
2011-06-26 17:07 - 2010-03-12 11:04 - 0000020 ____H C:\Users\All Users\PKP_DLdu.DAT
2011-06-26 17:07 - 2010-03-12 11:04 - 0000020 ____H C:\Users\All Users\Application Data\PKP_DLdu.DAT
2011-06-26 17:07 - 2010-03-12 11:04 - 0000020 ____H C:\ProgramData\PKP_DLdu.DAT
2011-06-26 17:05 - 2011-06-22 15:45 - 0524288 __ASH C:\Windows\System32\config\COMPONENTS{27f01db5-9d10-11e0-a66f-002564eba3a8}.TMContainer00000000000000000001.regtrans-ms
2011-06-26 17:05 - 2011-06-22 15:45 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{27f01db5-9d10-11e0-a66f-002564eba3a8}.TM.blf
2011-06-25 10:34 - 2011-06-25 09:30 - 0016896 ____A C:\Users\Jim Wellman\Downloads\Smmy and Jasper Kennel notes.wps
2011-06-23 00:29 - 2011-08-11 08:14 - 5507968 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-06-22 23:38 - 2011-08-11 08:14 - 3957120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2011-06-22 23:38 - 2011-08-11 08:14 - 3902336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2011-06-22 15:56 - 2011-06-22 15:45 - 0524288 __ASH C:\Windows\System32\config\COMPONENTS{27f01db5-9d10-11e0-a66f-002564eba3a8}.TMContainer00000000000000000002.regtrans-ms
2011-06-21 01:27 - 2011-08-11 08:14 - 1896832 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-06-21 01:20 - 2011-08-11 08:14 - 1499648 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-06-21 01:20 - 2011-08-11 08:14 - 1197056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-06-21 01:20 - 2011-08-11 08:14 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-06-21 01:20 - 2011-08-11 08:14 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-06-21 01:20 - 2011-08-11 08:14 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-06-21 01:20 - 2011-08-11 08:14 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-06-21 01:20 - 2011-08-11 08:14 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-06-21 01:20 - 2011-08-11 08:14 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-06-21 01:19 - 2011-08-11 08:14 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-06-21 01:19 - 2011-08-11 08:14 - 12371456 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-06-21 01:19 - 2011-08-11 08:14 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-06-21 01:19 - 2011-08-11 08:14 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-06-21 01:19 - 2011-08-11 08:14 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-06-21 01:19 - 2011-08-11 08:14 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-06-21 01:17 - 2011-08-11 08:14 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-06-21 00:36 - 2011-08-11 08:14 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-06-21 00:36 - 2011-08-11 08:14 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-06-21 00:36 - 2011-08-11 08:14 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-06-21 00:35 - 2011-08-11 08:14 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-06-21 00:35 - 2011-08-11 08:14 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-06-21 00:35 - 2011-08-11 08:14 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-06-21 00:35 - 2011-08-11 08:14 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-06-21 00:35 - 2011-08-11 08:14 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-06-21 00:34 - 2011-08-11 08:14 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-06-21 00:34 - 2011-08-11 08:14 - 10989568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-06-21 00:34 - 2011-08-11 08:14 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-06-21 00:34 - 2011-08-11 08:14 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-06-21 00:34 - 2011-08-11 08:14 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-06-21 00:34 - 2011-08-11 08:14 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-06-21 00:32 - 2011-08-11 08:14 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-06-21 00:05 - 2011-08-11 08:14 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-06-20 23:26 - 2011-08-11 08:14 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-06-20 17:09 - 2010-03-05 20:35 - 0000000 ____D C:\Users\Jim Wellman\My Documents\TurboTax
2011-06-20 17:09 - 2010-03-05 20:35 - 0000000 ____D C:\Users\Jim Wellman\Documents\TurboTax
2011-06-20 12:54 - 2011-06-20 12:36 - 0524288 __ASH C:\Windows\System32\config\COMPONENTS{5f6d9735-9b63-11e0-a2b0-002564eba3a8}.TMContainer00000000000000000002.regtrans-ms
2011-06-20 12:54 - 2011-06-20 12:36 - 0524288 __ASH C:\Windows\System32\config\COMPONENTS{5f6d9735-9b63-11e0-a2b0-002564eba3a8}.TMContainer00000000000000000001.regtrans-ms
2011-06-20 12:54 - 2011-06-20 12:36 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{5f6d9735-9b63-11e0-a2b0-002564eba3a8}.TM.blf
2011-06-18 11:11 - 2011-06-07 13:12 - 0524288 __ASH C:\Windows\System32\config\COMPONENTS{46174c81-912b-11e0-be0f-002564eba3a8}.TMContainer00000000000000000001.regtrans-ms
2011-06-18 11:11 - 2011-06-07 13:12 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{46174c81-912b-11e0-be0f-002564eba3a8}.TM.blf
2011-06-16 21:10 - 2010-02-02 01:35 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-06-16 00:31 - 2011-08-11 08:14 - 0199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2011-06-15 23:35 - 2011-08-11 08:14 - 0180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2011-06-15 04:58 - 2011-08-11 08:14 - 0212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2011-06-15 04:58 - 2011-08-11 08:14 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2011-06-15 04:58 - 2011-08-11 08:14 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2011-06-15 04:58 - 2011-08-11 08:14 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2011-06-15 04:04 - 2011-08-11 08:14 - 0319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2011-06-15 04:04 - 2011-08-11 08:14 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2011-06-15 04:04 - 2011-08-11 08:14 - 0122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2011-06-15 04:04 - 2011-08-11 08:14 - 0086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2011-06-15 04:04 - 2011-08-11 08:14 - 0081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2011-06-14 19:35 - 2011-07-31 18:42 - 0625752 ____A (Creative Technology Ltd.) C:\Windows\System32\MBTHX64.dll
2011-06-13 10:34 - 2011-06-13 09:21 - 0046592 ____A C:\Users\Jim Wellman\Downloads\C letter.wps
2011-06-10 21:56 - 2011-07-17 13:32 - 3134464 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-06-08 15:08 - 2010-03-22 19:44 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\ElevatedDiagnostics
2011-06-08 15:08 - 2010-03-22 19:44 - 0000000 ____D C:\Users\Jim Wellman\Local Settings\Application Data\ElevatedDiagnostics
2011-06-08 15:08 - 2010-03-22 19:44 - 0000000 ____D C:\Users\Jim Wellman\AppData\Local\ElevatedDiagnostics
2011-06-07 13:12 - 2011-06-07 13:12 - 0524288 __ASH C:\Windows\System32\config\COMPONENTS{46174c81-912b-11e0-be0f-002564eba3a8}.TMContainer00000000000000000002.regtrans-ms
2011-06-05 16:22 - 2011-05-28 21:39 - 0524288 __ASH C:\Windows\System32\config\COMPONENTS{619c8d56-899c-11e0-b78f-002564eba3a8}.TMContainer00000000000000000001.regtrans-ms
2011-06-05 16:22 - 2011-05-28 21:39 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{619c8d56-899c-11e0-b78f-002564eba3a8}.TM.blf
2011-05-28 21:57 - 2011-05-28 21:39 - 0524288 __ASH C:\Windows\System32\config\COMPONENTS{619c8d56-899c-11e0-b78f-002564eba3a8}.TMContainer00000000000000000002.regtrans-ms

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8119.12 MB
Available physical RAM: 7344.56 MB
Total Pagefile: 8117.27 MB
Available Pagefile: 7335.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:916.82 GB) (Free:852.21 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.9 GB) NTFS
7 Drive i: () (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==========================================================

Last Boot: 2011-08-23 03:11

======================= End Of Log ==========================

#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,576 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:51 PM

Posted 27 August 2011 - 12:12 AM

Download MBRFix from here.

Save and extract its contents to your desktop. Open the folder and move or copy the mbrfix64.exe to the USB drive.

Plug the flashdrive into the infected PC.

Enter the Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type the following and poress Enter:

e:MbrFix64 /drive 0 savembr e:\MBRDUMP.txt

Note: Replace letter e with the drive letter of your flash drive.

Leave a space amond the following arguments:

e:MbrFix64
/drive
0
savembr
e:\MBRDUMP.txt


The drive is Drive zero (Drive 0)


[*]It will create a file, MBRDUMP.txt on the flash drive. Please attach it to your reply.[/list]

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 andy0110

andy0110
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 27 August 2011 - 12:42 PM

3м |ؾ |  Ph`G*N ED.p&hb@ :! 7&7` 3AL }J@IS  t` ǁO>QRfǁ3l` @3J@@ KE.pnLubú>Q 21|TDNpD6#W kxW"<r"7@E] @x7@'8 㢵'8"r"'8 0bl0IWօf0|ЈGhJ8b y1@ T~jI :  )@O-' on table Error loading operating system Missing operating sys em bzP1  ?? 9  @   er

This does not look good. What does this mean? Thanks for your help. U

#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,576 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:51 PM

Posted 27 August 2011 - 04:16 PM

You need to attach that report, rather than posting its contents. It is a hex file.

Meanwhile, download the enclosed file.

Save it to the USB drive. Insert the drive in the ailing computer and run FRST64 as you did before.

This time around press the Fix button just once and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post this log in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users