Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect problem


  • This topic is locked This topic is locked
18 replies to this topic

#1 Schnitzel

Schnitzel

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 01 February 2012 - 07:08 PM

I have a redirect virus or something and need assistance from someone who knows this stuff. I copied a hijackthis log below if that is a help in starting the process. I appreciate all the help I can get. :huh: BTW...I am new to this forum.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:05:24 PM, on 2/1/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Safe mode with network support

Running processes:
C:\Users\ckeller\AppData\Roaming\52E60\32737.exe
C:\Program Files (x86)\LP\37F5\150.exe
C:\Program Files (x86)\601A3\lvvm.exe
E:\SpywareBlaster\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = First Evangelical Free Church
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:61879
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\ckeller\AppData\Roaming\601A3\lvvm.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [150.exe] C:\Program Files (x86)\LP\37F5\150.exe
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\ckeller\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [150.exe] C:\Users\ckeller\AppData\Roaming\Microsoft\37F5\150.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11382 bytes

BC AdBot (Login to Remove)

 


#2 Schnitzel

Schnitzel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 01 February 2012 - 07:12 PM

Note: the first log posted was run in safe mode. here is a log run in normal mode. :wacko:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:11:49 PM, on 2/1/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Users\ckeller\AppData\Roaming\52E60\32737.exe
C:\Users\ckeller\AppData\Roaming\601A3\lvvm.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\ckeller\AppData\Roaming\Microsoft\37F5\150.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
E:\SpywareBlaster\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = First Evangelical Free Church
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:61879
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\ckeller\AppData\Roaming\601A3\lvvm.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [150.exe] C:\Program Files (x86)\LP\37F5\150.exe
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\ckeller\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [150.exe] C:\Users\ckeller\AppData\Roaming\Microsoft\37F5\150.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12070 bytes

#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:06 AM

Posted 02 February 2012 - 03:46 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

NEXT:


Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. Farbar Service Scanner log file.
3. aswMBR log file.
4. OTL.txt & Extras.txt log files.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:06 AM

Posted 07 February 2012 - 03:53 AM

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:06 AM

Posted 11 February 2012 - 11:48 AM

This topic has been re-opened at the request of the person who originally posted.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 Schnitzel

Schnitzel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 11 February 2012 - 12:00 PM

1. Thanks for your help thus far... I don't have comments or questions yet.

2. Farbar log

Farbar Service Scanner Version: 10-02-2012
Ran by ckeller (administrator) on 11-02-2012 at 10:38:00
Running from "\\mybookworld\public\Public\GreenwaltN\Applications\ComputerProtectionRepair"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

3. aswMBR log


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-11 10:42:01
-----------------------------
10:42:01.763 OS Version: Windows x64 6.1.7601 Service Pack 1
10:42:01.763 Number of processors: 4 586 0x403
10:42:01.763 ComputerName: CKELLER-HP UserName: ckeller
10:42:09.266 Initialize success
10:42:53.946 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056
10:42:53.962 Disk 0 Vendor: Seagate_ HP35 Size: 953869MB BusType: 8
10:42:53.977 Disk 0 MBR read successfully
10:42:53.977 Disk 0 MBR scan
10:42:53.977 Disk 0 unknown MBR code
10:42:53.977 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:42:53.993 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 940151 MB offset 206848
10:42:54.024 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13421 MB offset 1925636096
10:42:54.040 Service scanning
10:42:56.661 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
10:42:57.363 Modules scanning
10:42:57.363 Disk 0 trace - called modules:
10:42:57.394 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
10:42:57.409 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007aca060]
10:42:57.924 3 CLASSPNP.SYS[fffff8800196d43f] -> nt!IofCallDriver -> \Device\00000056[0xfffffa80076279c0]
10:42:57.924 Scan finished successfully
10:43:26.940 Disk 0 MBR has been saved successfully to "\\mybookworld\public\Public\GreenwaltN\Applications\ComputerProtectionRepair\MBR.dat"
10:43:26.971 The log file has been saved successfully to "\\mybookworld\public\Public\GreenwaltN\Applications\ComputerProtectionRepair\aswMBR.txt"


4. OTL


OTL logfile created on: 2/11/2012 10:45:03 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = \\mybookworld\public\Public\GreenwaltN\Applications\ComputerProtectionRepair
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.74 Gb Total Physical Memory | 6.32 Gb Available Physical Memory | 81.68% Memory free
15.48 Gb Paging File | 13.93 Gb Available in Paging File | 89.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.12 Gb Total Space | 846.79 Gb Free Space | 92.23% Space Free | Partition Type: NTFS
Drive D: | 13.11 Gb Total Space | 1.61 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

Computer Name: CKELLER-HP | User Name: ckeller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/11 10:43:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- \\mybookworld\public\Public\GreenwaltN\Applications\ComputerProtectionRepair\OTL.exe
PRC - [2012/01/03 07:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/03/30 08:12:18 | 000,310,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/28 10:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2009/12/15 19:41:00 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/12/15 19:40:00 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/12/15 19:40:00 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/12/15 19:40:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2009/09/18 03:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/05/08 18:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 18:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/27 21:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2009/02/27 21:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/19 19:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/08/05 21:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/05/11 09:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/22 07:46:49 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/28 10:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/18 19:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/15 19:40:00 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009/09/18 03:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/27 10:08:47 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/03 00:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/05/11 09:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 08:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 09:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 21:32:26 | 000,231,224 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2008/06/16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-146183986-3892266785-3712315220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKU\S-1-5-21-146183986-3892266785-3712315220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKU\S-1-5-21-146183986-3892266785-3712315220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-146183986-3892266785-3712315220-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-146183986-3892266785-3712315220-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61879

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ckeller\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ckeller\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/01/26 07:42:49 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ckeller\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ckeller\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ckeller\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ckeller\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-146183986-3892266785-3712315220-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-146183986-3892266785-3712315220-1000..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-146183986-3892266785-3712315220-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-146183986-3892266785-3712315220-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70E00B1C-59AE-4BC9-9B68-578BC995C1E8}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-146183986-3892266785-3712315220-1000 Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b66d00e6-a891-11e0-8792-64315032737f}\Shell - "" = AutoRun
O33 - MountPoints2\{b66d00e6-a891-11e0-8792-64315032737f}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/06 08:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/02/06 08:19:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/02/05 09:48:32 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/02/05 09:48:31 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/05 09:48:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/05 09:48:31 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/02/05 09:48:31 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/02/05 09:48:31 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/05 09:48:31 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/02/05 09:48:31 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/02/05 09:48:31 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/02/05 09:48:31 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/02/05 09:48:31 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/05 09:48:30 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/02/05 09:48:30 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/05 09:48:30 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/02/05 09:48:30 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/05 09:48:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/05 09:48:30 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/02/05 09:48:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/02/05 09:48:30 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/02/05 09:48:30 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/02/05 09:48:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/02/05 09:48:30 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/02/05 09:48:30 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/02/05 09:48:30 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/02/05 09:48:30 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/02/05 09:48:30 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/02/05 09:48:30 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/05 09:48:30 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/02/05 09:48:30 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/02/05 09:48:30 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/02/05 09:48:30 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/02/05 09:48:30 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/05 09:48:29 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/05 09:48:29 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/05 09:48:29 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/02/05 09:48:29 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/02/05 09:48:29 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/02/05 09:48:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/02/05 09:48:29 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/02/05 09:48:29 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/02/05 09:48:29 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/05 09:48:29 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/02/05 09:48:29 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/02/05 09:48:29 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/02/05 09:48:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/02/05 09:48:29 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/02/05 09:48:29 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/02/05 09:48:29 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/05 09:48:28 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/02/05 09:48:28 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/02/05 09:48:28 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/02/05 09:48:28 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/05 09:48:28 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/02/05 09:48:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/05 09:48:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/05 09:48:28 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/02/05 09:48:28 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/02/05 09:48:28 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/02/05 09:48:28 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/02/05 09:48:28 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/02/05 09:48:28 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/02/05 09:48:28 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/02/05 09:48:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/02/05 09:48:28 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/02/05 09:48:27 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/05 09:48:27 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/05 09:48:27 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/02/05 09:48:27 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/02/05 09:48:27 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/02/05 09:48:27 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/02/05 09:48:27 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/05 09:48:27 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/05 09:23:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/02/05 09:23:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/02/03 10:17:01 | 000,000,000 | ---D | C] -- C:\Users\ckeller\Desktop\Young faces
[2012/02/01 16:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/02/01 16:51:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2012/02/01 16:41:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\601A3
[2012/02/01 09:23:57 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/02/01 09:23:38 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Local\Google
[2012/02/01 09:23:26 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Local\Deployment
[2012/02/01 09:23:26 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Local\Apps
[2012/01/27 12:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
[2012/01/27 10:08:59 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2012/01/27 10:08:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/01/27 10:08:56 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/01/27 10:06:37 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Local\Sunbelt Software
[2012/01/27 10:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/01/27 10:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/01/27 10:06:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2012/01/27 10:04:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2012/01/26 07:48:41 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/01/26 07:48:41 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/01/26 07:48:41 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/01/23 14:40:36 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Roaming\601A3
[2012/01/23 14:40:25 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Roaming\52E60
[2012/01/20 10:24:17 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Roaming\Catalina Marketing Corp
[2012/01/20 10:24:15 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp
[2012/01/17 08:49:05 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/17 08:49:04 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/17 08:49:04 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/17 08:49:04 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/17 08:49:04 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/17 08:49:04 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/16 10:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/03/18 14:44:17 | 000,159,744 | ---- | C] ( ) -- C:\Windows\SysWow64\GVJPEG32.DLL
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/11 10:43:36 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 10:43:36 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 10:40:32 | 000,733,692 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/11 10:40:32 | 000,628,954 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/11 10:40:32 | 000,108,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/11 10:36:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/11 10:36:11 | 1939,779,583 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/10 12:34:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-146183986-3892266785-3712315220-1000UA.job
[2012/02/09 14:34:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-146183986-3892266785-3712315220-1000Core.job
[2012/02/09 13:10:48 | 000,000,539 | ---- | M] () -- C:\Users\ckeller\AppData\Local\print.ini
[2012/02/09 08:35:00 | 000,002,371 | ---- | M] () -- C:\Users\ckeller\Desktop\Google Chrome.lnk
[2012/02/06 13:59:49 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForckeller.job
[2012/02/06 08:20:47 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/02/06 08:19:21 | 000,001,135 | ---- | M] () -- C:\Users\ckeller\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/02/05 09:55:42 | 000,001,439 | ---- | M] () -- C:\Users\ckeller\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/05 09:54:31 | 005,655,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/05 09:48:32 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/02/05 09:48:31 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/05 09:48:31 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/05 09:48:31 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/02/05 09:48:31 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/02/05 09:48:31 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/05 09:48:31 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/02/05 09:48:31 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/02/05 09:48:31 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/02/05 09:48:31 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/02/05 09:48:31 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/05 09:48:30 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/02/05 09:48:30 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/05 09:48:30 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/02/05 09:48:30 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/05 09:48:30 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/05 09:48:30 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/02/05 09:48:30 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/02/05 09:48:30 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/02/05 09:48:30 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/02/05 09:48:30 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/02/05 09:48:30 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/02/05 09:48:30 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/02/05 09:48:30 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/02/05 09:48:30 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/02/05 09:48:30 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/02/05 09:48:30 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/05 09:48:30 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/05 09:48:30 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/02/05 09:48:30 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/02/05 09:48:30 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/02/05 09:48:30 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/02/05 09:48:30 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/05 09:48:29 | 002,309,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/05 09:48:29 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/05 09:48:29 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/02/05 09:48:29 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/02/05 09:48:29 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/02/05 09:48:29 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/02/05 09:48:29 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/02/05 09:48:29 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/02/05 09:48:29 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/05 09:48:29 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/02/05 09:48:29 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/02/05 09:48:29 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/02/05 09:48:29 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/02/05 09:48:29 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/02/05 09:48:29 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/02/05 09:48:29 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/05 09:48:28 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/02/05 09:48:28 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/05 09:48:28 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/02/05 09:48:28 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/02/05 09:48:28 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/05 09:48:28 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/02/05 09:48:28 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/05 09:48:28 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/05 09:48:28 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/02/05 09:48:28 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/02/05 09:48:28 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/02/05 09:48:28 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/02/05 09:48:28 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/02/05 09:48:28 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/02/05 09:48:28 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/02/05 09:48:28 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/05 09:48:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/02/05 09:48:28 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/02/05 09:48:27 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/05 09:48:27 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/02/05 09:48:27 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/02/05 09:48:27 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/02/05 09:48:27 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/02/05 09:48:27 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/05 09:48:27 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/05 09:23:17 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/02/05 09:23:14 | 000,747,070 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/05 09:23:04 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCKELLER-HP$.job
[2012/02/05 08:44:44 | 000,070,172 | ---- | M] () -- C:\Users\ckeller\Desktop\Biblical Eldership.jpg
[2012/02/05 08:43:46 | 000,032,621 | ---- | M] () -- C:\Users\ckeller\Desktop\41UE08fml5L.jpg
[2012/02/03 08:42:09 | 000,142,229 | ---- | M] () -- C:\Users\ckeller\Desktop\Template 5395.pdf
[2012/01/30 13:54:05 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/01/30 10:09:40 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/01/30 10:09:40 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/01/27 15:13:11 | 000,013,895 | ---- | M] () -- C:\Users\ckeller\Desktop\1562.jpg
[2012/01/27 12:59:05 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/01/27 10:08:56 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/01/27 10:08:47 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2012/01/27 10:06:22 | 000,001,168 | ---- | M] () -- C:\Users\ckeller\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2012/01/27 10:06:22 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/01/26 07:42:52 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012/01/23 13:25:53 | 000,001,456 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/01/20 09:53:48 | 002,239,131 | ---- | M] () -- C:\Users\ckeller\Desktop\Elder board Berean.jpg
[2012/01/19 14:34:13 | 001,160,915 | ---- | M] () -- C:\Users\ckeller\Desktop\DSC06402.jpg
[2012/01/18 14:53:17 | 000,185,163 | ---- | M] () -- C:\Users\ckeller\Desktop\Jenny2.jpg
[2012/01/18 14:45:31 | 000,087,643 | ---- | M] () -- C:\Users\ckeller\Desktop\Jenny.jpg
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/06 08:25:23 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForckeller.job
[2012/02/06 08:20:47 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/02/05 09:48:30 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/05 09:48:28 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/05 09:23:17 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/02/05 09:23:11 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/05 08:45:01 | 000,070,172 | ---- | C] () -- C:\Users\ckeller\Desktop\Biblical Eldership.jpg
[2012/02/05 08:43:29 | 000,032,621 | ---- | C] () -- C:\Users\ckeller\Desktop\41UE08fml5L.jpg
[2012/02/03 08:42:08 | 000,142,229 | ---- | C] () -- C:\Users\ckeller\Desktop\Template 5395.pdf
[2012/02/01 09:23:59 | 000,002,371 | ---- | C] () -- C:\Users\ckeller\Desktop\Google Chrome.lnk
[2012/02/01 09:23:38 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-146183986-3892266785-3712315220-1000UA.job
[2012/02/01 09:23:38 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-146183986-3892266785-3712315220-1000Core.job
[2012/01/30 13:53:49 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\At2.job
[2012/01/27 15:13:26 | 000,013,895 | ---- | C] () -- C:\Users\ckeller\Desktop\1562.jpg
[2012/01/27 12:58:30 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\At1.job
[2012/01/27 10:10:51 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/01/27 10:10:51 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/01/27 10:06:22 | 000,001,168 | ---- | C] () -- C:\Users\ckeller\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2012/01/27 10:06:22 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/01/20 09:53:48 | 002,239,131 | ---- | C] () -- C:\Users\ckeller\Desktop\Elder board Berean.jpg
[2012/01/19 14:34:13 | 001,160,915 | ---- | C] () -- C:\Users\ckeller\Desktop\DSC06402.jpg
[2012/01/18 14:52:01 | 000,185,163 | ---- | C] () -- C:\Users\ckeller\Desktop\Jenny2.jpg
[2012/01/18 14:45:49 | 000,087,643 | ---- | C] () -- C:\Users\ckeller\Desktop\Jenny.jpg
[2011/08/25 07:18:03 | 000,000,132 | ---- | C] () -- C:\Users\ckeller\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/08/18 13:10:39 | 000,001,456 | ---- | C] () -- C:\Users\ckeller\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/06/02 13:27:12 | 000,185,344 | R--- | C] () -- C:\Windows\FRANKCAL.DLL
[2011/06/02 13:27:05 | 000,306,688 | R--- | C] () -- C:\Windows\SysWow64\LFFPX7.DLL
[2011/06/02 13:27:05 | 000,095,232 | R--- | C] () -- C:\Windows\SysWow64\LFKODAK.DLL
[2011/05/22 09:05:56 | 000,001,854 | ---- | C] () -- C:\Users\ckeller\AppData\Roaming\GhostObjGAFix.xml
[2011/05/11 07:31:17 | 000,000,539 | ---- | C] () -- C:\Users\ckeller\AppData\Local\print.ini
[2011/05/11 07:29:13 | 000,204,800 | ---- | C] () -- C:\Windows\IdsRdCli.exe
[2011/04/06 10:44:50 | 000,747,070 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/18 14:44:39 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\SSV5DATE.INI
[2011/03/18 14:44:17 | 000,001,289 | ---- | C] () -- C:\Windows\Formset.ini
[2011/03/18 13:36:45 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\MSVCRT10.DLL
[2011/02/01 18:05:08 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/01 17:07:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/21 12:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2009/12/15 19:41:00 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonClient.exe
[2009/12/15 19:40:00 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonServer.exe
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >


4. Extras log


OTL Extras logfile created on: 2/11/2012 10:45:03 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = \\mybookworld\public\Public\GreenwaltN\Applications\ComputerProtectionRepair
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.74 Gb Total Physical Memory | 6.32 Gb Available Physical Memory | 81.68% Memory free
15.48 Gb Paging File | 13.93 Gb Available in Paging File | 89.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.12 Gb Total Space | 846.79 Gb Free Space | 92.23% Space Free | Partition Type: NTFS
Drive D: | 13.11 Gb Total Space | 1.61 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

Computer Name: CKELLER-HP | User Name: ckeller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01218E3C-86E4-4D70-A36F-69CD41B78DBC}" = IDS Client
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing
"{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19E65209-31B3-41B1-B4B9-ACF9ACBF2594}" = Shelby SOAP Install
"{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
"{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 30
"{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{53CF3920-648B-4F99-8D05-6A6C5298F57B}" = Adobe Creative Suite 5.5 Design Standard
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English
"{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72E78A7A-0B2E-4AE0-93E8-1D756844E16D}" = Shelby v5 Workstation Setup
"{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian
"{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German
"{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese
"{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD
"{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DDF9EE-C67F-368B-EB42-ECB44FD7556D}" = Adobe Photoshop.com Inspiration Browser
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish
"{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian
"{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"ACS Facility Scheduler_is1" = ACS Facility Scheduler
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"My HP Game Console" = HP Game Console
"PDF Complete" = PDF Complete Special Edition
"Photon" = Professor Franklin
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PROPLUS" = Microsoft Office Professional Plus 2007
"SpywareBlaster_is1" = SpywareBlaster 4.5
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-146183986-3892266785-3712315220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/1/2012 7:24:26 PM | Computer Name = ckeller-HP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2/1/2012 7:46:23 PM | Computer Name = ckeller-HP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2/1/2012 7:46:23 PM | Computer Name = ckeller-HP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2/1/2012 7:53:29 PM | Computer Name = ckeller-HP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2/1/2012 7:53:29 PM | Computer Name = ckeller-HP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2/1/2012 7:54:05 PM | Computer Name = ckeller-HP | Source = Application Hang | ID = 1002
Description = The program Ad-Aware90Install.exe version 9.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 944 Start
Time: 01cce13cafb25c8c Termination Time: 16 Application Path: C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}\Ad-Aware90Install.exe

Report
Id:

Error - 2/1/2012 8:12:50 PM | Computer Name = ckeller-HP | Source = Windows Search Service | ID = 3079
Description =

Error - 2/2/2012 10:30:21 AM | Computer Name = ckeller-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2/3/2012 9:55:50 AM | Computer Name = ckeller-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2/3/2012 2:53:08 PM | Computer Name = ckeller-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ Hewlett-Packard Events ]
Error - 3/27/2011 9:12:40 AM | Computer Name = ckeller-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031127081232.xml
File not created by asset agent

Error - 5/22/2011 11:05:55 AM | Computer Name = ckeller-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051122100547.xml
File not created by asset agent

Error - 6/19/2011 12:08:24 PM | Computer Name = ckeller-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061119110816.xml
File not created by asset agent

Error - 7/8/2011 2:10:56 AM | Computer Name = ckeller-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071108011054.xml
File not created by asset agent

Error - 8/15/2011 9:23:14 AM | Computer Name = ckeller-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081115082306.xml
File not created by asset agent

[ System Events ]
Error - 10/11/2011 10:24:56 AM | Computer Name = ckeller-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the avg9wd service.

Error - 10/12/2011 9:24:27 AM | Computer Name = ckeller-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the avg9wd service.

Error - 10/12/2011 1:00:09 PM | Computer Name = ckeller-HP | Source = DCOM | ID = 10016
Description =

Error - 10/12/2011 1:00:09 PM | Computer Name = ckeller-HP | Source = DCOM | ID = 10016
Description =


< End of report >


5. Currently the redirect problem is occurring. Computer is running quickly enough. I am just concerned about the redirect issue.

Thanks!!

Nathan

#7 Schnitzel

Schnitzel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 11 February 2012 - 12:09 PM

Below are scans that I ran verifying they were performed using "run as administrator"

2. FSS log

Farbar Service Scanner Version: 10-02-2012
Ran by ckeller (administrator) on 11-02-2012 at 11:02:48
Running from "\\mybookworld\public\Public\GreenwaltN\Applications\ComputerProtectionRepair"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

3. aswMBR log


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-11 11:04:15
-----------------------------
11:04:15.770 OS Version: Windows x64 6.1.7601 Service Pack 1
11:04:15.770 Number of processors: 4 586 0x403
11:04:15.770 ComputerName: CKELLER-HP UserName: ckeller
11:04:17.206 Initialize success
11:04:36.863 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056
11:04:36.863 Disk 0 Vendor: Seagate_ HP35 Size: 953869MB BusType: 8
11:04:36.863 Disk 0 MBR read successfully
11:04:36.863 Disk 0 MBR scan
11:04:36.863 Disk 0 unknown MBR code
11:04:36.863 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:04:36.879 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 940151 MB offset 206848
11:04:36.894 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13421 MB offset 1925636096
11:04:36.894 Service scanning
11:04:37.394 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
11:04:38.002 Modules scanning
11:04:38.002 Disk 0 trace - called modules:
11:04:38.018 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
11:04:38.018 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007aca060]
11:04:38.033 3 CLASSPNP.SYS[fffff8800196d43f] -> nt!IofCallDriver -> \Device\00000056[0xfffffa80076279c0]
11:04:38.033 Scan finished successfully
11:04:54.366 Disk 0 MBR has been saved successfully to "\\mybookworld\public\Public\GreenwaltN\Applications\ComputerProtectionRepair\MBR.dat"
11:04:54.413 The log file has been saved successfully to "\\mybookworld\public\Public\GreenwaltN\Applications\ComputerProtectionRepair\aswMBR.txt"



4. OTL log


OTL logfile created on: 2/11/2012 11:05:25 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = \\mybookworld\public\Public\GreenwaltN\Applications\ComputerProtectionRepair
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.74 Gb Total Physical Memory | 6.13 Gb Available Physical Memory | 79.14% Memory free
15.48 Gb Paging File | 13.68 Gb Available in Paging File | 88.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.12 Gb Total Space | 846.79 Gb Free Space | 92.23% Space Free | Partition Type: NTFS
Drive D: | 13.11 Gb Total Space | 1.61 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

Computer Name: CKELLER-HP | User Name: ckeller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/11 10:43:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- \\mybookworld\public\Public\GreenwaltN\Applications\ComputerProtectionRepair\OTL.exe
PRC - [2012/01/03 07:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/11/28 07:23:06 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/03/30 08:12:18 | 000,310,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/28 10:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2009/12/15 19:41:00 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/12/15 19:40:00 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/12/15 19:40:00 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/12/15 19:40:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2009/09/18 03:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/05/08 18:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 18:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/27 21:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2009/02/27 21:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/19 19:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/08/05 21:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/05/11 09:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/22 07:46:49 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/28 10:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/18 19:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/15 19:40:00 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009/09/18 03:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/27 10:08:47 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/03 00:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/05/11 09:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 08:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 09:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 21:32:26 | 000,231,224 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2008/06/16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-146183986-3892266785-3712315220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKU\S-1-5-21-146183986-3892266785-3712315220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKU\S-1-5-21-146183986-3892266785-3712315220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-146183986-3892266785-3712315220-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-146183986-3892266785-3712315220-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61879

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ckeller\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ckeller\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/01/26 07:42:49 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ckeller\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ckeller\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ckeller\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ckeller\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-146183986-3892266785-3712315220-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-146183986-3892266785-3712315220-1000..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-146183986-3892266785-3712315220-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-146183986-3892266785-3712315220-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70E00B1C-59AE-4BC9-9B68-578BC995C1E8}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-146183986-3892266785-3712315220-1000 Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b66d00e6-a891-11e0-8792-64315032737f}\Shell - "" = AutoRun
O33 - MountPoints2\{b66d00e6-a891-11e0-8792-64315032737f}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/06 08:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/02/06 08:19:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/02/05 09:48:32 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/02/05 09:48:31 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/05 09:48:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/05 09:48:31 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/02/05 09:48:31 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/02/05 09:48:31 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/05 09:48:31 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/02/05 09:48:31 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/02/05 09:48:31 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/02/05 09:48:31 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/02/05 09:48:31 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/05 09:48:30 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/02/05 09:48:30 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/05 09:48:30 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/02/05 09:48:30 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/05 09:48:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/05 09:48:30 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/02/05 09:48:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/02/05 09:48:30 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/02/05 09:48:30 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/02/05 09:48:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/02/05 09:48:30 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/02/05 09:48:30 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/02/05 09:48:30 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/02/05 09:48:30 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/02/05 09:48:30 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/02/05 09:48:30 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/05 09:48:30 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/02/05 09:48:30 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/02/05 09:48:30 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/02/05 09:48:30 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/02/05 09:48:30 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/05 09:48:29 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/05 09:48:29 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/05 09:48:29 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/02/05 09:48:29 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/02/05 09:48:29 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/02/05 09:48:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/02/05 09:48:29 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/02/05 09:48:29 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/02/05 09:48:29 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/05 09:48:29 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/02/05 09:48:29 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/02/05 09:48:29 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/02/05 09:48:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/02/05 09:48:29 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/02/05 09:48:29 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/02/05 09:48:29 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/05 09:48:28 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/02/05 09:48:28 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/02/05 09:48:28 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/02/05 09:48:28 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/05 09:48:28 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/02/05 09:48:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/05 09:48:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/05 09:48:28 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/02/05 09:48:28 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/02/05 09:48:28 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/02/05 09:48:28 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/02/05 09:48:28 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/02/05 09:48:28 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/02/05 09:48:28 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/02/05 09:48:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/02/05 09:48:28 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/02/05 09:48:27 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/05 09:48:27 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/05 09:48:27 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/02/05 09:48:27 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/02/05 09:48:27 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/02/05 09:48:27 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/02/05 09:48:27 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/05 09:48:27 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/05 09:23:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/02/05 09:23:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/02/03 10:17:01 | 000,000,000 | ---D | C] -- C:\Users\ckeller\Desktop\Young faces
[2012/02/01 16:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/02/01 16:51:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2012/02/01 16:41:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\601A3
[2012/02/01 09:23:57 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/02/01 09:23:38 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Local\Google
[2012/02/01 09:23:26 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Local\Deployment
[2012/02/01 09:23:26 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Local\Apps
[2012/01/27 12:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
[2012/01/27 10:08:59 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2012/01/27 10:08:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/01/27 10:08:56 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/01/27 10:06:37 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Local\Sunbelt Software
[2012/01/27 10:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/01/27 10:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/01/27 10:06:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2012/01/27 10:04:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2012/01/26 07:48:41 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/01/26 07:48:41 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/01/26 07:48:41 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/01/23 14:40:36 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Roaming\601A3
[2012/01/23 14:40:25 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Roaming\52E60
[2012/01/20 10:24:17 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Roaming\Catalina Marketing Corp
[2012/01/20 10:24:15 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp
[2012/01/17 08:49:05 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/17 08:49:04 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/17 08:49:04 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/17 08:49:04 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/17 08:49:04 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/17 08:49:04 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/16 10:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/03/18 14:44:17 | 000,159,744 | ---- | C] ( ) -- C:\Windows\SysWow64\GVJPEG32.DLL
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/11 10:43:36 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 10:43:36 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 10:40:32 | 000,733,692 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/11 10:40:32 | 000,628,954 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/11 10:40:32 | 000,108,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/11 10:36:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/11 10:36:11 | 1939,779,583 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/10 12:34:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-146183986-3892266785-3712315220-1000UA.job
[2012/02/09 14:34:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-146183986-3892266785-3712315220-1000Core.job
[2012/02/09 13:10:48 | 000,000,539 | ---- | M] () -- C:\Users\ckeller\AppData\Local\print.ini
[2012/02/09 08:35:00 | 000,002,371 | ---- | M] () -- C:\Users\ckeller\Desktop\Google Chrome.lnk
[2012/02/06 13:59:49 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForckeller.job
[2012/02/06 08:20:47 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/02/06 08:19:21 | 000,001,135 | ---- | M] () -- C:\Users\ckeller\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/02/05 09:55:42 | 000,001,439 | ---- | M] () -- C:\Users\ckeller\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/05 09:54:31 | 005,655,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/05 09:48:32 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/02/05 09:48:31 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/05 09:48:31 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/05 09:48:31 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/02/05 09:48:31 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/02/05 09:48:31 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/05 09:48:31 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/02/05 09:48:31 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/02/05 09:48:31 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/02/05 09:48:31 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/02/05 09:48:31 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/05 09:48:30 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/02/05 09:48:30 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/05 09:48:30 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/02/05 09:48:30 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/05 09:48:30 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/05 09:48:30 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/02/05 09:48:30 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/02/05 09:48:30 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/02/05 09:48:30 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/02/05 09:48:30 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/02/05 09:48:30 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/02/05 09:48:30 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/02/05 09:48:30 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/02/05 09:48:30 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/02/05 09:48:30 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/02/05 09:48:30 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/05 09:48:30 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/05 09:48:30 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/02/05 09:48:30 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/02/05 09:48:30 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/02/05 09:48:30 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/02/05 09:48:30 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/05 09:48:29 | 002,309,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/05 09:48:29 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/05 09:48:29 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/02/05 09:48:29 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/02/05 09:48:29 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/02/05 09:48:29 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/02/05 09:48:29 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/02/05 09:48:29 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/02/05 09:48:29 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/05 09:48:29 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/02/05 09:48:29 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/02/05 09:48:29 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/02/05 09:48:29 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/02/05 09:48:29 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/02/05 09:48:29 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/02/05 09:48:29 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/05 09:48:28 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/02/05 09:48:28 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/05 09:48:28 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/02/05 09:48:28 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/02/05 09:48:28 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/05 09:48:28 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/02/05 09:48:28 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/05 09:48:28 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/05 09:48:28 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/02/05 09:48:28 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/02/05 09:48:28 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/02/05 09:48:28 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/02/05 09:48:28 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/02/05 09:48:28 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/02/05 09:48:28 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/02/05 09:48:28 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/05 09:48:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/02/05 09:48:28 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/02/05 09:48:27 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/05 09:48:27 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/02/05 09:48:27 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/02/05 09:48:27 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/02/05 09:48:27 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/02/05 09:48:27 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/05 09:48:27 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/05 09:23:17 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/02/05 09:23:14 | 000,747,070 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/05 09:23:04 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCKELLER-HP$.job
[2012/02/05 08:44:44 | 000,070,172 | ---- | M] () -- C:\Users\ckeller\Desktop\Biblical Eldership.jpg
[2012/02/05 08:43:46 | 000,032,621 | ---- | M] () -- C:\Users\ckeller\Desktop\41UE08fml5L.jpg
[2012/02/03 08:42:09 | 000,142,229 | ---- | M] () -- C:\Users\ckeller\Desktop\Template 5395.pdf
[2012/01/30 13:54:05 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/01/30 10:09:40 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/01/30 10:09:40 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/01/27 15:13:11 | 000,013,895 | ---- | M] () -- C:\Users\ckeller\Desktop\1562.jpg
[2012/01/27 12:59:05 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/01/27 10:08:56 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/01/27 10:08:47 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2012/01/27 10:06:22 | 000,001,168 | ---- | M] () -- C:\Users\ckeller\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2012/01/27 10:06:22 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/01/26 07:42:52 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012/01/23 13:25:53 | 000,001,456 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/01/20 09:53:48 | 002,239,131 | ---- | M] () -- C:\Users\ckeller\Desktop\Elder board Berean.jpg
[2012/01/19 14:34:13 | 001,160,915 | ---- | M] () -- C:\Users\ckeller\Desktop\DSC06402.jpg
[2012/01/18 14:53:17 | 000,185,163 | ---- | M] () -- C:\Users\ckeller\Desktop\Jenny2.jpg
[2012/01/18 14:45:31 | 000,087,643 | ---- | M] () -- C:\Users\ckeller\Desktop\Jenny.jpg
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/06 08:25:23 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForckeller.job
[2012/02/06 08:20:47 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/02/05 09:48:30 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/05 09:48:28 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/05 09:23:17 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/02/05 09:23:11 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/05 08:45:01 | 000,070,172 | ---- | C] () -- C:\Users\ckeller\Desktop\Biblical Eldership.jpg
[2012/02/05 08:43:29 | 000,032,621 | ---- | C] () -- C:\Users\ckeller\Desktop\41UE08fml5L.jpg
[2012/02/03 08:42:08 | 000,142,229 | ---- | C] () -- C:\Users\ckeller\Desktop\Template 5395.pdf
[2012/02/01 09:23:59 | 000,002,371 | ---- | C] () -- C:\Users\ckeller\Desktop\Google Chrome.lnk
[2012/02/01 09:23:38 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-146183986-3892266785-3712315220-1000UA.job
[2012/02/01 09:23:38 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-146183986-3892266785-3712315220-1000Core.job
[2012/01/30 13:53:49 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\At2.job
[2012/01/27 15:13:26 | 000,013,895 | ---- | C] () -- C:\Users\ckeller\Desktop\1562.jpg
[2012/01/27 12:58:30 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\At1.job
[2012/01/27 10:10:51 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/01/27 10:10:51 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/01/27 10:06:22 | 000,001,168 | ---- | C] () -- C:\Users\ckeller\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2012/01/27 10:06:22 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/01/20 09:53:48 | 002,239,131 | ---- | C] () -- C:\Users\ckeller\Desktop\Elder board Berean.jpg
[2012/01/19 14:34:13 | 001,160,915 | ---- | C] () -- C:\Users\ckeller\Desktop\DSC06402.jpg
[2012/01/18 14:52:01 | 000,185,163 | ---- | C] () -- C:\Users\ckeller\Desktop\Jenny2.jpg
[2012/01/18 14:45:49 | 000,087,643 | ---- | C] () -- C:\Users\ckeller\Desktop\Jenny.jpg
[2011/08/25 07:18:03 | 000,000,132 | ---- | C] () -- C:\Users\ckeller\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/08/18 13:10:39 | 000,001,456 | ---- | C] () -- C:\Users\ckeller\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/06/02 13:27:12 | 000,185,344 | R--- | C] () -- C:\Windows\FRANKCAL.DLL
[2011/06/02 13:27:05 | 000,306,688 | R--- | C] () -- C:\Windows\SysWow64\LFFPX7.DLL
[2011/06/02 13:27:05 | 000,095,232 | R--- | C] () -- C:\Windows\SysWow64\LFKODAK.DLL
[2011/05/22 09:05:56 | 000,001,854 | ---- | C] () -- C:\Users\ckeller\AppData\Roaming\GhostObjGAFix.xml
[2011/05/11 07:31:17 | 000,000,539 | ---- | C] () -- C:\Users\ckeller\AppData\Local\print.ini
[2011/05/11 07:29:13 | 000,204,800 | ---- | C] () -- C:\Windows\IdsRdCli.exe
[2011/04/06 10:44:50 | 000,747,070 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/18 14:44:39 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\SSV5DATE.INI
[2011/03/18 14:44:17 | 000,001,289 | ---- | C] () -- C:\Windows\Formset.ini
[2011/03/18 13:36:45 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\MSVCRT10.DLL
[2011/02/01 18:05:08 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/01 17:07:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/21 12:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2009/12/15 19:41:00 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonClient.exe
[2009/12/15 19:40:00 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonServer.exe
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >


4. Extras log


OTL Extras logfile created on: 2/11/2012 11:05:25 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = \\mybookworld\public\Public\GreenwaltN\Applications\ComputerProtectionRepair
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.74 Gb Total Physical Memory | 6.13 Gb Available Physical Memory | 79.14% Memory free
15.48 Gb Paging File | 13.68 Gb Available in Paging File | 88.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.12 Gb Total Space | 846.79 Gb Free Space | 92.23% Space Free | Partition Type: NTFS
Drive D: | 13.11 Gb Total Space | 1.61 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

Computer Name: CKELLER-HP | User Name: ckeller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01218E3C-86E4-4D70-A36F-69CD41B78DBC}" = IDS Client
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing
"{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19E65209-31B3-41B1-B4B9-ACF9ACBF2594}" = Shelby SOAP Install
"{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
"{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 30
"{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{53CF3920-648B-4F99-8D05-6A6C5298F57B}" = Adobe Creative Suite 5.5 Design Standard
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English
"{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72E78A7A-0B2E-4AE0-93E8-1D756844E16D}" = Shelby v5 Workstation Setup
"{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian
"{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German
"{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese
"{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD
"{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DDF9EE-C67F-368B-EB42-ECB44FD7556D}" = Adobe Photoshop.com Inspiration Browser
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish
"{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian
"{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"ACS Facility Scheduler_is1" = ACS Facility Scheduler
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"My HP Game Console" = HP Game Console
"PDF Complete" = PDF Complete Special Edition
"Photon" = Professor Franklin
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PROPLUS" = Microsoft Office Professional Plus 2007
"SpywareBlaster_is1" = SpywareBlaster 4.5
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-146183986-3892266785-3712315220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/1/2012 7:24:26 PM | Computer Name = ckeller-HP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2/1/2012 7:46:23 PM | Computer Name = ckeller-HP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2/1/2012 7:46:23 PM | Computer Name = ckeller-HP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2/1/2012 7:53:29 PM | Computer Name = ckeller-HP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2/1/2012 7:53:29 PM | Computer Name = ckeller-HP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2/1/2012 7:54:05 PM | Computer Name = ckeller-HP | Source = Application Hang | ID = 1002
Description = The program Ad-Aware90Install.exe version 9.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 944 Start
Time: 01cce13cafb25c8c Termination Time: 16 Application Path: C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}\Ad-Aware90Install.exe

Report
Id:

Error - 2/1/2012 8:12:50 PM | Computer Name = ckeller-HP | Source = Windows Search Service | ID = 3079
Description =

Error - 2/2/2012 10:30:21 AM | Computer Name = ckeller-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2/3/2012 9:55:50 AM | Computer Name = ckeller-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2/3/2012 2:53:08 PM | Computer Name = ckeller-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ Hewlett-Packard Events ]
Error - 3/27/2011 9:12:40 AM | Computer Name = ckeller-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031127081232.xml
File not created by asset agent

Error - 5/22/2011 11:05:55 AM | Computer Name = ckeller-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051122100547.xml
File not created by asset agent

Error - 6/19/2011 12:08:24 PM | Computer Name = ckeller-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061119110816.xml
File not created by asset agent

Error - 7/8/2011 2:10:56 AM | Computer Name = ckeller-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071108011054.xml
File not created by asset agent

Error - 8/15/2011 9:23:14 AM | Computer Name = ckeller-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081115082306.xml
File not created by asset agent

[ System Events ]
Error - 10/11/2011 10:24:56 AM | Computer Name = ckeller-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the avg9wd service.

Error - 10/12/2011 9:24:27 AM | Computer Name = ckeller-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the avg9wd service.

Error - 10/12/2011 1:00:09 PM | Computer Name = ckeller-HP | Source = DCOM | ID = 10016
Description =

Error - 10/12/2011 1:00:09 PM | Computer Name = ckeller-HP | Source = DCOM | ID = 10016
Description =


< End of report >


5.. Thanks again.

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:06 AM

Posted 11 February 2012 - 12:33 PM

Hi Nathan!

Thanks for posting those logs, it definitely showed me what I was looking to see, and helped pinpoint where some of the issues are.

Lets run this utility first:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.

Let me know how that goes, as well as how your computer is behaving after running it.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 Schnitzel

Schnitzel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 15 February 2012 - 11:23 PM

For the life of me I can't rid myself of AVG. It doesn't show up in the programs and features folder and the AppRemover tool doesn't see it. When I try to run ComboFix.exe I am warned that AVG is still running a real time scan and that it could be damaging for me to continue. What do you recommend?

Thanks,

Nathan :mellow:

#10 Schnitzel

Schnitzel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 16 February 2012 - 12:53 AM

Okay. After I ran the AppRemover several times if finally found and uninstalled the AVG files. I was able to run the ComboFix tool. Here is the log. Thanks for your help.


ComboFix 12-02-15.01 - ckeller 02/15/2012 23:37:14.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7928.6233 [GMT -6:00]
Running from: c:\users\ckeller\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\37F5\FE5A.tmp
C:\Thumbs.db
c:\windows\system32\GroupPolicy\Machine\Registry.pol
c:\windows\SysWow64\ChilkatMail_v7_9.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_KXESCORE
.
.
((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-16 05:42 . 2012-02-16 05:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-06 19:55 . 2012-02-06 19:55 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-02-06 14:19 . 2012-02-06 14:19 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-02-01 22:41 . 2012-02-06 18:41 -------- d-----w- c:\program files (x86)\601A3
2012-02-01 15:23 . 2012-02-01 15:23 -------- d-----w- c:\users\ckeller\AppData\Local\Google
2012-02-01 15:23 . 2012-02-01 15:23 -------- d-----w- c:\users\ckeller\AppData\Local\Deployment
2012-02-01 15:23 . 2012-02-01 15:23 -------- d-----w- c:\users\ckeller\AppData\Local\Apps
2012-01-27 16:08 . 2012-01-27 16:08 -------- dc----w- c:\windows\system32\DRVSTORE
2012-01-27 16:08 . 2012-01-27 16:08 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-01-27 16:08 . 2012-01-27 16:08 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-27 16:06 . 2012-01-27 16:06 -------- d-----w- c:\users\ckeller\AppData\Local\Sunbelt Software
2012-01-27 16:06 . 2012-01-27 16:08 -------- d-----w- c:\programdata\Lavasoft
2012-01-27 16:06 . 2012-01-27 16:06 -------- d-----w- c:\program files (x86)\Lavasoft
2012-01-27 16:04 . 2012-01-27 16:06 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2012-01-23 20:40 . 2012-02-06 18:11 -------- d-----w- c:\users\ckeller\AppData\Roaming\601A3
2012-01-23 20:40 . 2012-02-06 18:12 -------- d-----w- c:\users\ckeller\AppData\Roaming\52E60
2012-01-20 16:24 . 2012-01-20 16:24 -------- d-----w- c:\users\ckeller\AppData\Roaming\Catalina Marketing Corp
2012-01-20 16:24 . 2012-01-20 16:24 485576 ----a-w- c:\users\ckeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2011-03-18 17:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-11-30 08:21 . 2012-01-16 16:03 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D589127A-F747-4B65-B7B1-19E96F7E5708}\mpengine.dll
2011-11-28 13:23 . 2011-06-08 21:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-25 14:43 . 2011-11-25 14:43 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-24 04:52 . 2011-12-14 14:08 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 14:58 . 2012-01-11 16:00 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 16:00 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2012-01-03 1243040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-09 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-12-16 122880]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-146183986-3892266785-3712315220-1000Core.job
- c:\users\ckeller\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-01 15:23]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-146183986-3892266785-3712315220-1000UA.job
- c:\users\ckeller\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-01 15:23]
.
2012-02-05 c:\windows\Tasks\HPCeeScheduleForCKELLER-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-02-14 c:\windows\Tasks\HPCeeScheduleForckeller.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"combofix"="c:\combofix\CF27453.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:61879
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
.
**************************************************************************
.
Completion time: 2012-02-15 23:46:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-16 05:46
.
Pre-Run: 909,714,669,568 bytes free
Post-Run: 909,917,908,992 bytes free
.
- - End Of File - - 525832A79EE34714C2396F7ADA7302E9

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:06 AM

Posted 16 February 2012 - 03:35 AM

Hi Nathan!

Sorry to hear you experienced issues with trying to remove AVG. It has been known to be a bit of a pain at times when you try and remove it.

We need to run a script with ComboFix, and then we will run through some other scans. Please be sure to let me know how things are running in your next reply.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
ClearJavaCache::
DirLook::
c:\users\ckeller\AppData\Roaming\601A3
c:\users\ckeller\AppData\Roaming\52E60
c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
c:\program files (x86)\601A3
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:61879

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:


Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (v1.60.1.1000) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 Schnitzel

Schnitzel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 16 February 2012 - 10:14 AM

Thank you so much for looking at this. The requested logs are below. The computer continues to process stuff fine, I hope to get some level of reassurance that the trojan/virus is removed.

Nathan


ComboFix Log


ComboFix 12-02-15.01 - ckeller 02/16/2012 7:25.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7928.6328 [GMT -6:00]
Running from: c:\users\ckeller\Desktop\ComboFix.exe
Command switches used :: c:\users\ckeller\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-16 13:29 . 2012-02-16 13:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-16 05:51 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 05:51 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-16 05:51 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 05:51 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-16 05:51 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 05:51 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 05:47 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 05:47 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-06 19:55 . 2012-02-06 19:55 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-02-06 14:19 . 2012-02-06 14:19 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-02-01 22:41 . 2012-02-06 18:41 -------- d-----w- c:\program files (x86)\601A3
2012-02-01 15:23 . 2012-02-01 15:23 -------- d-----w- c:\users\ckeller\AppData\Local\Google
2012-02-01 15:23 . 2012-02-01 15:23 -------- d-----w- c:\users\ckeller\AppData\Local\Deployment
2012-02-01 15:23 . 2012-02-01 15:23 -------- d-----w- c:\users\ckeller\AppData\Local\Apps
2012-01-27 16:08 . 2012-01-27 16:08 -------- dc----w- c:\windows\system32\DRVSTORE
2012-01-27 16:08 . 2012-01-27 16:08 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-01-27 16:08 . 2012-01-27 16:08 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-27 16:06 . 2012-01-27 16:06 -------- d-----w- c:\users\ckeller\AppData\Local\Sunbelt Software
2012-01-27 16:06 . 2012-01-27 16:08 -------- d-----w- c:\programdata\Lavasoft
2012-01-27 16:06 . 2012-01-27 16:06 -------- d-----w- c:\program files (x86)\Lavasoft
2012-01-27 16:04 . 2012-01-27 16:06 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2012-01-23 20:40 . 2012-02-06 18:11 -------- d-----w- c:\users\ckeller\AppData\Roaming\601A3
2012-01-23 20:40 . 2012-02-06 18:12 -------- d-----w- c:\users\ckeller\AppData\Roaming\52E60
2012-01-20 16:24 . 2012-01-20 16:24 -------- d-----w- c:\users\ckeller\AppData\Roaming\Catalina Marketing Corp
2012-01-20 16:24 . 2012-01-20 16:24 485576 ----a-w- c:\users\ckeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2011-03-18 17:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-11-30 08:21 . 2012-01-16 16:03 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D589127A-F747-4B65-B7B1-19E96F7E5708}\mpengine.dll
2011-11-28 13:23 . 2011-06-08 21:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-25 14:43 . 2011-11-25 14:43 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-19 14:58 . 2012-01-11 16:00 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 16:00 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files (x86)\601A3 ----
.
.
---- Directory of c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} ----
.
2012-02-06 14:19 . 2012-02-06 14:19 21494 ----a-w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}\0x0409.ini
2012-02-06 14:19 . 2012-02-06 14:19 47848756 ----a-w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}\HP Support Assistant.msi
.
---- Directory of c:\users\ckeller\AppData\Roaming\52E60 ----
.
2012-01-23 20:40 . 2012-02-02 17:29 16802 ----a-w- c:\users\ckeller\AppData\Roaming\52E60\01A3.2E6
.
---- Directory of c:\users\ckeller\AppData\Roaming\601A3 ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-16_05.43.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-02-05 15:48 . 2012-02-05 15:48 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2012-02-16 09:01 . 2011-12-14 02:50 72704 c:\windows\SysWOW64\mshtmled.dll
- 2012-02-05 15:48 . 2012-02-05 15:48 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-02-16 09:01 . 2011-12-14 02:54 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-02-05 15:48 . 2012-02-05 15:48 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-02-16 09:01 . 2011-12-14 02:54 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2011-03-18 05:07 . 2012-02-16 13:20 56140 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-16 13:20 37994 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-18 19:28 . 2012-02-16 13:20 15600 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-146183986-3892266785-3712315220-1000_UserData.bin
+ 2012-02-16 09:01 . 2011-12-14 06:57 96256 c:\windows\system32\mshtmled.dll
- 2012-02-05 15:48 . 2012-02-05 15:48 96256 c:\windows\system32\mshtmled.dll
- 2012-02-05 15:48 . 2012-02-05 15:48 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-02-16 09:01 . 2011-12-14 07:02 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-02-16 09:01 . 2011-12-14 07:01 85504 c:\windows\system32\jsproxy.dll
- 2012-02-05 15:48 . 2012-02-05 15:48 85504 c:\windows\system32\jsproxy.dll
- 2011-03-18 18:13 . 2012-02-13 14:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-18 18:13 . 2012-02-16 13:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-18 18:13 . 2012-02-16 13:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-18 18:13 . 2012-02-13 14:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-13 14:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-16 13:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-16 05:46 . 2012-02-16 13:13 22620 c:\windows\SoftwareDistribution\EventCache\{4DFC82F7-5E5A-425E-BB34-F39B2B6EE1D4}.bin
+ 2009-07-14 04:46 . 2012-02-16 13:26 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-01-03 13:49 . 2012-01-03 13:49 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-01-03 13:49 . 2012-01-03 13:49 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-03-18 20:12 . 2012-02-16 09:03 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-03-18 20:12 . 2012-02-06 19:58 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-03-18 20:12 . 2012-02-06 19:58 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-03-18 20:12 . 2012-02-16 09:03 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2011-03-18 20:12 . 2012-02-06 19:58 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-03-18 20:12 . 2012-02-16 09:03 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-02-01 23:32 . 2012-02-16 09:04 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2011-02-01 23:32 . 2012-02-05 15:52 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-02-16 09:13 . 2012-02-16 09:13 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\42d44cc48edbf4d5b19af6d6afc6cd62\System.Windows.Presentation.ni.dll
+ 2012-02-16 09:13 . 2012-02-16 09:13 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\5c5a54c265c044f359659e6eeff29171\System.Web.ApplicationServices.ni.dll
+ 2012-02-16 09:16 . 2012-02-16 09:16 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\5febe9c0db17256605a3c0b906d124a3\System.Windows.Presentation.ni.dll
+ 2012-02-16 09:15 . 2012-02-16 09:15 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\d948214592e9ee62eefecfc06ac37690\System.Web.ApplicationServices.ni.dll
+ 2012-02-16 09:15 . 2012-02-16 09:15 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\361744396ee71dcc435c93226a8a6754\System.ServiceModel.Channels.ni.dll
+ 2012-02-16 09:36 . 2012-02-16 09:36 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\265f654b8eed2ac1e42d225a30433c37\System.Windows.Presentation.ni.dll
+ 2012-02-16 09:36 . 2012-02-16 09:36 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\62889e05923a83fa32400e7f3b28f9c6\System.Web.DynamicData.Design.ni.dll
+ 2012-02-16 09:35 . 2012-02-16 09:35 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\c1577aa4e5874f1debc9a63343e5a0d7\PresentationFontCache.ni.exe
+ 2012-02-16 09:28 . 2012-02-16 09:28 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\697c9c4ec947a0a5e21bc9e4c6471b74\PresentationCFFRasterizer.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\2d80e48139b13bf06e85c0c1db06bc20\Microsoft.WSMan.Runtime.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\df5c0dac9e7db175acc8a9755942f87f\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\8a9356f77bd1d1155202f59119ee57c9\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\4e53199f22c13aa3e4bc6f063da0aee7\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\0f361440d7cbda4bf5b44bfbd4623812\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-02-16 09:33 . 2012-02-16 09:33 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f8f0b08845fb76dfcf57e00d86fc13fc\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2012-02-16 09:33 . 2012-02-16 09:33 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\8cd347067dbe1ec5a79c9d261d2d75d9\LoadMxf.ni.exe
+ 2012-02-16 09:33 . 2012-02-16 09:33 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\4089bf2cec6e1a1539076c5bd6d95ce7\ehiTVMSMusic.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\e61d38c15f7f71e3586c89c68b347e33\WindowsLiveWriter.ni.exe
+ 2012-02-16 09:29 . 2012-02-16 09:29 80896 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\eb335b60eaa1f1d85ef3375b3f28c939\WindowsLive.Writer.Passport.ni.dll
+ 2012-02-16 09:32 . 2012-02-16 09:32 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\df6e2f050af3e7a7676650240ef9d7e5\System.Windows.Presentation.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e66fcffbc602b284e20b6c49f4ac64b6\System.Web.DynamicData.Design.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2463cb2600fc129e38f67974f3553368\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\bef92fc6725738f2a261600dab88cd66\PresentationFontCache.ni.exe
+ 2012-02-16 09:26 . 2012-02-16 09:26 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\dcdbd6714f689d7be2a15fe8ed1bc095\PresentationCFFRasterizer.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\7834abeef71f9188bb9d9253d8f807ab\Microsoft.WSMan.Runtime.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\ef668f1802501935d634458ef637f5e7\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\a66c7d26f61bb8e12960441a77159102\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\61a8d567fe6450b5b77584b0044a6979\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\52785c0dca46f1e08b5cf9299fba9ae0\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\183073b14873e3b18951879ae4a8b425\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\824d2cc6a8193a2458ce90e579c8b8f5\Microsoft.Vsa.ni.dll
+ 2012-02-16 13:30 . 2012-02-16 13:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-16 05:43 . 2012-02-16 05:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-16 05:43 . 2012-02-16 05:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-16 13:30 . 2012-02-16 13:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-16 09:01 . 2011-12-14 02:55 231936 c:\windows\SysWOW64\url.dll
- 2012-02-05 15:48 . 2012-02-05 15:48 231936 c:\windows\SysWOW64\url.dll
- 2012-02-05 15:48 . 2012-02-05 15:48 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-02-16 09:01 . 2011-12-14 02:53 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-02-16 09:01 . 2011-12-14 02:47 176640 c:\windows\SysWOW64\ieui.dll
- 2012-02-05 15:48 . 2012-02-05 15:48 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-03-18 19:24 . 2012-02-16 13:03 276304 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2012-02-16 09:01 . 2011-12-14 07:03 237056 c:\windows\system32\url.dll
- 2012-02-05 15:48 . 2012-02-05 15:48 237056 c:\windows\system32\url.dll
+ 2009-07-14 02:36 . 2012-02-16 13:23 627066 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-16 13:23 107382 c:\windows\system32\perfc009.dat
+ 2012-02-16 09:01 . 2011-12-14 07:00 818688 c:\windows\system32\jscript.dll
- 2012-02-05 15:48 . 2012-02-05 15:48 818688 c:\windows\system32\jscript.dll
+ 2012-02-16 09:01 . 2011-12-14 06:53 248320 c:\windows\system32\ieui.dll
- 2012-02-05 15:48 . 2012-02-05 15:48 248320 c:\windows\system32\ieui.dll
- 2009-07-14 05:01 . 2012-02-16 05:42 884328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-16 13:29 884328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-01-03 13:49 . 2012-01-03 13:49 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-03-18 20:12 . 2012-02-16 09:03 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-03-18 20:12 . 2012-02-06 19:58 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-03-18 20:12 . 2012-02-16 09:03 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2011-03-18 20:12 . 2012-02-06 19:58 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2011-03-18 20:12 . 2012-02-06 19:58 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-03-18 20:12 . 2012-02-16 09:03 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2011-03-18 20:12 . 2012-02-06 19:58 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-03-18 20:12 . 2012-02-16 09:03 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-03-18 20:12 . 2012-02-16 09:03 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2011-03-18 20:12 . 2012-02-06 19:58 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2011-03-18 20:12 . 2012-02-06 19:58 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-03-18 20:12 . 2012-02-16 09:03 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-02-16 09:13 . 2012-02-16 09:13 336896 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\6bdb6c455153a223a2180c883ea5a06c\WindowsFormsIntegration.ni.dll
+ 2012-02-16 09:13 . 2012-02-16 09:13 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\8df6331b51fe3ae5b9d0cf8c582d3f84\UIAutomationClient.ni.dll
+ 2012-02-16 09:10 . 2012-02-16 09:10 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\6bc2cf9d31ae7e22349af3ddb1306c96\System.Xml.Linq.ni.dll
+ 2012-02-16 09:11 . 2012-02-16 09:11 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\f9e5fcb862d898327924fcac2ff47c4d\System.Windows.Input.Manipulations.ni.dll
+ 2012-02-16 09:10 . 2012-02-16 09:10 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\5f61f0305f22aed705e0680f58fc5d89\System.Transactions.ni.dll
+ 2012-02-16 09:13 . 2012-02-16 09:13 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\6afb4b90a21aae2e499f577b92102b85\System.ServiceProcess.ni.dll
+ 2012-02-16 09:13 . 2012-02-16 09:13 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\bfb5e1c0961fe330c89c043a188cc807\System.ServiceModel.Routing.ni.dll
+ 2012-02-16 09:13 . 2012-02-16 09:13 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\671c48760746239f2dfb0b64a7413624\System.ServiceModel.Channels.ni.dll
+ 2012-02-16 09:09 . 2012-02-16 09:09 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\d8342f4b914e190a9e5c89c7703dd11f\System.Security.ni.dll
+ 2012-02-16 09:10 . 2012-02-16 09:10 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\9426384a1d2d2e815e093a0fe88da585\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-16 09:10 . 2012-02-16 09:10 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\73d3849c909668636452b43f54edb54e\System.Runtime.Remoting.ni.dll
+ 2012-02-16 09:12 . 2012-02-16 09:12 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\21fa922f90a47d10fd11107efff5ea4f\System.Net.ni.dll
+ 2012-02-16 09:12 . 2012-02-16 09:12 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\c07fc2256ec2210bfd7f7abf1639833e\System.Messaging.ni.dll
+ 2012-02-16 09:12 . 2012-02-16 09:12 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\655c314109b3ab211e13b88d0769651b\System.Management.Instrumentation.ni.dll
+ 2012-02-16 09:12 . 2012-02-16 09:12 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\cf1c0c4152c5548179dd3e2870f25cc4\System.IO.Log.ni.dll
+ 2012-02-16 09:12 . 2012-02-16 09:12 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\d8dc2ea040e12c679b5d779370a19e58\System.IdentityModel.Selectors.ni.dll
+ 2012-02-16 09:10 . 2012-02-16 09:10 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\fef2650a5b3bf39527150b4058762611\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 09:09 . 2012-02-16 09:09 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\994e60f26b11755207e9c7ebb9fd688b\System.Dynamic.ni.dll
+ 2012-02-16 09:12 . 2012-02-16 09:12 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\bc62e3c6c42db6e63c18038e9bac5a5c\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-16 09:12 . 2012-02-16 09:12 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\5373b5adf6f12ca3ac8806827259a986\System.Device.ni.dll
+ 2012-02-16 09:11 . 2012-02-16 09:11 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\938f42c2d694b3935ca890fee7d0c8a7\System.Data.DataSetExtensions.ni.dll
+ 2012-02-16 09:11 . 2012-02-16 09:11 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\cde466cd9b88dc7857c40ac43bf7632c\System.Configuration.Install.ni.dll
+ 2012-02-16 09:11 . 2012-02-16 09:11 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\081bebeff0574ed1969b05eafab5b342\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-16 09:11 . 2012-02-16 09:11 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\e88489a8cc6a68a7ebb4617d1a20e5e7\System.AddIn.ni.dll
+ 2012-02-16 09:11 . 2012-02-16 09:11 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\ba36345815c2011c3f054ebee01a0569\System.Activities.DurableInstancing.ni.dll
+ 2012-02-16 09:08 . 2012-02-16 09:08 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\70edc7fbf7505880ab1652b35f6e9517\SMSvcHost.ni.exe
+ 2012-02-16 09:10 . 2012-02-16 09:10 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\9d160b8d7c69ce50ac1db59a8fa2bcb5\SMDiagnostics.ni.dll
+ 2012-02-16 09:10 . 2012-02-16 09:10 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\dbb2bb145d0bac0d0615f52739ad2702\PresentationFramework.Aero.ni.dll
+ 2012-02-16 09:10 . 2012-02-16 09:10 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\4d9a6f376f83a6ea5b71a678566ee1de\PresentationFramework.Royale.ni.dll
+ 2012-02-16 09:10 . 2012-02-16 09:10 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\3ec560f5f3b643e02b6025363034d624\PresentationFramework.Luna.ni.dll
+ 2012-02-16 09:10 . 2012-02-16 09:10 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\1767cdd5d245b5087045d1ad2fbdd8fd\PresentationFramework.Classic.ni.dll
+ 2012-02-16 09:09 . 2012-02-16 09:09 422400 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\3002d0322acd6f6dd016bd8105bedf51\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-02-16 09:09 . 2012-02-16 09:09 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\385ffb17c4890d76682d1d0c81f39e09\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-16 09:16 . 2012-02-16 09:16 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\bfab3d0d973b05366401b15f6ab8febb\WindowsFormsIntegration.ni.dll
+ 2012-02-16 09:16 . 2012-02-16 09:16 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\f4d55487b0e1eae2de72e1d8e14c4781\UIAutomationClient.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\35b997b2652f8f564b062e6a6e59055f\System.Xml.Linq.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\b16aace2ac6c7e7d6849f3a683776cd1\System.Windows.Input.Manipulations.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\07db951fbbd939fc70b0b91a8fa83185\System.Transactions.ni.dll
+ 2012-02-16 09:15 . 2012-02-16 09:15 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\f9977bade8fa997882aa57b430820765\System.ServiceProcess.ni.dll
+ 2012-02-16 09:15 . 2012-02-16 09:15 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b6b9eeba0eaffb7691e9fd06c4f3dd10\System.ServiceModel.Routing.ni.dll
+ 2012-02-16 09:07 . 2012-02-16 09:07 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\f7ddf9585d0b4b46437dc07b50955b64\System.Security.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\012cb4a4bd973425eac0dbe52cdcc721\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e558d70a5dbc430b5a2904eec156749d\System.Runtime.Remoting.ni.dll
+ 2012-02-16 09:15 . 2012-02-16 09:15 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\6ddba0a0ef4a512f8de2b3feacb8bd4a\System.Net.ni.dll
+ 2012-02-16 09:15 . 2012-02-16 09:15 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\3ae04414918ec66af305d771a18d8b3c\System.Messaging.ni.dll
+ 2012-02-16 09:15 . 2012-02-16 09:15 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\b2990e7dd2ce6c1ec99e4f27f766beb0\System.Management.Instrumentation.ni.dll
+ 2012-02-16 09:15 . 2012-02-16 09:15 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\3ee79197b362398995eba1a67e83d865\System.IO.Log.ni.dll
+ 2012-02-16 09:15 . 2012-02-16 09:15 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\3e177995dd026b939dc8b6769c77e60f\System.IdentityModel.Selectors.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\06c498e1b0e11e9de295c02f1519b8ff\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\06c498e1b0e11e9de295c02f1519b8ff\System.EnterpriseServices.ni.dll
+ 2012-02-16 09:07 . 2012-02-16 09:07 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\746a79ac47809d2658daf85f2b5a2ad9\System.Dynamic.ni.dll
+ 2012-02-16 09:15 . 2012-02-16 09:15 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\4946d4a8b1301179885c0621ac7120ca\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-16 09:15 . 2012-02-16 09:15 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\171d40509eccb741a5a4a0908b41c840\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-16 09:15 . 2012-02-16 09:15 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\eca593b1efb8f28f8204c841d6f875f2\System.Device.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\8cec191afd4e0abc87ed7e93f814f1fc\System.Data.DataSetExtensions.ni.dll
+ 2012-02-16 09:07 . 2012-02-16 09:07 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1702c5e18cdd96c022d87c38561f19c9\System.Configuration.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\36c77d53335088d10774054af4dfc034\System.Configuration.Install.ni.dll
+ 2012-02-16 09:07 . 2012-02-16 09:07 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\a58dbf4346bc2bd65df689cb6b25326c\System.ComponentModel.Composition.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\3924f7fd82f46e76f3b89b9828c3587c\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\b323b1cd4f7e891c9b2def688895cd37\System.AddIn.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\89c1fb7b7684036e32dafff798d1a744\System.Activities.DurableInstancing.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\2dca989632203f2bc603d76492aff1f3\SMSvcHost.ni.exe
+ 2012-02-16 09:14 . 2012-02-16 09:14 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3ed5c98553688c7bd5fa0459ddc629bf\SMDiagnostics.ni.dll
+ 2012-02-16 09:07 . 2012-02-16 09:07 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9dbdf77b1208ccfea1b67b50084c3f1a\PresentationFramework.Aero.ni.dll
+ 2012-02-16 09:07 . 2012-02-16 09:07 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\870a3f81e3fa889dfd5f63ea813d1bb5\PresentationFramework.Royale.ni.dll
+ 2012-02-16 09:07 . 2012-02-16 09:07 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\5bf1ff80129ae0bca17f47ccf3dbc0c4\PresentationFramework.Classic.ni.dll
+ 2012-02-16 09:07 . 2012-02-16 09:07 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\590ab08a24d15cb6891608c80fdebb1a\PresentationFramework.Luna.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\3af662b73b0b3390467aa31f415992c7\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\4a9409b232987a471b8437cd0a35a3ea\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-16 09:36 . 2012-02-16 09:36 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\600f8ca5fcc54f10623903952fcc10ac\WsatConfig.ni.exe
+ 2012-02-16 09:36 . 2012-02-16 09:36 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\ddb96c334583dc79463edcb14ae16c99\WindowsFormsIntegration.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 653312 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\152b577b846875cb3ac5e2097451daf0\UIAutomationClient.ni.dll
+ 2012-02-16 09:36 . 2012-02-16 09:36 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\fb5fce5cf09733b71a796d1da399f07a\TaskScheduler.ni.dll
+ 2012-02-16 09:35 . 2012-02-16 09:35 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\bc3bbe78635aeacaeea3b310ea5ff002\System.Xml.Linq.ni.dll
+ 2012-02-16 09:36 . 2012-02-16 09:36 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\894b696a87ad47b5e18ac89954813a94\System.Web.Routing.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\ed681c0aefa909f528d50d0d7f87b799\System.Web.RegularExpressions.ni.dll
+ 2012-02-16 09:36 . 2012-02-16 09:36 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\a6885ee42ea49eb80f1bd18a5252684d\System.Web.Entity.ni.dll
+ 2012-02-16 09:36 . 2012-02-16 09:36 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\88ffeea88ac9ce23de0c5a27a95e773a\System.Web.Entity.Design.ni.dll
+ 2012-02-16 09:36 . 2012-02-16 09:36 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\7a311c3305dbbd5cfa2613997608a4ae\System.Web.DynamicData.ni.dll
+ 2012-02-16 09:35 . 2012-02-16 09:35 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\e5069f3c90b4413dd2f3dc226c80bc68\System.Web.Abstractions.ni.dll
+ 2012-02-16 09:28 . 2012-02-16 09:28 921600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\caa6d0e3ec056ab964616da777c2fcb1\System.Transactions.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\872d9ab7e9259b407668c38b6112499e\System.ServiceProcess.ni.dll
+ 2012-02-16 09:27 . 2012-02-16 09:27 928768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\ffc67ee81b75ac04dfc1fee6a7fef8c5\System.Security.ni.dll
+ 2012-02-16 09:28 . 2012-02-16 09:28 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\bc8c5bdae37a113b2274279ceb94d6d8\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-16 09:36 . 2012-02-16 09:36 916480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\e238ca4ca02f9309283c98e1a4235bbd\System.Net.ni.dll
+ 2012-02-16 09:32 . 2012-02-16 09:32 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\9880905a6fde778e564adf54b2afbaa5\System.Messaging.ni.dll
+ 2012-02-16 09:35 . 2012-02-16 09:35 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\c340633057ed6b9ffcf2214cb348a1fa\System.Management.Instrumentation.ni.dll
+ 2012-02-16 09:35 . 2012-02-16 09:35 569856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\c24a84d54ad05618cf6cab545c31b06b\System.IO.Log.ni.dll
+ 2012-02-16 09:32 . 2012-02-16 09:32 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\2ba95581264a766410a6dbbe767c5ed8\System.IdentityModel.Selectors.ni.dll
+ 2012-02-16 09:28 . 2012-02-16 09:28 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\dbd535c6b73a9d9ffab8b91124ea7dda\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\f1fd4593259aaf5fd2b2e9a7aed2d8cb\System.Drawing.Design.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 649728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\3c2c8f083f34a3c75e0aa17ef9ac4127\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-16 09:35 . 2012-02-16 09:35 629760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\be6635364f1af379afff83dd877a4e03\System.Data.Services.Design.ni.dll
+ 2012-02-16 09:35 . 2012-02-16 09:35 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\027959159200e828ccfddaef5f01b3a9\System.Data.DataSetExtensions.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\e71e38d2ca2cd291467d890336f45931\System.Configuration.Install.ni.dll
+ 2012-02-16 09:35 . 2012-02-16 09:35 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\8c954be3f8d070b1364844741ff4b4b1\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-16 09:35 . 2012-02-16 09:35 889344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\bd9159951d0caa9bf5c90c44fc96661b\System.AddIn.ni.dll
+ 2012-02-16 09:35 . 2012-02-16 09:35 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\8bfc7a328911ae69686576bd24f4f771\SMSvcHost.ni.exe
+ 2012-02-16 09:32 . 2012-02-16 09:32 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\823bd996cb5aefd6c2b2fa7e19e0ef40\SMDiagnostics.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\cc864feeea3e918e3d9790b301bb2004\PresentationFramework.Royale.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\ab440c134c4d619f82ba6eab569c8fed\PresentationFramework.Luna.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\0e79d12dc8bede29dc337dba8d803bfa\PresentationFramework.Aero.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 282624 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\0e6121dbd31ce6b51354b38075dc9007\PresentationFramework.Classic.ni.dll
+ 2012-02-16 09:35 . 2012-02-16 09:35 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\9c808282a0cfdc5bafcb43e1778d97d6\napsnap.ni.dll
+ 2012-02-16 09:35 . 2012-02-16 09:35 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\616ce317134d4225fc7eec80f9351855\napinit.ni.dll
+ 2012-02-16 09:35 . 2012-02-16 09:35 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\a4b5d98bf175a3f10c47f223195c34b0\MSBuild.ni.exe
+ 2012-02-16 09:33 . 2012-02-16 09:33 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\b94e1c9115d8e37e734b27b48f54d236\MMCFxCommon.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 681984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\04532b2b5174ca249e01a8b21d0ba6fd\Microsoft.WSMan.Management.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\5cd854d075caf8b50de3c803b4303e03\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\cb1c199305d00b2424e707311eb9dcfd\Microsoft.Vsa.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\b2438f632ab1dcbb1cb91c5a1226aaf1\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\d7f5b39fba028d2f9e2b3a772845a2a6\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\99bb7896ddbe74236efaa97733c63cbc\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\71542ecf96342dc1464fe471852be89a\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 237056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\0bafa5e2dc431bb12108395cf2e18773\Microsoft.PowerShell.Security.ni.dll
+ 2012-02-16 09:33 . 2012-02-16 09:33 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ddd2f252bea1cce14bb498257992635a\Microsoft.MediaCenter.Interop.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\cf9be66d53dddbf49b75cead76ef3cea\Microsoft.MediaCenter.Mheg.ni.dll
+ 2012-02-16 09:33 . 2012-02-16 09:33 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\55172dec8f1353d1a8d9cdc4c0b9fac0\Microsoft.MediaCenter.Playback.ni.dll
+ 2012-02-16 09:33 . 2012-02-16 09:33 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5495e7eca3dac7eee473e30a3611f178\Microsoft.MediaCenter.Sports.ni.dll
+ 2012-02-16 09:33 . 2012-02-16 09:33 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\35ce662c1368782ede0852134106ea43\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-02-16 09:33 . 2012-02-16 09:33 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\505549b05e5c3ceccd26ad9c398381e8\Microsoft.ManagementConsole.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 244736 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\f356844d3667b88d03bde2ae524659b6\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\86f7fa65013864ae7da2fba058199dae\Microsoft.Build.Utilities.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\c467a4d9eeda620e3e7602a9ecf9ae76\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-16 09:33 . 2012-02-16 09:33 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\304068df803748d7743a6a4dc344915f\Mcx2Dvcs.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\fb79aad0c745ff7b45151bc58b4dc8e9\mcupdate.ni.exe
+ 2012-02-16 09:33 . 2012-02-16 09:33 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\4a29229fecf805779bee25b756d78a0d\mcstoredb.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\8affc4346a86b80727282966ce58662b\mcplayerinterop.ni.dll
+ 2012-02-16 09:33 . 2012-02-16 09:33 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\756a74d6b322877662a0f6da4bc7d8e6\mcGlidHostObj.ni.dll
+ 2012-02-16 09:33 . 2012-02-16 09:33 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\2ce02776e0f2f1770f4bb77e1f6d7472\MCESidebarCtrl.ni.dll
+ 2012-02-16 09:33 . 2012-02-16 09:33 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\956ca0e08e881df7f16f7d6d1381f71d\EventViewer.ni.dll
+ 2012-02-16 09:33 . 2012-02-16 09:33 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\307ca4b67db79b05b4781634ea8ec0d7\ehRecObj.ni.dll
+ 2012-02-16 09:33 . 2012-02-16 09:33 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\5f53457f49927ecf00156d20466cc5a6\ehExtHost.ni.exe
+ 2012-02-16 09:33 . 2012-02-16 09:33 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\b49168b11f5f60ddafed2ab1fdd4540f\ehCIR.ni.dll
+ 2012-02-16 09:32 . 2012-02-16 09:32 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\f2808fb3389d3e28e2b0223dcd654e02\ComSvcConfig.ni.exe
+ 2012-02-16 09:32 . 2012-02-16 09:32 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\45af2aab82a69a1a6fe0f7cef4024673\BDATunePIA.ni.dll
+ 2012-02-16 09:32 . 2012-02-16 09:32 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\105e77fbca8c5bb29988f3847b0d599f\WsatConfig.ni.exe
+ 2012-02-16 09:30 . 2012-02-16 09:30 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\da0467910de6ec2e0d24f453b513aa61\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f373a55fc4cff70f44fd52ce98813bb2\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e974e1b8c053357e9c375502803bf337\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 156672 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b29f0535ff6220a7edd4b0f8613fe79c\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aa1a7401eba5b44f051833d6df36e392\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a3eb590339228ac58bf3c6464b701293\WindowsLive.Writer.Interop.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\84517241691d3b0665f830e7a1d70641\WindowsLive.Writer.Controls.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\83094d8111b0eec721b34b83a4ffbcd5\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7347f39b632f3173b53e38193bdff14d\WindowsLive.Writer.Instrumentation.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\64d6ef1d1dc03e9974922323680cc56a\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2c6558f02f6b9b2b7b25b44d0471fdfd\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1c7d4ebd23ab04830133b2ad745ccae5\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\008c760b591a1b4d5c6be1b03b78e1c8\WindowsLive.Writer.Api.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 223232 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\b2b95ff27aa6d4abcf52ce18e9767aff\WindowsLive.Client.ni.dll
+ 2012-02-16 09:32 . 2012-02-16 09:32 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\af6e0dd358a5edc094dca9e7957f1038\WindowsFormsIntegration.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\d0972fea9e965a565c3cff76982709db\UIAutomationClient.ni.dll
+ 2012-02-16 09:32 . 2012-02-16 09:32 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\ff345d3a2aaafb8a960c3d400e3c11a9\TaskScheduler.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\fa1161af51ab42a61bfac9d02d469a06\System.Xml.Linq.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\43e0731fbb58632563909f1fa5dfe063\System.Web.Routing.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\84ee5a23a20b65773686657254ea9831\System.Web.RegularExpressions.ni.dll
+ 2012-02-16 09:32 . 2012-02-16 09:32 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\95f94674ddc4b1224df94bd7ae19c9ef\System.Web.Extensions.Design.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\4c569a365154300e49ab3450f74c2618\System.Web.Entity.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\fb21c5770bc64fc4105787238842f70d\System.Web.Entity.Design.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\785e2ad4125cef423bc367b37fabb71c\System.Web.DynamicData.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\685fb72f0189330eda1d62176fb38996\System.Web.Abstractions.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9e8dfbd1334d30a08ce1f2df29ca9aff\System.Transactions.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll
+ 2012-02-16 09:25 . 2012-02-16 09:25 680448 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\dc4a4350f8c0c0919b5fb78f0c44291b\System.Security.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\adb2fc93e7a4462eb399442c678be681\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2273d6ab12c9ae0d52842a84d586b8df\System.Net.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\a717cdb44ec0d3238c621efa420a9956\System.Messaging.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\b5930434d0d624701114e014513c9041\System.Management.Instrumentation.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7651951311f9d134e6bc08be7dc9ddc7\System.IO.Log.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\8b0dc9405f292a93ddd52eb76bb88169\System.IdentityModel.Selectors.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3fccda0d4dd150a217c2798e39e97a48\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3fccda0d4dd150a217c2798e39e97a48\System.EnterpriseServices.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\a09d397c3a4eb60b04a0628cc187ce34\System.Drawing.Design.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\eebb837dbb8e5781e448c72eeda27983\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\344d3289061b28a0f7fb19229f45bb9c\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 462336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\6a6642467bcccf0345c5e9139e7fd9ae\System.Data.Services.Design.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\c1cf8e31da405f07780fa7b0f28cc650\System.Data.Entity.Design.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\71400a36c8621388031e00075f2fc8e9\System.Data.DataSetExtensions.ni.dll
+ 2012-02-16 09:25 . 2012-02-16 09:25 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\47e25ae9163f4624a66f99ede0ea98fe\System.Configuration.Install.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\05c4011ad0068d0af722b4b52677d915\System.AddIn.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\17b78ffee2144cf38f024e73b131158d\SMSvcHost.ni.exe
+ 2012-02-16 09:30 . 2012-02-16 09:30 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\281b67b96a2dd473dad4d222da0ca514\SMDiagnostics.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fbcb09488417e40b6f7f7737f737bbfd\PresentationFramework.Luna.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 226816 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbd1929fa377b354903e37469838d9a1\PresentationFramework.Classic.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4ff6c887092d4db687441d71e2c812ff\PresentationFramework.Royale.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\62531ec9534c96e83de2bbd4edfd07e8\napsnap.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\bb49eea48fd5f546afc6d5be634d3cb9\napinit.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\4ac4095081957a001a6174c0b9f7f195\MSBuild.ni.exe
+ 2012-02-16 09:30 . 2012-02-16 09:30 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\bd5a72adac7a95585984d5bcce994b71\MMCFxCommon.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 531968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\928fb6b2401fffd8cc993578c3a04acd\Microsoft.WSMan.Management.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\481b6ebea3e357f29a4ec0e8193d36d3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\eda566c4dc6595779c3c9dfc359575ed\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\df4f6b6f33d84b7f438c3f3b66f0336d\Microsoft.PowerShell.Security.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\951235283ff1d4a91ffaa92ea8693249\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 786432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\5f7928a2ffe462f16e25f03be01966e9\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2015eca4346e34310e958089b22a9c62\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\6386ef67ed70f53fe6424246d256190d\Microsoft.ManagementConsole.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\c8e128b5e6ceee852cb1f8c165c2177e\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9795da40a8ee0bc54e91792de7422152\Microsoft.Build.Utilities.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\be7ad749a064283deab76fad38bf2930\Microsoft.Build.Engine.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\f42105699650a206e2ae439ac54ad40a\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\886a8c3d4f00567df779318fea56f28a\mcstoredb.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\58ea1059f397ccd13d6a8d94d7be7830\EventViewer.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\9d5219961228fb5236c843ea75c69d39\ehRecObj.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\6a07aa6df4d45d1485b6a2749647a3aa\ehExtHost32.ni.exe
+ 2012-02-16 09:30 . 2012-02-16 09:30 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\39ab6b73bdbaac85b90cc561761916f7\ComSvcConfig.ni.exe
+ 2012-02-16 09:29 . 2012-02-16 09:29 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\d89086a63a9d85aa9d719d7088e5ae69\BDATunePIA.ni.dll
+ 2012-02-16 09:01 . 2011-12-14 02:57 1127424 c:\windows\SysWOW64\wininet.dll
- 2012-02-05 15:48 . 2012-02-05 15:48 1127424 c:\windows\SysWOW64\wininet.dll
- 2012-02-05 15:48 . 2012-02-05 15:48 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-02-16 09:01 . 2011-12-14 02:57 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-02-16 09:01 . 2011-12-14 03:04 1798656 c:\windows\SysWOW64\jscript9.dll
+ 2012-02-16 09:01 . 2011-12-14 02:52 1792000 c:\windows\SysWOW64\iertutil.dll
- 2012-02-05 15:48 . 2012-02-05 15:48 1792000 c:\windows\SysWOW64\iertutil.dll
+ 2012-02-16 09:00 . 2011-12-14 03:10 9705472 c:\windows\SysWOW64\ieframe.dll
- 2012-02-05 15:48 . 2012-02-05 15:48 9705472 c:\windows\SysWOW64\ieframe.dll
- 2012-02-05 15:48 . 2012-02-05 15:48 1390080 c:\windows\system32\wininet.dll
+ 2012-02-16 09:01 . 2011-12-14 07:04 1390080 c:\windows\system32\wininet.dll
- 2012-02-05 15:48 . 2012-02-05 15:48 1345536 c:\windows\system32\urlmon.dll
+ 2012-02-16 09:01 . 2011-12-14 07:04 1345536 c:\windows\system32\urlmon.dll
+ 2012-02-16 09:01 . 2011-12-14 07:11 2308096 c:\windows\system32\jscript9.dll
- 2012-02-05 15:48 . 2012-02-05 15:48 2144256 c:\windows\system32\iertutil.dll
+ 2012-02-16 09:01 . 2011-12-14 06:59 2144256 c:\windows\system32\iertutil.dll
- 2009-07-14 04:45 . 2012-02-05 15:54 5655920 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-02-16 09:25 5655920 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2012-02-06 14:26 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-02-16 09:27 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2011-03-18 17:23 . 2012-02-16 05:42 9684232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-146183986-3892266785-3712315220-1000-8192.dat
+ 2011-03-18 17:23 . 2012-02-16 13:29 9684232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-146183986-3892266785-3712315220-1000-8192.dat
+ 2011-10-26 20:46 . 2011-10-26 20:46 3511880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
- 2011-11-02 12:20 . 2011-05-04 22:31 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2012-02-16 05:51 . 2011-10-31 23:15 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2011-10-26 20:46 . 2011-10-26 20:46 3511880 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
- 2011-11-02 12:20 . 2011-05-04 22:32 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-02-16 05:51 . 2011-10-31 23:16 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 3511880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-01-03 13:49 . 2012-01-03 13:49 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-02-16 09:06 . 2012-02-16 09:06 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-10-26 22:36 . 2011-10-26 22:36 2829312 c:\windows\Installer\b30144.msp
+ 2012-02-03 21:13 . 2012-02-03 21:13 4988928 c:\windows\Installer\b3012f.msp
- 2011-03-18 20:12 . 2012-02-06 19:58 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-03-18 20:12 . 2012-02-16 09:03 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-03-18 20:12 . 2012-02-16 09:03 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2011-03-18 20:12 . 2012-02-06 19:58 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-02-16 09:09 . 2012-02-16 09:09 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\9d5feeb6727e222673d5bd89f0620ddd\WindowsBase.ni.dll
+ 2012-02-16 09:13 . 2012-02-16 09:13 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\68f44d619637fac197ee6c8ac9f2aec9\UIAutomationClientsideProviders.ni.dll
+ 2012-02-16 09:09 . 2012-02-16 09:09 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\ff247393a6deb90d63811aa88c84dc7e\System.Xml.ni.dll
+ 2012-02-16 09:10 . 2012-02-16 09:10 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\e158bd31f13cbc20f6fc7c7f426113d7\System.Xaml.ni.dll
+ 2012-02-16 09:13 . 2012-02-16 09:13 5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\843d0370292b7b124f9b9231f87e8e6a\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-02-16 09:13 . 2012-02-16 09:13 2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\be0e793afecb54a67a688e4528676e70\System.Web.Services.ni.dll
+ 2012-02-16 09:13 . 2012-02-16 09:13 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\ae3a837b63de8d3f3fc63a7bfc16589a\System.Speech.ni.dll
+ 2012-02-16 09:13 . 2012-02-16 09:13 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\aec154cbfb0eec1497fb89ebd6deb344\System.ServiceModel.Discovery.ni.dll
+ 2012-02-16 09:13 . 2012-02-16 09:13 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\80b8b6324a73493227b2672b2d6820d3\System.ServiceModel.Activities.ni.dll
+ 2012-02-16 09:10 . 2012-02-16 09:10 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\717540eea541a2769a6cf621fd948678\System.Runtime.Serialization.ni.dll
+ 2012-02-16 09:10 . 2012-02-16 09:10 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\dc7fbde064d5710780a6b8f27554dc57\System.Runtime.DurableInstancing.ni.dll
+ 2012-02-16 09:11 . 2012-02-16 09:11 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\31c34917df5f24f1ffdd62bfa23f2fb7\System.Printing.ni.dll
+ 2012-02-16 09:12 . 2012-02-16 09:12 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\15112a35e0e355fc344792e49c41628f\System.Management.ni.dll
+ 2012-02-16 09:12 . 2012-02-16 09:12 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\bffc049b6775c3f6f144917a4387a0be\System.IdentityModel.ni.dll
+ 2012-02-16 09:10 . 2012-02-16 09:10 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\fef2650a5b3bf39527150b4058762611\System.EnterpriseServices.ni.dll
+ 2012-02-16 09:10 . 2012-02-16 09:10 2290688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\0443ad47a6be56beca12a7a13261c8ed\System.Drawing.ni.dll
+ 2012-02-16 09:12 . 2012-02-16 09:12 1217536 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\d94ef12e883b2354af26f19ec7e25110\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-16 09:10 . 2012-02-16 09:10 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\026c74ff72ba4fce837134953778e755\System.DirectoryServices.ni.dll
+ 2012-02-16 09:11 . 2012-02-16 09:11 2402816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\e8e5fcc8e7eb9ce898be3c22e8902ee4\System.Deployment.ni.dll
+ 2012-02-16 09:11 . 2012-02-16 09:11 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\8d734fe538fe6f226eab465c8d8e3d5c\System.Data.ni.dll
+ 2012-02-16 09:09 . 2012-02-16 09:09 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\83aa1c4f17f57067d3be29e560331349\System.Data.SqlXml.ni.dll
+ 2012-02-16 09:12 . 2012-02-16 09:12 1798656 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\6a0bcd0e756819ea795b161d2156e9a8\System.Data.Services.Client.ni.dll
+ 2012-02-16 09:12 . 2012-02-16 09:12 3386368 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\1548624d8ec5142825864c5f59be9b49\System.Data.Linq.ni.dll
+ 2012-02-16 09:09 . 2012-02-16 09:09 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\2672be84bcad1c772163d15db0e2864e\System.Configuration.ni.dll
+ 2012-02-16 09:11 . 2012-02-16 09:11 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\228bb21cab2c9ce2f69d5e24a9352a3f\System.ComponentModel.Composition.ni.dll
+ 2012-02-16 09:11 . 2012-02-16 09:11 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\36f5aa69b510e3aeb24ef402d12c20e0\System.Activities.ni.dll
+ 2012-02-16 09:11 . 2012-02-16 09:11 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\7be5ac01354a0c03d5587607687de1e1\System.Activities.Presentation.ni.dll
+ 2012-02-16 09:11 . 2012-02-16 09:11 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\8d549e47084ec2661c944a1eeb9a2be5\System.Activities.Core.Presentation.ni.dll
+ 2012-02-16 09:11 . 2012-02-16 09:11 4232704 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\8d8f46afc9b2b65144f29a609f63398e\ReachFramework.ni.dll
+ 2012-02-16 09:10 . 2012-02-16 09:10 2056192 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\735f127d0957bacdfe6522f0b8a2dcb0\PresentationUI.ni.dll
+ 2012-02-16 09:09 . 2012-02-16 09:09 1843200 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\710482e876a08aaf596a1418b13eb349\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-02-16 09:09 . 2012-02-16 09:09 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\6b82e7a7001a661cb712067b75b7c5ec\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-02-16 09:09 . 2012-02-16 09:09 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\60ff6c1510fb0e2d70e616650eb7ae47\Microsoft.VisualBasic.ni.dll
+ 2012-02-16 09:09 . 2012-02-16 09:09 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2e6537fafd64c81032b0aaebb7d3180a\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-16 09:12 . 2012-02-16 09:12 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\f38dbc9d7ebe981a7c22b72dffb4a2af\Microsoft.JScript.ni.dll
+ 2012-02-16 09:09 . 2012-02-16 09:09 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\1cf22b5ea0ef63e71b6416a36b656b8a\Microsoft.CSharp.ni.dll
+ 2012-02-16 09:07 . 2012-02-16 09:07 3857920 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6be8cdc102f384653338279eff1f78fd\WindowsBase.ni.dll
+ 2012-02-16 09:16 . 2012-02-16 09:16 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\de58d9a7cb1ebe18d9519943fb351105\UIAutomationClientsideProviders.ni.dll
+ 2012-02-16 09:07 . 2012-02-16 09:07 9091584 c:\windows\assembly\NativeImages_v4.0.30319_32\System\9c4788acc8f93c33214865395cee2e1c\System.ni.dll
+ 2012-02-16 09:07 . 2012-02-16 09:07 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a588133985ef7510d4cc8cc7924f8ec3\System.Xml.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b74e1ad9110a39851b12cb46b3954163\System.Xaml.ni.dll
+ 2012-02-16 09:16 . 2012-02-16 09:16 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\f0d119151e7a4d59698125eb4b4275ee\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-02-16 09:15 . 2012-02-16 09:15 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\4d39c6a77db47caf40787ec818691ded\System.Web.Services.ni.dll
+ 2012-02-16 09:15 . 2012-02-16 09:15 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\572316066654286b4629c0a680a76e1b\System.Speech.ni.dll
+ 2012-02-16 09:15 . 2012-02-16 09:15 1392640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4d1a64fc317c7d5de7321ef42d9443aa\System.ServiceModel.Activities.ni.dll
+ 2012-02-16 09:15 . 2012-02-16 09:15 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\26150ab602b494d300ae488f81dbef9b\System.ServiceModel.Discovery.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\7aa036e91909e1bc5e1d35b673defab2\System.Runtime.Serialization.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a2011e79b6ef1c5381d110f75685008c\System.Runtime.DurableInstancing.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\dcbff6c9c548b51344cc4ad4893646b2\System.Printing.ni.dll
+ 2012-02-16 09:15 . 2012-02-16 09:15 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\b7bf9745b6ac67086c7364ee34174c51\System.Management.ni.dll
+ 2012-02-16 09:15 . 2012-02-16 09:15 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\38b6bf7d0ee6cea88d785e52e991627c\System.IdentityModel.ni.dll
+ 2012-02-16 09:07 . 2012-02-16 09:07 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9d5b252266a6084a611b2be84fac9e1c\System.Drawing.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\94f406f804865ec1ef81acaf426e48ca\System.DirectoryServices.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\d612e5ab6df30b2018730c781e979ce8\System.Deployment.ni.dll
+ 2012-02-16 09:07 . 2012-02-16 09:07 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\25a90057cd6623c3b3cc07e53c8de77a\System.Data.ni.dll
+ 2012-02-16 09:07 . 2012-02-16 09:07 2549760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\79ff5fcb68fc0f3dce4571f8fa950a51\System.Data.SqlXml.ni.dll
+ 2012-02-16 09:15 . 2012-02-16 09:15 1343488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\6bbce53ef9b6e8b9204929342f503647\System.Data.Services.Client.ni.dll
+ 2012-02-16 09:07 . 2012-02-16 09:07 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\ae45172466a99ef79ed2ab3ae5ad0ef9\System.Data.Linq.ni.dll
+ 2012-02-16 09:07 . 2012-02-16 09:07 7069696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\b6ac99f2787a9a672d7a696ef25588ee\System.Core.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\3d60413b16725524801275d92249169b\System.Activities.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\bb8932dfd01f4c645f9902fd703cde49\System.Activities.Presentation.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\d92c6df050f16ca2610191d283d826bb\System.Activities.Core.Presentation.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 2907136 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\6f94955023126311d6aaa840f8852023\ReachFramework.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\a593524fad58317c70d237d214a25204\PresentationUI.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\70a16497eb1cc16502203fb15014fd35\Microsoft.VisualBasic.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\5c70caccfbb0d9706fc30b6cd9fc05f2\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2308d9bc9e1b4fa300140d447aa34d51\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-02-16 09:14 . 2012-02-16 09:14 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\38b6c0eb820c7b8ce3efb4bdfb6ba480\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-16 09:15 . 2012-02-16 09:15 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\5beb57c4dedf5103ee84b16d0d269093\Microsoft.JScript.ni.dll
+ 2012-02-16 09:07 . 2012-02-16 09:07 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\bc7e22b7991a4f23c6bb9e83e2241d05\Microsoft.CSharp.ni.dll
+ 2012-02-16 09:27 . 2012-02-16 09:27 4962816 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\a6d9b6658c7778345cc60fe0d9bb6e64\WindowsBase.ni.dll
+ 2012-02-16 09:36 . 2012-02-16 09:36 1459712 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\dac9f71ca1332da2a359e2d07589b7e9\UIAutomationClientsideProviders.ni.dll
+ 2012-02-16 09:27 . 2012-02-16 09:27 6948864 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\e04d9231de2f5d2ababdb425df670e63\System.Xml.ni.dll
+ 2012-02-16 09:36 . 2012-02-16 09:36 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\5571a92171f93c8a4806b9f1805f1c56\System.WorkflowServices.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\3b2e60a9cfedffc4c850f1d0ef17e5e1\System.Workflow.Runtime.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\809f0c7c2d0233f086f83b75f6aa9560\System.Workflow.ComponentModel.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\f09110bd4c01129e8ef2e345e8b58920\System.Workflow.Activities.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\28c5f5bb725935286936596e3f5f4f38\System.Web.Services.ni.dll
+ 2012-02-16 09:36 . 2012-02-16 09:36 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\2b012fd0a270bdac848843047bb93312\System.Web.Mobile.ni.dll
+ 2012-02-16 09:35 . 2012-02-16 09:35 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\cf203792167bd243b057b8daf79e0d98\System.Web.Extensions.ni.dll
+ 2012-02-16 09:36 . 2012-02-16 09:36 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\7f261dc1eaa3e4e0b93c44678888dd44\System.Web.Extensions.Design.ni.dll
+ 2012-02-16 09:36 . 2012-02-16 09:36 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\a49bc70b640e21c9bcecbd8122203283\System.Speech.ni.dll
+ 2012-02-16 09:35 . 2012-02-16 09:35 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\8ef813ce3f85ea3b3f499d734ac8019e\System.ServiceModel.Web.ni.dll
+ 2012-02-16 09:32 . 2012-02-16 09:32 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\f99728bbb535157b904873158379dc67\System.Runtime.Serialization.ni.dll
+ 2012-02-16 09:28 . 2012-02-16 09:28 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\8b193e216f8cf8cd74d7f63cc3ebd2d9\System.Runtime.Remoting.ni.dll
+ 2012-02-16 09:28 . 2012-02-16 09:28 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\1194371f7bf016fa5f5db6a6003af63e\System.Printing.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 1472000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\6860203a3f244d4c6b89ff38a9c9cadb\System.Management.ni.dll
+ 2012-02-16 09:32 . 2012-02-16 09:32 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\3fae8a8515a716f1fae4a64a7f2a4b05\System.IdentityModel.ni.dll
+ 2012-02-16 09:28 . 2012-02-16 09:28 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\dbd535c6b73a9d9ffab8b91124ea7dda\System.EnterpriseServices.ni.dll
+ 2012-02-16 09:27 . 2012-02-16 09:27 2311168 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\6c52a4ed4a4d301b51cae24e0d0b28ac\System.Drawing.ni.dll
+ 2012-02-16 09:28 . 2012-02-16 09:28 1640448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\cc26a70ca09b5e09736df4f2f4af045a\System.DirectoryServices.ni.dll
+ 2012-02-16 09:35 . 2012-02-16 09:35 1230848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\48a91957a4b86c3bcebec68eb1471def\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-16 09:27 . 2012-02-16 09:27 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\6d33e51aa1dd1c4c8ac5bff1c7ad7b4b\System.Deployment.ni.dll
+ 2012-02-16 09:28 . 2012-02-16 09:28 8681472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\bc98c6a47226c05d244f7ffb07b6d6bf\System.Data.ni.dll
+ 2012-02-16 09:27 . 2012-02-16 09:27 3463680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\134d55401aae7ef73c10ad743774127f\System.Data.SqlXml.ni.dll
+ 2012-02-16 09:35 . 2012-02-16 09:35 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\2dd10ff57a987aa347518b0abfcaf8b3\System.Data.Services.ni.dll
+ 2012-02-16 09:35 . 2012-02-16 09:35 1868288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\0177f6ff2b3faf1805b3ba63e0e20ad0\System.Data.Services.Client.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 1506816 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\7892bc65d0be332ab0d4f5dae01d2c3c\System.Data.OracleClient.ni.dll
+ 2012-02-16 09:35 . 2012-02-16 09:35 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\dd28d55dd94fb4d1e4dca6393e4b15a4\System.Data.Linq.ni.dll
+ 2012-02-16 09:35 . 2012-02-16 09:35 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\caf124d5431e8d8aba046e54a8b7dea5\System.Data.Entity.Design.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 3315200 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\9e59bc2c8cf98cd315468ca01f68663c\System.Core.ni.dll
+ 2012-02-16 09:27 . 2012-02-16 09:27 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\da9e586395168489e96323c7cbd635a3\System.Configuration.ni.dll
+ 2012-02-16 09:28 . 2012-02-16 09:28 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\c2b60ec84728f2a0b99f2113ed7eba37\ReachFramework.ni.dll
+ 2012-02-16 09:28 . 2012-02-16 09:28 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\d5b793b7c0429d61e51fe917d1066df8\PresentationUI.ni.dll
+ 2012-02-16 09:35 . 2012-02-16 09:35 1884160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\0618574a66f03040f765c43693bf58f6\PresentationBuildTasks.ni.dll
+ 2012-02-16 09:35 . 2012-02-16 09:35 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\24f9a2d494b01bcbc6919f60a278c715\Narrator.ni.exe
+ 2012-02-16 09:34 . 2012-02-16 09:34 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\8988116626390eae76ef9e492c0e2894\MMCEx.ni.dll
+ 2012-02-16 09:33 . 2012-02-16 09:33 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\77c418992d39a8c1ce569194f9b1ff1e\MIGUIControls.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\e05059a258a8b75d8981f29ecd9baf72\Microsoft.VisualBasic.ni.dll
+ 2012-02-16 09:33 . 2012-02-16 09:33 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\11bd9381aca79215bc01b45a5e7bddce\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\ecc930a57b339ba3d126b05b2d756a01\Microsoft.PowerShell.Editor.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\8d5a4862d0e61fdd2e958fc989df3cca\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\713f3cf6037ed7047485c738934f9054\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\09516cb547f50c165051c5512c0770d3\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-02-16 09:33 . 2012-02-16 09:33 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\d7d03c116e282c198f398652dbddc074\Microsoft.MediaCenter.ni.dll
+ 2012-02-16 09:33 . 2012-02-16 09:33 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\bf5f76b58c88f17410effc17059685a8\Microsoft.MediaCenter.UI.ni.dll
+ 2012-02-16 09:33 . 2012-02-16 09:33 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b54d398a06452904630482f2f83d21dd\Microsoft.MediaCenter.Shell.ni.dll
+ 2012-02-16 09:33 . 2012-02-16 09:33 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5f69561da0086365718db46e1172d204\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\5e550f8b6414d82551174d1dd0f8f15c\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 3213312 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\551b383e39b9fedb84e25c9fc7d763ee\Microsoft.JScript.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\2ec15928bc76c2a6af54ad507c513cd4\Microsoft.Ink.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\4ccd2dddff73b52cd77ecaed30075b09\Microsoft.Build.Tasks.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\35cee0a531b3136b21b2c7e2ff56b5eb\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\a22f83fa561173b77ee1215e0dfd7a76\Microsoft.Build.Engine.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\5cd9b4020f38edbdc2718884fe3e68f0\Microsoft.Build.Engine.ni.dll
+ 2012-02-16 09:33 . 2012-02-16 09:33 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\0217b5f9a72020bee3d0291bbae125ff\mcstore.ni.dll
+ 2012-02-16 09:33 . 2012-02-16 09:33 4088320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\905166e37a4a5f45a7d1672fb756d96e\mcepg.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 1285632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c4611059ea1ce82d595095818a62e6d7\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8c88907a60c399aad0aed55d9f639659\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 7025664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\43bc70f20fd8e044c206ab73b4adc992\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2a1247fab7b8f96880e66201727074f6\WindowsLive.Writer.Localization.ni.dll
+ 2012-02-16 09:25 . 2012-02-16 09:25 3347968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
+ 2012-02-16 09:32 . 2012-02-16 09:32 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\c463ccf17b00f16ed8e60a6ba1cb46e5\UIAutomationClientsideProviders.ni.dll
+ 2012-02-16 09:25 . 2012-02-16 09:25 7967232 c:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
+ 2012-02-16 09:25 . 2012-02-16 09:25 5453312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
+ 2012-02-16 09:32 . 2012-02-16 09:32 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\99f03be29e7f6de2f4bc278b83f0761b\System.WorkflowServices.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\ee22bb1fef89981da77783c69aa1f154\System.Workflow.Runtime.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\5fc69203193c26b91b068695b00bcebf\System.Workflow.ComponentModel.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\e5bfe89d19b368c5eb64bdf2c3c29d7a\System.Workflow.Activities.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a595aa31f93ed043fd02ec9d8ff40b32\System.Web.Services.ni.dll
+ 2012-02-16 09:32 . 2012-02-16 09:32 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\0eada94e6fc22ecdf69ec412fe7df0b9\System.Web.Mobile.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8ae9ee071050afc6dce19f5248817d66\System.Web.Extensions.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\8e4b0ae89bdfbe3eac1b79dacef4ef79\System.Speech.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\0113a0162fe157bb4f0130a60bbcad1a\System.ServiceModel.Web.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bc96c5c6e644452270ff7c3d066ff713\System.Runtime.Serialization.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e20ce129c23781d9a8430b63edc3c24e\System.Printing.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 1051136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 8872960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\f4d8c56c790b998bd1bb971905bfae78\System.Management.Automation.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d939fca96c3645bb8806ea8ae43cc0ca\System.IdentityModel.ni.dll
+ 2012-02-16 09:25 . 2012-02-16 09:25 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\2d379df0010f87d5c3d8c2be00b3de7a\System.DirectoryServices.ni.dll
+ 2012-02-16 09:25 . 2012-02-16 09:25 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\45fedf46ca69b8437800ffed652fb2e4\System.Deployment.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 6611456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll
+ 2012-02-16 09:25 . 2012-02-16 09:25 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d7621134717a86f5062dcf80206ab164\System.Data.SqlXml.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\47c2a93f42a371ac1b3756d098ac18a5\System.Data.Services.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 1378816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3763b8ac5fa0a96ad5100a53b10b4449\System.Data.Services.Client.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\c3e0c299c00016b5ffb5006bc32dd0db\System.Data.OracleClient.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\1fe993f1045190570a2c69cb32f9d62d\System.Data.Linq.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 9921536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\932542a144496e3a9cb9155270fd4492\System.Data.Entity.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 2297856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\9f09338d4240f6ea19318665fcea008f\ReachFramework.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\10d61b241fbf27d82942eecb454105e1\PresentationUI.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 1451520 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\d2c547794ac1c167fe24904e6848d5cc\PresentationBuildTasks.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\308236e39e3ad82c6b5bfa2d955735e3\Narrator.ni.exe
+ 2012-02-16 09:31 . 2012-02-16 09:31 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\b792eec16fb24a0f73ca20e1551bfcbf\MMCEx.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\44f2bd588202e6bdacf0b867c7011057\MIGUIControls.ni.dll
+ 2012-02-16 09:31 . 2012-02-16 09:31 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1a6921bcfb8ade6652efb9f095b275f1\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\86fa49490bc929adf75488903f0dac4b\Microsoft.PowerShell.Editor.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\413c3be0ba8ed04984a0bb3044e0c2e0\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2f66392066352b804d8022664e7bf8de\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\558d4558f0857891cf0d41d818e7b490\Microsoft.MediaCenter.UI.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\03d64144ed3ea21cbeea0c872ece14b6\Microsoft.MediaCenter.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 2335744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\09cea564f5888335ef97bd104d7e4ea6\Microsoft.JScript.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\ca0dacd1a4dc23e5d7bb3e6548282b6b\Microsoft.Ink.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\e566cc5fe7ad95b0a9fca152b335b551\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\2b23923536c41d0fb8ab658f6c9a95c1\Microsoft.Build.Tasks.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6b8459651fae37b63ab314350a8eff8a\Microsoft.Build.Engine.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\103b0155f85ff08fc9940bd0c3aa0128\mcstore.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 3025920 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\c28c1427f0691e070b77b4ad97000e4c\mcepg.ni.dll
+ 2012-02-16 05:51 . 2011-10-31 23:16 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-11-02 12:20 . 2011-05-04 22:32 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-02-05 15:42 . 2011-08-30 04:21 12872704 c:\windows\SysWOW64\shell32.dll
+ 2012-02-16 05:52 . 2012-01-04 08:59 12872704 c:\windows\SysWOW64\shell32.dll
+ 2012-02-16 09:01 . 2011-12-14 03:30 12282368 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2012-02-16 09:23 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-02-05 15:52 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-02-16 05:52 . 2012-01-04 10:44 14172672 c:\windows\system32\shell32.dll
+ 2012-02-16 09:00 . 2011-12-14 07:43 17790464 c:\windows\system32\mshtml.dll
+ 2011-11-01 13:25 . 2012-02-16 09:02 54585368 c:\windows\system32\MRT.exe
+ 2012-02-16 09:00 . 2011-12-14 07:16 10887168 c:\windows\system32\ieframe.dll
+ 2012-02-16 09:04 . 2012-02-16 09:04 20333056 c:\windows\Installer\b3013b.msp
+ 2012-02-16 09:07 . 2012-02-16 09:07 11879936 c:\windows\assembly\NativeImages_v4.0.30319_64\System\bbcac65b1d0045229354424a7595e258\System.ni.dll
+ 2012-02-16 09:11 . 2012-02-16 09:11 17290752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\97347a1967260991cca95e94b5ba2d41\System.Windows.Forms.ni.dll
+ 2012-02-16 09:13 . 2012-02-16 09:13 24551936 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\49314ff27e3a21bbb1fb675a295f6571\System.ServiceModel.ni.dll
+ 2012-02-16 09:12 . 2012-02-16 09:12 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\78e35b4bf12ee4833ed720a490e958f2\System.Data.Entity.ni.dll
+ 2012-02-16 09:09 . 2012-02-16 09:09 10439168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\fcefa2871c7dc4d397ff8c6f92abf0d5\System.Core.ni.dll
+ 2012-02-16 09:10 . 2012-02-16 09:10 24406528 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\d0dddbe96a81cd6869f9643fa2809d71\PresentationFramework.ni.dll
+ 2012-02-16 09:10 . 2012-02-16 09:10 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\efb6d518bb284cdc29a96068726320c0\PresentationCore.ni.dll
+ 2012-02-16 09:07 . 2012-02-16 09:07 13138432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\edfa0f31cc4950e16011ecb549f553f7\System.Windows.Forms.ni.dll
+ 2012-02-16 09:15 . 2012-02-16 09:15 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\b711fe4f8f23da12b205be1d231d4e2e\System.ServiceModel.ni.dll
+ 2012-02-16 09:15 . 2012-02-16 09:15 13346816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\0816c3b4ab4f25931be80ef29db36024\System.Data.Entity.ni.dll
+ 2012-02-16 09:07 . 2012-02-16 09:07 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bdf555b4cfed144a3b0b60e0308cbf2b\PresentationFramework.ni.dll
+ 2012-02-16 09:07 . 2012-02-16 09:07 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\37cfa5ae8473995db30414fa29167c28\PresentationCore.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:27 10624512 c:\windows\assembly\NativeImages_v2.0.50727_64\System\d5bc322d03a6628891b1e1232c4815af\System.ni.dll
+ 2012-02-16 09:28 . 2012-02-16 09:28 17379840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\87a79dd88275c7e7536a0476f2ed79aa\System.Windows.Forms.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\3ea6f4cb8bba38f9d66275c36dd8825e\System.Web.ni.dll
+ 2012-02-16 09:32 . 2012-02-16 09:32 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\0b51b0626d95de7446d132c73edd77cc\System.ServiceModel.ni.dll
+ 2012-02-16 09:34 . 2012-02-16 09:34 11900928 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\e18dbed9e34d7d56cc7e2f683de12237\System.Management.Automation.ni.dll
+ 2012-02-16 09:29 . 2012-02-16 09:29 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\0ad116b6a293e4fad1add26610df466d\System.Design.ni.dll
+ 2012-02-16 09:35 . 2012-02-16 09:35 13760000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\00b730e56986ad4f378e420fa8606395\System.Data.Entity.ni.dll
+ 2012-02-16 09:28 . 2012-02-16 09:28 19195392 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\be975224912fc63f0398ad0c969ba144\PresentationFramework.ni.dll
+ 2012-02-16 09:27 . 2012-02-16 09:27 16540160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\0fa603af6ee814498c20f46e00e5f891\PresentationCore.ni.dll
+ 2012-02-16 09:33 . 2012-02-16 09:33 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\089d0fee0e702f9b9a611f761cb3bd8a\ehshell.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
+ 2012-02-16 09:30 . 2012-02-16 09:30 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b74950292d5681795d9d2c1a72a79952\System.ServiceModel.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f89f5d786e54381f9058656271a0aca8\System.Design.ni.dll
+ 2012-02-16 09:26 . 2012-02-16 09:26 14339072 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
+ 2012-02-16 09:25 . 2012-02-16 09:25 12234752 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2012-01-03 1243040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-09 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-12-16 122880]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-146183986-3892266785-3712315220-1000Core.job
- c:\users\ckeller\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-01 15:23]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-146183986-3892266785-3712315220-1000UA.job
- c:\users\ckeller\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-01 15:23]
.
2012-02-05 c:\windows\Tasks\HPCeeScheduleForCKELLER-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-02-14 c:\windows\Tasks\HPCeeScheduleForckeller.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
.
**************************************************************************
.
Completion time: 2012-02-16 07:33:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-16 13:33
ComboFix2.txt 2012-02-16 05:46
.
Pre-Run: 909,598,560,256 bytes free
Post-Run: 909,276,155,904 bytes free
.
- - End Of File - - C60CD5DEBFF99DB8EAECDDC5FDF98335


MalwareBytes Log


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.16.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ckeller :: CKELLER-HP [administrator]

2/16/2012 7:42:34 AM
mbam-log-2012-02-16 (07-42-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185996
Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\ckeller\Downloads\avg_free_stb_en_2012_1873_free.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.

(end)


ESET Log


C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000021 a variant of Win32/Adware.OpenInstall application


Security Check


Results of screen317's Security Check version 0.99.31
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Java™ 6 Update 30
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
``````````End of Log````````````


Thanks!!!

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:06 AM

Posted 16 February 2012 - 11:26 AM

Hi Nathan!

We are making some excellent progress here!

These threat(s) below will be removed very shortly:

C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000021 a variant of Win32/Adware.OpenInstall application


____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u3-windows-i586-s.exe (or jre-7u3-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT:


Clear Browsing Data for Chrome

Open Google Chrome

  • Click the wrench icon Posted Image on the browser toolbar.
  • Select Tools.
  • Select Clear browsing data.
  • Where it says Obliterate the following items from: select The begining of time
  • In the dialog that appears, select the following checkboxes:
    • Empty the cache
  • Click Clear browsing data.


NEXT:


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    c:\program files (x86)\601A3
    c:\users\ckeller\AppData\Roaming\52E60
    c:\users\ckeller\AppData\Roaming\601A3
    :Commands
    [CreateRestorePoint]
    [emptytemp]
    [emptyjava]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %systemroot%\*. /rp /s
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 Schnitzel

Schnitzel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 17 February 2012 - 08:28 AM

Thanks SweetTech!

Here are the newest logs. You are sooo helpful!


OTL fix log



Files\Folders moved on Reboot...
C:\Users\ckeller\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\hsperfdata_CKELLER-HP$\1572 not found!

Registry entries deleted on Reboot...


OTL custom scan


OTL logfile created on: 2/17/2012 7:15:43 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\ckeller\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.74 Gb Total Physical Memory | 6.46 Gb Available Physical Memory | 83.47% Memory free
15.48 Gb Paging File | 14.08 Gb Available in Paging File | 90.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.12 Gb Total Space | 848.10 Gb Free Space | 92.37% Space Free | Partition Type: NTFS
Drive D: | 13.11 Gb Total Space | 1.61 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
Drive Z: | 928.30 Gb Total Space | 789.80 Gb Free Space | 85.08% Space Free | Partition Type: NTFS

Computer Name: CKELLER-HP | User Name: ckeller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/11 10:43:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ckeller\Desktop\OTL.exe
PRC - [2012/01/03 07:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/28 10:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2009/12/15 19:41:00 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/12/15 19:40:00 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/12/15 19:40:00 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/12/15 19:40:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2009/09/18 03:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/05/08 18:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 18:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/27 21:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2009/02/27 21:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/19 19:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/05 21:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/05/11 09:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/22 07:46:49 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/28 10:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/18 19:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/15 19:40:00 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009/09/18 03:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/27 10:08:47 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/03 00:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/05/11 09:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 08:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 09:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 21:32:26 | 000,231,224 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2008/06/16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ig [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ckeller\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ckeller\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/01/26 07:42:49 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ckeller\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ckeller\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ckeller\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ckeller\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/16 07:30:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70E00B1C-59AE-4BC9-9B68-578BC995C1E8}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2012/02/17 07:10:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/17 07:08:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\ckeller\Desktop\OTL.exe
[2012/02/17 07:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/02/16 07:53:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/02/16 07:53:00 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2012/02/16 07:41:39 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Roaming\Malwarebytes
[2012/02/16 07:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/16 07:41:32 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/16 07:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/16 07:40:56 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ckeller\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/16 07:30:36 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/02/15 21:22:28 | 009,200,064 | ---- | C] (OPSWAT, Inc.) -- C:\Users\ckeller\Desktop\AppRemover.exe
[2012/02/15 21:19:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/15 21:19:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/15 21:19:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/15 21:19:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/15 21:16:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/15 21:16:09 | 004,404,931 | R--- | C] (Swearware) -- C:\Users\ckeller\Desktop\ComboFix.exe
[2012/02/06 08:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/02/06 08:19:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/02/01 09:23:57 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/02/01 09:23:38 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Local\Google
[2012/02/01 09:23:26 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Local\Deployment
[2012/02/01 09:23:26 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Local\Apps
[2012/01/27 10:08:59 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2012/01/27 10:08:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/01/27 10:08:56 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/01/27 10:06:37 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Local\Sunbelt Software
[2012/01/27 10:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/01/27 10:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/01/27 10:06:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2012/01/27 10:04:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2012/01/20 10:24:17 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Roaming\Catalina Marketing Corp
[2012/01/20 10:24:15 | 000,000,000 | ---D | C] -- C:\Users\ckeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp
[2011/03/18 14:44:17 | 000,159,744 | ---- | C] ( ) -- C:\Windows\SysWow64\GVJPEG32.DLL

========== Files - Modified Within 30 Days ==========

[2012/02/17 07:12:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/17 07:12:55 | 1939,779,583 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/17 07:12:08 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 07:12:07 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 07:10:34 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/17 07:10:34 | 000,627,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/17 07:10:34 | 000,107,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/16 14:34:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-146183986-3892266785-3712315220-1000UA.job
[2012/02/16 14:34:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-146183986-3892266785-3712315220-1000Core.job
[2012/02/16 10:23:05 | 000,000,539 | ---- | M] () -- C:\Users\ckeller\AppData\Local\print.ini
[2012/02/16 07:58:50 | 000,879,700 | ---- | M] () -- C:\Users\ckeller\Desktop\SecurityCheck.exe
[2012/02/16 07:41:33 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/16 07:30:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/16 07:09:11 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ckeller\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/16 03:25:03 | 005,655,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/15 21:57:54 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/02/15 21:22:04 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Users\ckeller\Desktop\AppRemover.exe
[2012/02/15 21:12:14 | 004,404,931 | R--- | M] (Swearware) -- C:\Users\ckeller\Desktop\ComboFix.exe
[2012/02/14 08:00:33 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForckeller.job
[2012/02/13 09:45:42 | 005,789,989 | ---- | M] () -- C:\Users\ckeller\Desktop\IMG_3863.jpg
[2012/02/11 10:43:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ckeller\Desktop\OTL.exe
[2012/02/09 08:35:00 | 000,002,371 | ---- | M] () -- C:\Users\ckeller\Desktop\Google Chrome.lnk
[2012/02/06 08:20:47 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/02/06 08:19:21 | 000,001,135 | ---- | M] () -- C:\Users\ckeller\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/02/05 09:55:42 | 000,001,439 | ---- | M] () -- C:\Users\ckeller\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/05 09:48:30 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/05 09:48:28 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/05 09:23:14 | 000,747,070 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/05 09:23:04 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCKELLER-HP$.job
[2012/02/05 08:44:44 | 000,070,172 | ---- | M] () -- C:\Users\ckeller\Desktop\Biblical Eldership.jpg
[2012/02/05 08:43:46 | 000,032,621 | ---- | M] () -- C:\Users\ckeller\Desktop\41UE08fml5L.jpg
[2012/02/03 08:42:09 | 000,142,229 | ---- | M] () -- C:\Users\ckeller\Desktop\Template 5395.pdf
[2012/01/30 10:09:40 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/01/30 10:09:40 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/01/27 15:13:11 | 000,013,895 | ---- | M] () -- C:\Users\ckeller\Desktop\1562.jpg
[2012/01/27 10:08:56 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/01/27 10:08:47 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2012/01/27 10:06:22 | 000,001,168 | ---- | M] () -- C:\Users\ckeller\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2012/01/27 10:06:22 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/01/26 07:42:52 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012/01/23 13:25:53 | 000,001,456 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/01/20 09:53:48 | 002,239,131 | ---- | M] () -- C:\Users\ckeller\Desktop\Elder board Berean.jpg
[2012/01/19 14:34:13 | 001,160,915 | ---- | M] () -- C:\Users\ckeller\Desktop\DSC06402.jpg
[2012/01/18 14:53:17 | 000,185,163 | ---- | M] () -- C:\Users\ckeller\Desktop\Jenny2.jpg
[2012/01/18 14:45:31 | 000,087,643 | ---- | M] () -- C:\Users\ckeller\Desktop\Jenny.jpg

========== Files Created - No Company Name ==========

[2012/02/16 09:00:07 | 000,879,700 | ---- | C] () -- C:\Users\ckeller\Desktop\SecurityCheck.exe
[2012/02/16 07:41:33 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/15 21:19:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/15 21:19:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/15 21:19:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/15 21:19:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/15 21:19:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/13 08:41:17 | 005,789,989 | ---- | C] () -- C:\Users\ckeller\Desktop\IMG_3863.jpg
[2012/02/06 08:25:23 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForckeller.job
[2012/02/06 08:20:47 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/02/05 09:48:30 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/05 09:48:28 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/05 09:23:17 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/02/05 08:45:01 | 000,070,172 | ---- | C] () -- C:\Users\ckeller\Desktop\Biblical Eldership.jpg
[2012/02/05 08:43:29 | 000,032,621 | ---- | C] () -- C:\Users\ckeller\Desktop\41UE08fml5L.jpg
[2012/02/03 08:42:08 | 000,142,229 | ---- | C] () -- C:\Users\ckeller\Desktop\Template 5395.pdf
[2012/02/01 09:23:59 | 000,002,371 | ---- | C] () -- C:\Users\ckeller\Desktop\Google Chrome.lnk
[2012/02/01 09:23:38 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-146183986-3892266785-3712315220-1000UA.job
[2012/02/01 09:23:38 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-146183986-3892266785-3712315220-1000Core.job
[2012/01/27 15:13:26 | 000,013,895 | ---- | C] () -- C:\Users\ckeller\Desktop\1562.jpg
[2012/01/27 10:10:51 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/01/27 10:10:51 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/01/27 10:06:22 | 000,001,168 | ---- | C] () -- C:\Users\ckeller\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2012/01/27 10:06:22 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/01/20 09:53:48 | 002,239,131 | ---- | C] () -- C:\Users\ckeller\Desktop\Elder board Berean.jpg
[2012/01/19 14:34:13 | 001,160,915 | ---- | C] () -- C:\Users\ckeller\Desktop\DSC06402.jpg
[2012/01/18 14:52:01 | 000,185,163 | ---- | C] () -- C:\Users\ckeller\Desktop\Jenny2.jpg
[2012/01/18 14:45:49 | 000,087,643 | ---- | C] () -- C:\Users\ckeller\Desktop\Jenny.jpg
[2011/08/25 07:18:03 | 000,000,132 | ---- | C] () -- C:\Users\ckeller\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/08/18 13:10:39 | 000,001,456 | ---- | C] () -- C:\Users\ckeller\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/06/02 13:27:12 | 000,185,344 | R--- | C] () -- C:\Windows\FRANKCAL.DLL
[2011/06/02 13:27:05 | 000,306,688 | R--- | C] () -- C:\Windows\SysWow64\LFFPX7.DLL
[2011/06/02 13:27:05 | 000,095,232 | R--- | C] () -- C:\Windows\SysWow64\LFKODAK.DLL
[2011/05/22 09:05:56 | 000,001,854 | ---- | C] () -- C:\Users\ckeller\AppData\Roaming\GhostObjGAFix.xml
[2011/05/11 07:31:17 | 000,000,539 | ---- | C] () -- C:\Users\ckeller\AppData\Local\print.ini
[2011/05/11 07:29:13 | 000,204,800 | ---- | C] () -- C:\Windows\IdsRdCli.exe
[2011/04/06 10:44:50 | 000,747,070 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/18 14:44:39 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\SSV5DATE.INI
[2011/03/18 14:44:17 | 000,001,289 | ---- | C] () -- C:\Windows\Formset.ini
[2011/03/18 13:36:45 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\MSVCRT10.DLL
[2011/02/01 18:05:08 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/01 17:07:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/21 12:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2009/12/15 19:41:00 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonClient.exe
[2009/12/15 19:40:00 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonServer.exe
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2012/01/20 10:24:17 | 000,000,000 | ---D | M] -- C:\Users\ckeller\AppData\Roaming\Catalina Marketing Corp
[2011/08/10 12:25:04 | 000,000,000 | ---D | M] -- C:\Users\ckeller\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/25 07:00:20 | 000,000,000 | ---D | M] -- C:\Users\ckeller\AppData\Roaming\com.adobe.dmp.contentviewer
[2012/01/24 10:14:25 | 000,000,000 | ---D | M] -- C:\Users\ckeller\AppData\Roaming\Dropbox
[2011/03/18 13:29:16 | 000,000,000 | ---D | M] -- C:\Users\ckeller\AppData\Roaming\NewspaperDirect
[2011/03/18 11:17:39 | 000,000,000 | ---D | M] -- C:\Users\ckeller\AppData\Roaming\PictureMover
[2011/08/10 10:37:34 | 000,000,000 | ---D | M] -- C:\Users\ckeller\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/10/10 07:49:47 | 000,000,000 | ---D | M] -- C:\Users\ckeller\AppData\Roaming\WinBatch
[2011/10/10 07:04:36 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\ckeller\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/27 02:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\ckeller\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/27 02:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\ckeller\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/27 02:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\ckeller\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/01/27 02:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/02/05 09:48:30 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/02/05 09:48:30 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/02/05 09:48:30 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/02/05 09:48:32 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/02/05 09:48:32 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2011/02/15 22:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2011/02/15 22:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2011/02/15 22:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2011/02/15 22:18:16 | 002,388,264 | ---- | M] (Apple Inc.)

< %systemroot%\*. /rp /s >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2012/02/17 07:08:17 | 000,000,004 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
[2012/02/17 07:08:17 | 000,002,192 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Local State
[2012/02/16 11:57:16 | 007,519,976 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
[2012/02/16 11:57:16 | 002,292,812 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
[2012/02/16 11:57:16 | 000,134,252 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Safe Browsing Csd Whitelist
[2012/02/16 11:57:15 | 000,588,544 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Safe Browsing Download
[2012/02/16 11:57:16 | 000,013,896 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Safe Browsing Download Whitelist
[2012/02/17 07:07:59 | 000,000,055 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Service State
[2012/02/17 07:08:06 | 000,053,248 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2012/02/01 09:24:05 | 000,000,757 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2012/02/01 09:24:05 | 000,000,757 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2012/02/17 07:08:17 | 000,045,056 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2012/02/17 07:08:17 | 000,025,343 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2012/02/17 07:08:16 | 000,016,607 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2012/02/01 10:40:17 | 000,007,168 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
[2012/02/17 07:08:06 | 000,016,384 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2012/02/17 07:08:17 | 000,086,016 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\History
[2012/02/17 07:08:17 | 000,000,011 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
[2012/02/01 09:24:05 | 000,012,288 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2012/02/17 07:08:07 | 000,012,288 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
[2012/02/17 07:08:17 | 000,017,594 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2012/02/01 10:40:47 | 000,013,312 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
[2012/02/17 07:08:07 | 000,012,288 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
[2012/02/17 07:08:07 | 000,020,480 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2012/02/17 07:08:17 | 000,131,072 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2012/02/17 07:08:16 | 000,075,776 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2012/02/01 10:40:17 | 000,007,168 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
[2012/02/01 17:03:23 | 000,003,524 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\128.png
[2012/02/01 17:03:23 | 000,000,702 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\manifest.json
[2012/02/01 17:03:23 | 000,000,401 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\ar\messages.json
[2012/02/01 17:03:23 | 000,000,427 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\bg\messages.json
[2012/02/01 17:03:23 | 000,000,250 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\ca\messages.json
[2012/02/01 17:03:23 | 000,000,255 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\cs\messages.json
[2012/02/01 17:03:23 | 000,000,242 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\da\messages.json
[2012/02/01 17:03:23 | 000,000,226 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\de\messages.json
[2012/02/01 17:03:23 | 000,000,475 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\el\messages.json
[2012/02/01 17:03:23 | 000,000,227 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\en\messages.json
[2012/02/01 17:03:23 | 000,000,240 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\es\messages.json
[2012/02/01 17:03:23 | 000,000,222 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\fi\messages.json
[2012/02/01 17:03:23 | 000,000,236 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\fil\messages.json
[2012/02/01 17:03:23 | 000,000,249 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\fr\messages.json
[2012/02/01 17:03:23 | 000,000,419 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\he\messages.json
[2012/02/01 17:03:23 | 000,000,408 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\hi\messages.json
[2012/02/01 17:03:23 | 000,000,220 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\hr\messages.json
[2012/02/01 17:03:23 | 000,000,253 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\hu\messages.json
[2012/02/01 17:03:23 | 000,000,231 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\id\messages.json
[2012/02/01 17:03:23 | 000,000,224 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\it\messages.json
[2012/02/01 17:03:23 | 000,000,349 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\ja\messages.json
[2012/02/01 17:03:23 | 000,000,323 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\ko\messages.json
[2012/02/01 17:03:23 | 000,000,266 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\lt\messages.json
[2012/02/01 17:03:23 | 000,000,245 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\lv\messages.json
[2012/02/01 17:03:23 | 000,000,225 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\nl\messages.json
[2012/02/01 17:03:23 | 000,000,216 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\no\messages.json
[2012/02/01 17:03:23 | 000,000,274 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\pl\messages.json
[2012/02/01 17:03:23 | 000,000,237 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\pt_BR\messages.json
[2012/02/01 17:03:23 | 000,000,236 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\pt_PT\messages.json
[2012/02/01 17:03:23 | 000,000,248 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\ro\messages.json
[2012/02/01 17:03:23 | 000,000,394 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\ru\messages.json
[2012/02/01 17:03:23 | 000,000,241 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\sk\messages.json
[2012/02/01 17:03:23 | 000,000,245 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\sl\messages.json
[2012/02/01 17:03:23 | 000,000,437 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\sr\messages.json
[2012/02/01 17:03:23 | 000,000,238 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\sv\messages.json
[2012/02/01 17:03:23 | 000,000,365 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\th\messages.json
[2012/02/01 17:03:23 | 000,000,255 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\tr\messages.json
[2012/02/01 17:03:23 | 000,000,442 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\uk\messages.json
[2012/02/01 17:03:23 | 000,000,310 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\vi\messages.json
[2012/02/01 17:03:23 | 000,000,257 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\zh_CN\messages.json
[2012/02/01 17:03:23 | 000,000,269 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\_locales\zh_TW\messages.json
[2012/02/13 08:59:11 | 000,006,856 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\128.png
[2012/02/13 08:59:11 | 000,000,749 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\16.png
[2012/02/13 08:59:11 | 000,001,946 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\32.png
[2012/02/13 08:59:11 | 000,002,184 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\48.png
[2012/02/13 08:59:11 | 000,000,767 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\manifest.json
[2012/02/13 08:59:11 | 000,000,423 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\ar\messages.json
[2012/02/13 08:59:11 | 000,000,515 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\bg\messages.json
[2012/02/13 08:59:11 | 000,000,330 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\ca\messages.json
[2012/02/13 08:59:11 | 000,000,355 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\cs\messages.json
[2012/02/13 08:59:11 | 000,000,328 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\da\messages.json
[2012/02/13 08:59:11 | 000,000,307 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\de\messages.json
[2012/02/13 08:59:11 | 000,000,569 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\el\messages.json
[2012/02/13 08:59:11 | 000,000,314 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\en\messages.json
[2012/02/13 08:59:11 | 000,000,314 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\en_GB\messages.json
[2012/02/13 08:59:11 | 000,000,314 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\en_US\messages.json
[2012/02/13 08:59:11 | 000,000,340 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\es\messages.json
[2012/02/13 08:59:11 | 000,000,341 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\es_419\messages.json
[2012/02/13 08:59:11 | 000,000,314 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\et\messages.json
[2012/02/13 08:59:11 | 000,000,305 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\fi\messages.json
[2012/02/13 08:59:11 | 000,000,337 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\fil\messages.json
[2012/02/13 08:59:11 | 000,000,329 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\fr\messages.json
[2012/02/13 08:59:11 | 000,000,471 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\he\messages.json
[2012/02/13 08:59:11 | 000,000,326 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\hi\messages.json
[2012/02/13 08:59:11 | 000,000,340 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\hr\messages.json
[2012/02/13 08:59:11 | 000,000,336 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\hu\messages.json
[2012/02/13 08:59:11 | 000,000,319 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\id\messages.json
[2012/02/13 08:59:11 | 000,000,324 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\it\messages.json
[2012/02/13 08:59:11 | 000,000,388 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\ja\messages.json
[2012/02/13 08:59:11 | 000,000,380 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\ko\messages.json
[2012/02/13 08:59:11 | 000,000,359 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\lt\messages.json
[2012/02/13 08:59:11 | 000,000,360 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\lv\messages.json
[2012/02/13 08:59:11 | 000,000,323 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\nl\messages.json
[2012/02/13 08:59:10 | 000,000,300 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\no\messages.json
[2012/02/13 08:59:11 | 000,000,336 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\pl\messages.json
[2012/02/13 08:59:11 | 000,000,332 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\pt_BR\messages.json
[2012/02/13 08:59:11 | 000,000,331 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\pt_PT\messages.json
[2012/02/13 08:59:11 | 000,000,332 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\ro\messages.json
[2012/02/13 08:59:11 | 000,000,471 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\ru\messages.json
[2012/02/13 08:59:11 | 000,000,338 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\sk\messages.json
[2012/02/13 08:59:11 | 000,000,329 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\sl\messages.json
[2012/02/13 08:59:11 | 000,000,483 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\sr\messages.json
[2012/02/13 08:59:11 | 000,000,333 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\sv\messages.json
[2012/02/13 08:59:11 | 000,000,472 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\th\messages.json
[2012/02/13 08:59:11 | 000,000,330 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\tr\messages.json
[2012/02/13 08:59:11 | 000,000,501 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\uk\messages.json
[2012/02/13 08:59:11 | 000,000,363 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\vi\messages.json
[2012/02/13 08:59:11 | 000,000,346 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\zh_CN\messages.json
[2012/02/13 08:59:11 | 000,000,346 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\_locales\zh_TW\messages.json
[2012/02/01 17:03:24 | 000,005,920 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\128.png
[2012/02/01 17:03:24 | 000,000,755 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\manifest.json
[2012/02/01 17:03:24 | 000,000,556 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ar\messages.json
[2012/02/01 17:03:24 | 000,000,492 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\bg\messages.json
[2012/02/01 17:03:24 | 000,000,262 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ca\messages.json
[2012/02/01 17:03:24 | 000,000,289 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\cs\messages.json
[2012/02/01 17:03:24 | 000,000,240 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\da\messages.json
[2012/02/01 17:03:24 | 000,000,239 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\de\messages.json
[2012/02/01 17:03:24 | 000,000,624 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\el\messages.json
[2012/02/01 17:03:24 | 000,000,215 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\en\messages.json
[2012/02/01 17:03:24 | 000,000,281 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\es\messages.json
[2012/02/01 17:03:24 | 000,000,284 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fi\messages.json
[2012/02/01 17:03:24 | 000,000,234 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fil\messages.json
[2012/02/01 17:03:24 | 000,000,272 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fr\messages.json
[2012/02/01 17:03:24 | 000,000,391 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hi\messages.json
[2012/02/01 17:03:24 | 000,000,246 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hr\messages.json
[2012/02/01 17:03:24 | 000,000,234 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hu\messages.json
[2012/02/01 17:03:24 | 000,000,242 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\id\messages.json
[2012/02/01 17:03:24 | 000,000,260 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\it\messages.json
[2012/02/01 17:03:24 | 000,000,364 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ja\messages.json
[2012/02/01 17:03:24 | 000,000,328 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ko\messages.json
[2012/02/01 17:03:24 | 000,000,269 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\lt\messages.json
[2012/02/01 17:03:24 | 000,000,262 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\lv\messages.json
[2012/02/01 17:03:24 | 000,000,232 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\nl\messages.json
[2012/02/01 17:03:24 | 000,000,210 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\no\messages.json
[2012/02/01 17:03:24 | 000,000,292 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pl\messages.json
[2012/02/01 17:03:24 | 000,000,230 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pt_BR\messages.json
[2012/02/01 17:03:24 | 000,000,231 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pt_PT\messages.json
[2012/02/01 17:03:24 | 000,000,281 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ro\messages.json
[2012/02/01 17:03:24 | 000,000,482 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ru\messages.json
[2012/02/01 17:03:24 | 000,000,210 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\se\messages.json
[2012/02/01 17:03:24 | 000,000,238 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sk\messages.json
[2012/02/01 17:03:24 | 000,000,249 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sl\messages.json
[2012/02/01 17:03:24 | 000,000,511 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sr\messages.json
[2012/02/01 17:03:24 | 000,000,471 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\th\messages.json
[2012/02/01 17:03:24 | 000,000,250 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\tr\messages.json
[2012/02/01 17:03:24 | 000,000,536 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\uk\messages.json
[2012/02/01 17:03:24 | 000,000,257 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\vi\messages.json
[2012/02/01 17:03:24 | 000,000,339 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\zh_CN\messages.json
[2012/02/01 17:03:24 | 000,000,321 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\zh_TW\messages.json
[1 C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp files -> C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp -> ]
[2012/02/17 07:08:09 | 000,008,192 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_0
[2012/02/17 07:08:17 | 000,270,336 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_1
[2012/02/17 07:08:09 | 000,008,192 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_2
[2012/02/17 07:08:09 | 000,008,192 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_3
[2012/02/17 07:08:09 | 000,524,656 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\Media Cache\index
[2012/02/01 09:24:05 | 000,000,000 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css
[2012/02/09 10:55:11 | 000,001,443 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\manifest.json
[2012/02/09 10:55:11 | 007,761,920 | ---- | M] () -- C:\Users\ckeller\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >



So right now the computer hasn't been doing the redirect thing and I have installed MS security essentials as a virus protection. Is that an alright product?

Hopefully I have followed your instructions correctly and we are getting this thing fixed up. Thanks for your help.

Nathan

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:06 AM

Posted 17 February 2012 - 09:22 AM

Hi Nathan!

Here are the newest logs. You are sooo helpful!

I try my best to be as helpful as I can. I know how it feels to have an infected computer. I've been down that path before, and it's no fun whatsoever!!

Hopefully I have followed your instructions correctly and we are getting this thing fixed up. Thanks for your help.

You're doing an excellent job following the directions!

So right now the computer hasn't been doing the redirect thing and I have installed MS security essentials as a virus protection. Is that an alright product?

Yes, Microsoft Security Essentials is one of the better free anti-virus programs. I typically recommend either that or Avast.

I'm going to ask that you run a scan with Microsoft Security Essentials and see what it finds.

Post back with what Microsoft Security Essentials finds (if anything)

Also run this OTL fix for me, and if all goes well we should be able to wrap things up in the next reply.

OTL Fix

We need to run an OTL Fix

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    [2012/02/16 07:40:56 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ckeller\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/02/15 21:22:28 | 009,200,064 | ---- | C] (OPSWAT, Inc.) -- C:\Users\ckeller\Desktop\AppRemover.exe
    [2012/02/16 07:58:50 | 000,879,700 | ---- | M] () -- C:\Users\ckeller\Desktop\SecurityCheck.exe
    [2012/02/16 07:09:11 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ckeller\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/02/15 21:22:04 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Users\ckeller\Desktop\AppRemover.exe
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:5C321E34
    
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users