Yet Another Garda Malware Victim

nkay1985

Hi lads,

Got caught with the Garda UKash malware problem on my father-in-law's laptop the night before last.

I can boot into all three versions of Safe Mode. I've tried some fixes I found online. I had MalwareBytes installed but it was well out of date. I downloaded the new definitions but it didn't seem to update the database.

I'm now turning to the good old faithful, Boards.

Most threads seem to be recommending that I run OTL so here are the results of the quick scan.

OTL.txt:

OTL logfile created on: 16/08/2012 23:03:51 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1014.37 Mb Total Physical Memory | 765.82 Mb Available Physical Memory | 75.50% Memory free
2.39 Gb Paging File | 2.24 Gb Available in Paging File | 93.81% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.43 Gb Total Space | 37.67 Gb Free Space | 54.25% Space Free | Partition Type: NTFS

Computer Name: DJ92P83J | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/16 23:00:55 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/06 23:13:59 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/14 01:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/04/19 08:21:16 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2008/06/04 13:28:52 | 000,345,376 | ---- | M] () [Auto | Stopped] -- C:\Program Files\SiteAdvisor\6261\SAService.exe -- (SiteAdvisor Service)
SRV - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- a -- (vsdatant)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2007/01/10 00:46:34 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006/11/03 00:34:00 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/08/25 01:23:08 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/10/14 09:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 09:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 09:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/23 00:41:46 | 000,026,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005/07/23 00:41:42 | 000,068,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMOUKE.sys -- (LMouKE)
DRV - [2005/07/23 00:40:58 | 000,013,440 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2005/07/21 21:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 21:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 21:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/02/13 10:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=1071114
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=1071114
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=1071114
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.msn.com/?pc=skyp&ocid=skydhp
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {672BBE22-9079-4D25-8928-CFDFB6954DA2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{33B16219-9B0D-4F78-B1B6-1575E536F024}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{672BBE22-9079-4D25-8928-CFDFB6954DA2}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ie/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/07/24 23:59:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/08/14 01:48:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/23 20:19:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6261\FF\ [2008/06/04 13:28:59 | 000,000,000 | ---D | M]

[2012/07/23 20:19:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/07/23 20:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/14 01:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/14 01:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/14 01:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.190.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U19 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: SiteAdvisor = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120723222913.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Logan_S2P] C:\Program Files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe ()
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [vhaynndngmfemxe] C:\Documents and Settings\All Users\Application Data\vhaynndn.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_3_300_270_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.5 89.101.160.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F06AB72-DE69-4205-9457-F5D73B9E60C5}: DhcpNameServer = 89.101.160.5 89.101.160.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C64DFA91-41A3-4746-97EF-0ABF1C02AE4C}: DhcpNameServer = 89.101.160.5 89.101.160.4
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a1f680f2-316b-11dd-a18d-001c23b1c8c7}\Shell - "" = AutoRun
O33 - MountPoints2\{a1f680f2-316b-11dd-a18d-001c23b1c8c7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a1f680f2-316b-11dd-a18d-001c23b1c8c7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{fc52df9e-a752-11dc-a149-001c23b1c8c7}\Shell\AutoRun\command - "" = E:\autorun.bat
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/16 23:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2012/08/14 01:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\oceybihfgbwpfhl
[2012/08/10 15:15:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2012/08/07 22:57:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/07/23 20:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla
[2012/07/23 20:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2012/07/23 20:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/07/23 20:19:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/23 20:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[30 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/16 22:56:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/16 22:18:01 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BE7AC7F7-4E32-420E-8854-32A344E5ACCF}.job
[2012/08/16 20:53:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/14 01:53:34 | 000,000,051 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ryydazpayivooox
[2012/08/14 01:53:22 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\vhaynndn.exe
[2012/08/14 01:53:22 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Owner\ms.exe
[2012/08/14 01:53:03 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-571566390-892394377-1482031647-1003UA.job
[2012/08/14 01:53:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-571566390-892394377-1482031647-1003Core.job
[2012/08/13 19:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/13 14:35:54 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/08/13 14:35:53 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/13 14:33:50 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/08/13 14:33:49 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/08/09 21:57:58 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/09 21:57:57 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2012/08/07 22:57:41 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/08/07 16:05:29 | 000,014,506 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\r.jpg
[2012/08/07 16:05:14 | 000,016,845 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\g.jpg
[2012/08/02 23:40:13 | 000,015,316 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cin.jpg
[2012/08/02 23:39:57 | 000,015,420 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\whim.jpg
[2012/07/30 13:29:22 | 000,066,303 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rage.jpg
[2012/07/29 14:39:58 | 000,018,647 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\net.jpg
[2012/07/29 14:34:34 | 000,021,906 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bead.jpg
[2012/07/28 23:40:36 | 000,047,797 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\caviar nails.jpg
[2012/07/28 23:40:17 | 000,049,948 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\wedding nails.jpg
[2012/07/23 20:19:17 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/23 20:19:17 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/17 23:39:05 | 000,484,411 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Henry-Cavill-is-Zack-Snyders-Superman.png
[30 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/14 01:53:33 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vhaynndn.exe
[2012/08/14 01:53:25 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ryydazpayivooox
[2012/08/14 01:53:22 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\Owner\ms.exe
[2012/08/13 14:33:50 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/08/13 14:33:49 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/08/07 22:57:41 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/08/07 16:05:28 | 000,014,506 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\r.jpg
[2012/08/07 16:05:10 | 000,016,845 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\g.jpg
[2012/08/02 23:40:08 | 000,015,316 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cin.jpg
[2012/08/02 23:39:54 | 000,015,420 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\whim.jpg
[2012/07/30 13:29:19 | 000,066,303 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rage.jpg
[2012/07/29 14:39:56 | 000,018,647 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\net.jpg
[2012/07/29 14:34:32 | 000,021,906 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bead.jpg
[2012/07/28 23:40:34 | 000,047,797 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\caviar nails.jpg
[2012/07/28 23:40:13 | 000,049,948 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\wedding nails.jpg
[2012/07/23 20:35:12 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/23 20:19:17 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/23 20:19:17 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/23 20:19:16 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/17 23:39:21 | 000,484,411 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Henry-Cavill-is-Zack-Snyders-Superman.png
[2012/03/07 16:43:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/09/27 17:08:10 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\PreferencePane
[2009/09/27 17:08:10 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\Plugins
[2009/09/27 17:08:09 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/03/27 15:07:23 | 000,010,496 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\SmarThruOptions.xml
[2008/01/29 13:49:50 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/01/01 17:19:56 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2009/09/27 17:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/02/17 12:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/09/27 17:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2012/08/14 01:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\oceybihfgbwpfhl
[2009/09/27 17:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2012/06/19 12:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/27 17:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2009/03/27 15:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmarThru4
[2012/08/16 22:18:01 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BE7AC7F7-4E32-420E-8854-32A344E5ACCF}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\Updater:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\My Webs:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\IRISH AIR CORPS AIRCRAFT SINCE 1922:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\bank account tsb:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\Desktop\Word Processing Exercises:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\Desktop\maura:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\Desktop\Here come the girls:Roxio EMC Stream

< End of report >


Extras.txt

OTL Extras logfile created on: 16/08/2012 23:03:51 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1014.37 Mb Total Physical Memory | 765.82 Mb Available Physical Memory | 75.50% Memory free
2.39 Gb Paging File | 2.24 Gb Available in Paging File | 93.81% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.43 Gb Total Space | 37.67 Gb Free Space | 54.25% Space Free | Partition Type: NTFS

Computer Name: DJ92P83J | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FFBEAEA-312A-4C3F-AE8A-87E0ABA51033}" = Nero 7 Essentials
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"CTMBDemo_Audigy" = Sound Blaster Audigy ADVANCED MB Demo
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Total Protection
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Philips Intelligent Agent_is1" = Philips Intelligent Agent
"Samsung SCX-4500 Series" = Samsung SCX-4500 Series
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.3
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 16/08/2012 16:00:54 | Computer Name = DJ92P83J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 16/08/2012 16:00:54 | Computer Name = DJ92P83J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 16/08/2012 16:00:54 | Computer Name = DJ92P83J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 16/08/2012 16:00:54 | Computer Name = DJ92P83J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 16/08/2012 16:00:54 | Computer Name = DJ92P83J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 16/08/2012 16:00:54 | Computer Name = DJ92P83J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 16/08/2012 16:00:54 | Computer Name = DJ92P83J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 16/08/2012 16:00:55 | Computer Name = DJ92P83J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 16/08/2012 16:01:00 | Computer Name = DJ92P83J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 16/08/2012 16:01:00 | Computer Name = DJ92P83J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 16/08/2012 17:58:50 | Computer Name = DJ92P83J | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 16/08/2012 17:58:50 | Computer Name = DJ92P83J | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 16/08/2012 17:58:50 | Computer Name = DJ92P83J | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 16/08/2012 17:58:51 | Computer Name = DJ92P83J | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 16/08/2012 17:58:51 | Computer Name = DJ92P83J | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 16/08/2012 17:58:51 | Computer Name = DJ92P83J | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 16/08/2012 17:58:51 | Computer Name = DJ92P83J | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 16/08/2012 17:58:51 | Computer Name = DJ92P83J | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 16/08/2012 17:58:51 | Computer Name = DJ92P83J | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 16/08/2012 17:59:13 | Computer Name = DJ92P83J | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}


< End of report >



Any help would be greatly appreciated.

Thanks,
nkay.

ED E

I cleared one of these recently by using safe mode and MSCONFIG to remove start items. Took all of ten seconds.


If that doesnt work then try a kasp live disk: burn, boot, update, scan, delete, done.

ASJ112

open OTL copy and paste this into the custom scan/fixes box



:OTL
O4 - HKCU..\Run: [vhaynndngmfemxe] C:\Documents and Settings\All Users\Application Data\vhaynndn.exe ()
O33 - MountPoints2\{a1f680f2-316b-11dd-a18d-001c23b1c8c7}\Shell - "" = AutoRun
O33 - MountPoints2\{a1f680f2-316b-11dd-a18d-001c23b1c8c7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a1f680f2-316b-11dd-a18d-001c23b1c8c7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{fc52df9e-a752-11dc-a149-001c23b1c8c7}\Shell\AutoRun\command - "" = E:\autorun.bat
[2012/08/14 01:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\oceybihfgbwpfhl
[30 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2012/08/14 01:53:34 | 000,000,051 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ryydazpayivooox
[2012/08/14 01:53:22 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\vhaynndn.exe
[2012/08/14 01:53:22 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Owner\ms.exe

:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[EMPTYJAVA]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c


click Run Fix, reboot the PC and post the log it gives you.



Then try update MBAM now, if it works(it should), do a quick scan, post the log from that.

nkay1985

Having run the fix, am I o.k. to boot into Windows normally?

ASJ112

yeah

nkay1985

Here's the log after the reboot following the OTL fix:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vhaynndngmfemxe deleted successfully.
C:\Documents and Settings\All Users\Application Data\vhaynndn.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1f680f2-316b-11dd-a18d-001c23b1c8c7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1f680f2-316b-11dd-a18d-001c23b1c8c7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1f680f2-316b-11dd-a18d-001c23b1c8c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1f680f2-316b-11dd-a18d-001c23b1c8c7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1f680f2-316b-11dd-a18d-001c23b1c8c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1f680f2-316b-11dd-a18d-001c23b1c8c7}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc52df9e-a752-11dc-a149-001c23b1c8c7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc52df9e-a752-11dc-a149-001c23b1c8c7}\ not found.
File E:\autorun.bat not found.
C:\Documents and Settings\All Users\Application Data\oceybihfgbwpfhl folder moved successfully.
C:\LOG10.tmp deleted successfully.
C:\LOG11.tmp deleted successfully.
C:\LOG12.tmp deleted successfully.
C:\LOG13.tmp deleted successfully.
C:\LOG14.tmp deleted successfully.
C:\LOG15.tmp deleted successfully.
C:\LOG16.tmp deleted successfully.
C:\LOG17.tmp deleted successfully.
C:\LOG18.tmp deleted successfully.
C:\LOG19.tmp deleted successfully.
C:\LOG1A.tmp deleted successfully.
C:\LOG1B.tmp deleted successfully.
C:\LOG1D.tmp deleted successfully.
C:\LOG27.tmp deleted successfully.
C:\LOG2D.tmp deleted successfully.
C:\LOG3.tmp deleted successfully.
C:\LOG30.tmp deleted successfully.
C:\LOG31.tmp deleted successfully.
C:\LOG3A.tmp deleted successfully.
C:\LOG4.tmp deleted successfully.
C:\LOG5.tmp deleted successfully.
C:\LOG6.tmp deleted successfully.
C:\LOG7.tmp deleted successfully.
C:\LOG8.tmp deleted successfully.
C:\LOG9.tmp deleted successfully.
C:\LOGB.tmp deleted successfully.
C:\LOGC.tmp deleted successfully.
C:\LOGD.tmp deleted successfully.
C:\LOGE.tmp deleted successfully.
C:\LOGF.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\msxml6.dll.tmp deleted successfully.
C:\WINDOWS\002680_.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\ryydazpayivooox moved successfully.
File C:\Documents and Settings\All Users\Application Data\vhaynndn.exe not found.
C:\Documents and Settings\Owner\ms.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 267656 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 65263415 bytes
->Temporary Internet Files folder emptied: 27477857 bytes
->Java cache emptied: 35453 bytes
->FireFox cache emptied: 62656164 bytes
->Google Chrome cache emptied: 444312927 bytes
->Flash cache emptied: 14216 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109811673 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 32768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4036664355 bytes

Total Files Cleaned = 4,527.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Unable to start System Restore Service. Error code 10
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\My Documents\Downloads\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.57.0 log created on 08172012_151034

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

nkay1985

MBAM log:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.17.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: DJ92P83J [administrator]

Protection: Enabled

17/08/2012 15:20:03
mbam-log-2012-08-17 (15-20-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209154
Time elapsed: 11 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Clear, it seems.

Thanks a lot.

ikeano29

ED E wrote: »

I cleared one of these recently by using safe mode and MSCONFIG to remove start items. Took all of ten seconds.


If that doesnt work then try a kasp live disk: burn, boot, update, scan, delete, done.

You stopped the splash screen from running is all you did, you didn't actually remove the real threat.

Torqay

OT: Had two "victims" last week, a retired Garda and the other guy rang up the local barracks, asking if he could pay cash since he didn't have a credit card.

ZENER

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

That's a lot of AV software isn't it ? Machine must be very slow ?

Ken

ASJ112

That's just a registry setting, its not a list of currently installed or previously installed AV programs. I have the exact same one, I'd hazard a guess you do too.

ZENER

Doubt it I use a Mac.

Just to say though, I always find your post very informative. Though I haven't had cause to use any of your tips here I do appreciate the time you take to help those that do.

Ken

yenom

Just got this, I'm able to log on using another user on the PC. Just ran full Malware and Anti Virus, hope this works.

Hedgecutter

OTL has not worked. I scanned,copy and pasted the notebook in to the fix window and ran fix.

Bloody thing still there. Am I missing something ?

ASJ112

this isn't a universal fix, it changes for all machines. lets try this instead

download and run combofix, post the log from it

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Anthonyk2010

ASJ112 wrote: »

this isn't a universal fix, it changes for all machines. lets try this instead

download and run combofix, post the log from it

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ok I'll give that a go. Why do I need to post the log?

ASJ112

so I can remove any malware that is left over on your PC

Hedgecutter

Downloading combofix now will post list when i have it.

Hedgecutter

ComboFix 12-09-15.02 - Anthony 16/09/2012 19:16:14.2.1 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.1788.883 [GMT 1:00]
Running from: c:\users\Anthony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVGUHKBQ\ComboFix.exe
AV: BullGuard Antivirus *Enabled/Updated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
FW: BullGuard Firewall *Enabled* {68747E43-7A47-EA26-053F-CB84640E3E67}
SP: BullGuard Antispyware *Enabled/Updated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BFlix\BFLIx.dll
c:\program files (x86)\Incredibar.com
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibar.crx
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarApp.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarEng.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarsrv.exe
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.3.27\uninstall.exe
c:\programdata\100
c:\programdata\gzewdejt.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-16 to 2012-09-16 )))))))))))))))))))))))))))))))
.
.
2012-09-16 18:25 . 2012-09-16 18:25

---

d

---

w- c:\users\Public\AppData\Local\temp
2012-09-16 18:25 . 2012-09-16 18:25

---

d

---

w- c:\users\Default\AppData\Local\temp
2012-09-16 18:25 . 2012-09-16 18:25

---

d

---

w- c:\users\Administrator\AppData\Local\temp
2012-09-16 17:38 . 2012-09-16 17:58

---

d

---

w- C:\rei
2012-09-16 17:38 . 2012-09-16 17:38

---

d

---

w- c:\program files\Reimage
2012-09-16 17:37 . 2012-09-16 17:38

---

d

---

w- c:\program files (x86)\ReImageCompanion
2012-09-16 15:51 . 2012-09-16 15:51

---

d

---

w- C:\_OTL
2012-09-16 10:26 . 2012-09-16 10:26

---

d

---

w- c:\programdata\dciepjphdmrmncs
2012-09-12 19:31 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 19:31 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 19:30 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 19:30 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 19:30 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 19:30 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 19:30 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-07 09:55 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-09-07 09:55 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-09-07 08:28 . 2012-09-07 08:28

---

d

---

w- c:\users\Anthony\AppData\Roaming\ImgBurn
2012-09-07 08:22 . 2012-09-07 08:22

---

d

---

w- c:\program files (x86)\ImgBurn
2012-09-01 11:09 . 2012-09-07 06:31

---

d

---

w- c:\users\Anthony\AppData\Roaming\uTorrent us1
2012-08-28 18:55 . 2012-08-28 18:54 111064 ----a-w- c:\windows\system32\BgGamingMonitor.dll
2012-08-28 18:55 . 2012-08-28 18:54 100216 ----a-w- c:\windows\SysWow64\BgGamingMonitor.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 20:15 . 2011-05-12 19:26 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-07 16:04 . 2010-11-29 22:47 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-29 15:38 . 2012-03-29 16:18 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-29 15:38 . 2011-05-18 20:11 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 17:24 . 2012-08-16 17:25 54624 ----a-w- c:\windows\SysWow64\BGLsp.dll
2012-08-16 17:24 . 2012-08-16 17:25 63840 ----a-w- c:\windows\system32\BGLsp.dll
2012-07-18 18:15 . 2012-08-16 18:16 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-16 18:24 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-16 18:24 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-16 18:24 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-16 18:24 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-25 15:04 . 2012-06-25 15:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-22 12:53 . 2010-10-12 10:04 38528 ----a-r- c:\windows\system32\drivers\Afw.sys
2012-06-22 12:52 . 2010-10-12 10:04 445568 ----a-r- c:\windows\system32\drivers\AfwCore.sys
2012-06-20 08:42 . 2012-06-20 08:42 3678720 ----a-w- c:\windows\system32\drivers\athrx.sys
.
.
((((((((((((((((((((((((((((( [EMAIL="SnapShot@2011-11-15_22.12.17"]SnapShot@2011-11-15_22.12.17[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
- 2011-05-12 19:40 . 2009-09-04 16:44 69464 c:\windows\SysWOW64\XAPOFX1_3.dll
+ 2012-02-14 21:04 . 2009-09-04 17:44 69464 c:\windows\SysWOW64\XAPOFX1_3.dll
+ 2011-06-11 01:58 . 2011-06-11 01:58 51024 c:\windows\SysWOW64\vcomp100.dll
+ 2011-10-14 03:35 . 2011-10-14 03:35 66856 c:\windows\SysWOW64\SynTPEnhPS.dll
+ 2012-03-03 10:28 . 2003-01-26 13:41 40960 c:\windows\SysWOW64\ssubtmr6.dll
+ 2012-07-16 19:28 . 2012-06-02 04:34 96768 c:\windows\SysWOW64\sspicli.dll
- 2011-07-02 20:57 . 2010-11-20 12:08 96768 c:\windows\SysWOW64\sspicli.dll
+ 2012-08-16 18:27 . 2012-05-05 07:46 43008 c:\windows\SysWOW64\srclient.dll
- 2009-07-13 23:23 . 2009-07-14 01:16 43008 c:\windows\SysWOW64\srclient.dll
+ 2012-03-08 17:50 . 2012-03-08 17:50 49016 c:\windows\SysWOW64\sirenacm.dll
- 2011-05-13 15:03 . 2011-05-13 15:03 49016 c:\windows\SysWOW64\sirenacm.dll
- 2011-07-02 20:57 . 2010-11-20 12:21 22016 c:\windows\SysWOW64\secur32.dll
+ 2012-07-16 19:28 . 2012-06-02 04:40 22016 c:\windows\SysWOW64\secur32.dll
+ 2012-06-04 14:21 . 2006-10-19 23:10 80024 c:\windows\SysWOW64\PICSDK.dll
+ 2012-01-11 20:14 . 2011-11-19 14:01 67072 c:\windows\SysWOW64\packager.dll
+ 2012-08-16 18:24 . 2012-07-04 21:16 57344 c:\windows\SysWOW64\netapi32.dll
+ 2009-01-22 02:12 . 2009-01-22 02:12 88904 c:\windows\SysWOW64\msxml4r.dll
+ 2012-08-19 17:12 . 2012-06-29 00:01 73216 c:\windows\SysWOW64\mshtmled.dll
+ 2012-08-19 17:12 . 2012-06-29 00:06 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2011-09-12 17:08 . 2011-09-12 17:08 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-06-11 01:58 . 2011-06-11 01:58 81744 c:\windows\SysWOW64\mfcm100u.dll
+ 2011-06-11 01:58 . 2011-06-11 01:58 81744 c:\windows\SysWOW64\mfcm100.dll
+ 2011-06-11 01:58 . 2011-06-11 01:58 60752 c:\windows\SysWOW64\mfc100rus.dll
+ 2011-06-11 01:58 . 2011-06-11 01:58 43344 c:\windows\SysWOW64\mfc100kor.dll
+ 2011-06-11 01:58 . 2011-06-11 01:58 43856 c:\windows\SysWOW64\mfc100jpn.dll
+ 2011-06-11 01:58 . 2011-06-11 01:58 62288 c:\windows\SysWOW64\mfc100ita.dll
+ 2011-06-11 01:58 . 2011-06-11 01:58 64336 c:\windows\SysWOW64\mfc100fra.dll
+ 2011-06-11 01:58 . 2011-06-11 01:58 63824 c:\windows\SysWOW64\mfc100esn.dll
+ 2011-06-11 01:58 . 2011-06-11 01:58 55120 c:\windows\SysWOW64\mfc100enu.dll
+ 2011-06-11 01:58 . 2011-06-11 01:58 64336 c:\windows\SysWOW64\mfc100deu.dll
+ 2011-06-11 01:58 . 2011-06-11 01:58 36176 c:\windows\SysWOW64\mfc100cht.dll
+ 2011-06-11 01:58 . 2011-06-11 01:58 36176 c:\windows\SysWOW64\mfc100chs.dll
- 2011-09-12 17:08 . 2011-09-12 17:08 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-08-19 17:12 . 2012-06-29 00:06 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-06-04 14:21 . 2004-03-03 05:10 21390 c:\windows\SysWOW64\EPPICPattern5.dat
+ 2012-06-04 14:21 . 2004-03-03 05:10 11811 c:\windows\SysWOW64\EPPICPattern4.dat
+ 2012-06-04 14:21 . 2004-03-03 05:10 24903 c:\windows\SysWOW64\EPPICPattern3.dat
+ 2012-06-04 14:21 . 2004-03-03 05:10 20148 c:\windows\SysWOW64\EPPICPattern2.dat
+ 2012-06-04 14:21 . 2004-03-03 05:10 31053 c:\windows\SysWOW64\EPPICPattern131.dat
+ 2012-06-04 14:21 . 2004-03-03 05:10 27417 c:\windows\SysWOW64\EPPICPattern121.dat
+ 2012-06-04 14:21 . 2004-03-03 05:10 26154 c:\windows\SysWOW64\EPPICPattern1.dat
+ 2012-06-04 14:21 . 2006-10-30 23:10 71840 c:\windows\SysWOW64\EPPicMgr.dll
+ 2011-08-30 23:05 . 2011-08-30 23:05 73064 c:\windows\SysWOW64\dnssd.dll
- 2011-07-12 10:20 . 2011-07-12 10:20 73064 c:\windows\SysWOW64\dnssd.dll
- 2011-07-12 10:20 . 2011-07-12 10:20 83816 c:\windows\SysWOW64\dns-sd.exe
+ 2011-08-30 23:05 . 2011-08-30 23:05 83816 c:\windows\SysWOW64\dns-sd.exe
- 2009-07-14 04:54 . 2011-11-11 14:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-09-12 19:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-11 14:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-12 19:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-12 19:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-11 14:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-21 18:58 . 2012-06-02 22:19 44056 c:\windows\system32\wups2.dll
+ 2012-06-21 18:57 . 2012-06-02 22:19 38424 c:\windows\system32\wups.dll
+ 2012-06-21 18:57 . 2012-06-02 22:15 99840 c:\windows\system32\wudriver.dll
+ 2012-06-21 18:58 . 2012-06-02 22:19 57880 c:\windows\system32\wuauclt.exe
+ 2012-06-21 18:57 . 2012-06-02 14:15 36864 c:\windows\system32\wuapp.exe
- 2011-07-02 20:57 . 2010-11-20 13:25 36864 c:\windows\system32\wuapp.exe
+ 2009-08-22 09:34 . 2012-09-16 15:55 77784 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-16 15:55 70152 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-23 21:33 . 2012-09-16 15:55 22178 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1632850937-2603528192-2068011120-1000_UserData.bin
+ 2011-06-11 01:15 . 2011-06-11 01:15 57168 c:\windows\system32\vcomp100.dll
- 2011-07-02 20:58 . 2010-11-20 13:27 29184 c:\windows\system32\sspisrv.dll
+ 2012-01-28 13:21 . 2011-11-17 06:35 29184 c:\windows\system32\sspisrv.dll
+ 2009-08-22 10:47 . 2009-02-27 03:42 66440 c:\windows\system32\spool\drivers\x64\msonpui.dll
- 2011-07-02 20:58 . 2010-11-20 13:27 28160 c:\windows\system32\secur32.dll
+ 2012-01-28 13:21 . 2011-11-17 06:35 28160 c:\windows\system32\secur32.dll
- 2011-07-02 20:59 . 2010-11-20 13:27 77312 c:\windows\system32\rdpwsx.dll
+ 2012-06-16 08:04 . 2012-04-26 05:41 77312 c:\windows\system32\rdpwsx.dll
+ 2012-01-11 20:14 . 2011-11-19 14:58 77312 c:\windows\system32\packager.dll
+ 2012-08-19 17:12 . 2012-06-29 03:40 96768 c:\windows\system32\mshtmled.dll
+ 2012-08-19 17:12 . 2012-06-29 03:46 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2011-09-12 17:08 . 2011-09-12 17:08 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-06-11 01:15 . 2011-06-11 01:15 93008 c:\windows\system32\mfcm100u.dll
+ 2011-06-11 01:15 . 2011-06-11 01:15 93008 c:\windows\system32\mfcm100.dll
+ 2011-06-11 01:15 . 2011-06-11 01:15 60752 c:\windows\system32\mfc100rus.dll
+ 2011-06-11 01:15 . 2011-06-11 01:15 43344 c:\windows\system32\mfc100kor.dll
+ 2011-06-11 01:15 . 2011-06-11 01:15 43856 c:\windows\system32\mfc100jpn.dll
+ 2011-06-11 01:15 . 2011-06-11 01:15 62288 c:\windows\system32\mfc100ita.dll
+ 2011-06-11 01:15 . 2011-06-11 01:15 64336 c:\windows\system32\mfc100fra.dll
+ 2011-06-11 01:15 . 2011-06-11 01:15 63824 c:\windows\system32\mfc100esn.dll
+ 2011-06-11 01:15 . 2011-06-11 01:15 55120 c:\windows\system32\mfc100enu.dll
+ 2011-06-11 01:15 . 2011-06-11 01:15 64336 c:\windows\system32\mfc100deu.dll
+ 2011-06-11 01:15 . 2011-06-11 01:15 36176 c:\windows\system32\mfc100cht.dll
+ 2011-06-11 01:15 . 2011-06-11 01:15 36176 c:\windows\system32\mfc100chs.dll
+ 2012-01-28 13:21 . 2011-11-17 06:33 31232 c:\windows\system32\lsass.exe
- 2009-07-13 23:20 . 2009-07-14 01:39 31232 c:\windows\system32\lsass.exe
+ 2011-12-24 23:39 . 2011-12-26 22:52 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2012-08-19 17:12 . 2012-06-29 03:45 85504 c:\windows\system32\jsproxy.dll
- 2011-09-12 17:08 . 2011-09-12 17:08 85504 c:\windows\system32\jsproxy.dll
+ 2012-04-20 19:28 . 2012-03-01 06:33 81408 c:\windows\system32\imagehlp.dll
+ 2010-10-24 13:58 . 2011-11-16 17:16 84240 c:\windows\system32\GDIPFONTCACHEV1.DAT
- 2010-10-24 13:58 . 2010-10-24 13:58 84240 c:\windows\system32\GDIPFONTCACHEV1.DAT
+ 2012-04-18 17:02 . 2012-03-08 17:40 48488 c:\windows\system32\DRVSTORE\fssfltr_F81BFAB31A96EBC51D97A2D005244F41BE442B43\fssfltr.sys
- 2009-07-14 05:30 . 2011-09-12 17:32 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-09-13 19:34 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-02-15 10:01 . 2012-02-15 10:01 52736 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_509d7a31d0ee45f2\usbaapl64.sys
+ 2011-10-14 03:35 . 2011-10-14 03:35 66856 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_b28b907efbdd0634\SynTPEnhPS32.dll
+ 2011-10-14 03:35 . 2011-10-14 03:35 58664 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_b28b907efbdd0634\SynTPEnhPS.dll
+ 2009-07-14 00:09 . 2009-07-14 00:09 19968 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\usb8023x.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 19968 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\usb80236.sys
+ 2012-09-12 19:31 . 2012-07-04 20:26 41472 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\rndismpx.sys
+ 2012-09-12 19:31 . 2012-07-04 20:26 35840 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\rndismp6.sys
+ 2011-05-10 07:06 . 2011-05-10 07:06 22528 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_amd64_neutral_bf785db627c6d127\netaapl64.sys
+ 2011-11-12 11:18 . 2011-11-12 11:18 40320 c:\windows\system32\DriverStore\FileRepository\leapfrog-02-03-05-012-1373324.inf_amd64_neutral_8d32ba055a076abd\amd64\btblan.sys
+ 2009-10-09 21:22 . 2009-10-09 21:22 40320 c:\windows\system32\DriverStore\FileRepository\leapfrog-02-03-05-012-1373324.inf_amd64_neutral_0d528e379981ed05\amd64\btblan.sys
+ 2011-07-16 19:03 . 2011-04-28 03:54 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\BTHUSB.SYS
+ 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthenum.sys
+ 2012-02-15 10:01 . 2012-02-15 10:01 52736 c:\windows\system32\drivers\usbaapl64.sys
+ 2012-03-13 17:19 . 2012-02-17 04:57 23552 c:\windows\system32\drivers\tdtcp.sys
- 2009-07-14 00:16 . 2009-07-14 00:16 23552 c:\windows\system32\drivers\tdtcp.sys
+ 2012-05-12 15:09 . 2012-03-17 07:58 75120 c:\windows\system32\drivers\partmgr.sys
+ 2011-07-01 13:57 . 2012-03-21 20:53 25160 c:\windows\system32\drivers\NSNetmon.sys
- 2010-12-21 12:32 . 2011-07-01 13:53 25160 c:\windows\system32\drivers\NSNetmon.sys
+ 2012-07-16 19:28 . 2012-06-02 05:48 95600 c:\windows\system32\drivers\ksecdd.sys
+ 2012-04-18 17:02 . 2012-03-08 17:40 48488 c:\windows\system32\drivers\fssfltr.sys
- 2011-05-12 19:47 . 2010-09-22 23:36 48488 c:\windows\system32\drivers\fssfltr.sys
+ 2012-04-20 19:28 . 2012-03-01 06:46 23408 c:\windows\system32\drivers\fs_rec.sys
+ 2009-10-09 21:22 . 2009-10-09 21:22 40320 c:\windows\system32\drivers\btblan.sys
- 2011-07-12 10:34 . 2011-07-12 10:34 85864 c:\windows\system32\dnssd.dll
+ 2011-08-30 23:05 . 2011-08-30 23:05 85864 c:\windows\system32\dnssd.dll
- 2011-07-12 10:34 . 2011-07-12 10:34 96104 c:\windows\system32\dns-sd.exe
+ 2011-08-30 23:05 . 2011-08-30 23:05 96104 c:\windows\system32\dns-sd.exe
+ 2011-12-15 20:35 . 2011-10-26 05:21 43520 c:\windows\system32\csrsrv.dll
- 2009-07-13 23:19 . 2009-07-14 01:40 43520 c:\windows\system32\csrsrv.dll
+ 2009-10-20 08:54 . 2012-09-08 06:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-20 08:54 . 2011-09-13 15:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-20 08:54 . 2012-09-08 06:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-20 08:54 . 2011-09-13 15:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-09-13 15:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-08 06:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-28 13:44 . 2010-02-02 14:48 60416 c:\windows\system32\athihvui.dll
- 2011-07-02 21:00 . 2010-11-20 13:25 67072 c:\windows\splwow64.exe
+ 2012-08-16 18:42 . 2012-02-11 06:36 67072 c:\windows\splwow64.exe
+ 2009-07-14 04:46 . 2012-09-16 09:48 93832 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2011-11-11 15:05 93832 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-12-23 12:31 . 2011-09-12 17:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-23 12:31 . 2012-02-16 21:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-06 16:48 . 2011-04-06 16:48 11120 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
+ 2011-12-15 13:01 . 2011-12-15 13:01 68880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
- 2010-03-18 13:27 . 2010-03-18 13:27 53072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Culture.dll
+ 2011-05-17 10:08 . 2011-05-17 10:08 53072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Culture.dll
+ 2012-01-11 20:14 . 2011-12-25 20:40 43280 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
+ 2011-04-06 16:48 . 2011-04-06 16:48 11120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
+ 2011-12-15 12:08 . 2011-12-15 12:08 57616 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
- 2010-03-18 12:16 . 2010-03-18 12:16 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
+ 2011-05-17 09:27 . 2011-05-17 09:27 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
+ 2012-01-11 20:14 . 2011-12-25 20:42 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2012-06-16 09:55 . 2012-06-16 09:55 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-08-10 18:31 . 2011-08-10 18:31 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-06-16 09:55 . 2012-06-16 09:55 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-08-10 18:31 . 2011-08-10 18:31 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-06-16 09:55 . 2012-06-16 09:55 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-08-10 18:31 . 2011-08-10 18:31 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-06-16 09:55 . 2012-06-16 09:55 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2011-08-10 18:31 . 2011-08-10 18:31 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-06-16 09:55 . 2012-06-16 09:55 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-08-10 18:31 . 2011-08-10 18:31 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-06-16 09:55 . 2012-06-16 09:55 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-06-16 09:55 . 2012-06-16 09:55 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-08-10 18:31 . 2011-08-10 18:31 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-08-10 18:31 . 2011-08-10 18:31 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-06-16 09:55 . 2012-06-16 09:55 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-08-10 18:31 . 2011-08-10 18:31 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-06-16 09:55 . 2012-06-16 09:55 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-06-16 09:55 . 2012-06-16 09:55 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-08-10 18:31 . 2011-08-10 18:31 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-08-10 18:31 . 2011-08-10 18:31 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-06-16 09:55 . 2012-06-16 09:55 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-08-10 18:30 . 2011-08-10 18:30 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-16 09:55 . 2012-06-16 09:55 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-16 09:55 . 2012-06-16 09:55 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-08-10 18:31 . 2011-08-10 18:31 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-06-16 09:55 . 2012-06-16 09:55 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-08-10 18:31 . 2011-08-10 18:31 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-06-16 09:55 . 2012-06-16 09:55 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-08-10 18:31 . 2011-08-10 18:31 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-08-10 18:31 . 2011-08-10 18:31 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-06-16 09:55 . 2012-06-16 09:55 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2011-08-10 18:30 . 2011-08-10 18:30 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-06-16 09:55 . 2012-06-16 09:55 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-06-16 09:55 . 2012-06-16 09:55 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-08-10 18:31 . 2011-08-10 18:31 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-06-16 09:55 . 2012-06-16 09:55 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-08-10 18:30 . 2011-08-10 18:30 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-06-16 09:55 . 2012-06-16 09:55 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-08-10 18:30 . 2011-08-10 18:30 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-16 09:55 . 2012-06-16 09:55 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-08-10 18:30 . 2011-08-10 18:30 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-08-10 18:30 . 2011-08-10 18:30 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-16 09:54 . 2012-06-16 09:54 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-08-10 18:30 . 2011-08-10 18:30 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-16 09:54 . 2012-06-16 09:54 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-18 16:59 . 2012-04-18 16:59 24576 c:\windows\Installer\3e0a48.msp
+ 2011-05-12 19:48 . 2011-05-12 19:48 56832 c:\windows\Installer\3e0a41.msi
+ 2012-04-18 16:59 . 2012-04-18 16:59 65536 c:\windows\Installer\3e0a36.msi
+ 2012-04-18 16:59 . 2012-04-18 16:59 30720 c:\windows\Installer\3e0a31.msp
+ 2011-05-12 19:48 . 2011-05-12 19:48 74240 c:\windows\Installer\3e0a2c.msi
+ 2012-04-18 16:59 . 2012-04-18 16:59 23552 c:\windows\Installer\3e0a27.msp
+ 2011-05-12 19:47 . 2011-05-12 19:47 29696 c:\windows\Installer\3e0a22.msi
+ 2012-04-18 16:59 . 2012-04-18 16:59 60416 c:\windows\Installer\3e0a1c.msp
+ 2012-04-18 16:59 . 2012-04-18 16:59 29184 c:\windows\Installer\3e09bd.msp
+ 2011-09-15 13:35 . 2011-09-15 13:35 67072 c:\windows\Installer\3e09b7.msi
+ 2012-04-18 16:56 . 2012-04-18 16:56 39936 c:\windows\Installer\3e07ee.msp
+ 2011-05-12 19:40 . 2011-05-12 19:40 74240 c:\windows\Installer\3e07e9.msi
+ 2012-04-18 16:56 . 2012-04-18 16:56 26112 c:\windows\Installer\3e07e0.msi
+ 2012-07-20 20:05 . 2012-07-20 20:05 25600 c:\windows\Installer\3731e0.msi
+ 2012-04-11 03:55 . 2012-04-11 03:55 41472 c:\windows\Installer\17a63ab.msi
- 2011-09-15 14:02 . 2011-09-15 14:02 80395 c:\windows\Installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}\MsblIco.Exe
+ 2012-04-18 17:03 . 2012-04-18 17:03 80395 c:\windows\Installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}\MsblIco.Exe
+ 2012-08-16 19:15 . 2012-08-16 19:15 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2011-06-17 20:46 . 2011-06-17 20:46 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2009-08-22 10:48 . 2011-06-17 20:46 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-08-22 10:48 . 2012-08-16 19:16 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-08-22 10:48 . 2012-08-16 19:16 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-08-22 10:48 . 2011-06-17 20:46 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-08-22 10:48 . 2012-08-16 19:16 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-08-22 10:48 . 2011-06-17 20:46 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-06-17 20:46 . 2011-06-17 20:46 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-08-16 19:15 . 2012-08-16 19:15 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-01-16 22:13 . 2012-01-16 22:13 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2012-01-16 22:13 . 2012-01-16 22:13 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\ARPPRODUCTICON.exe
- 2009-08-22 10:24 . 2010-12-16 15:39 25214 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
+ 2009-08-22 10:24 . 2012-04-20 19:40 25214 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
+ 2012-05-30 19:06 . 2012-05-30 19:06 53608 c:\windows\Installer\$PatchCache$\Managed\C8FDA2211ADDC08499638CF882522B56\2.1.9\pthreadVC2.dll
+ 2012-05-30 19:06 . 2012-05-30 19:06 17256 c:\windows\Installer\$PatchCache$\Managed\C8FDA2211ADDC08499638CF882522B56\2.1.9\AppleVersions.dll
+ 2005-12-02 14:18 . 2005-12-02 14:18 29184 c:\windows\Installer\$PatchCache$\Managed\AA73C45227B60034486F898A429181E7\3.0.0\ResetFileTime.exe
+ 2009-10-14 13:24 . 2009-10-14 13:24 99976 c:\windows\Installer\$PatchCache$\Managed\AA73C45227B60034486F898A429181E7\3.0.0\HPDownload.exe
+ 2008-11-11 23:15 . 2008-11-11 23:15 16296 c:\windows\Installer\$PatchCache$\Managed\AA73C45227B60034486F898A429181E7\3.0.0\hpdom.wsf
+ 2012-01-03 09:45 . 2012-01-03 09:45 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\ViewerPS.dll
+ 2012-01-03 22:51 . 2012-01-03 22:51 37296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\reader_sl.exe
+ 2012-01-03 09:44 . 2012-01-03 09:44 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\PDFPrevHndlr.dll
+ 2012-01-03 22:15 . 2012-01-03 22:15 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\eula.exe
+ 2012-01-03 21:52 . 2012-01-03 21:52 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acrotextextractor.exe
+ 2012-01-03 08:19 . 2012-01-03 08:19 16824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32Info.exe
+ 2012-01-03 08:16 . 2012-01-03 08:16 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acroiehelpershim.dll
+ 2012-01-03 08:16 . 2012-01-03 08:16 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroIEHelper.dll
+ 2011-11-02 07:34 . 2011-11-02 07:34 92008 c:\windows\Installer\$PatchCache$\Managed\13E9CB1493D0E264E8C467B7123A1B3C\3.1.8\com.apple.DotMacSync.client_main.dll
+ 2011-11-02 07:34 . 2011-11-02 07:34 55144 c:\windows\Installer\$PatchCache$\Managed\13E9CB1493D0E264E8C467B7123A1B3C\3.1.8\com.apple.DotMacSync.client.exe
+ 2009-02-26 13:06 . 2009-02-26 13:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
+ 2009-02-26 13:06 . 2009-02-26 13:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PXBCOM.EXE
+ 2009-02-26 13:09 . 2009-02-26 13:09 10120 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\XLCALL32.DLL
+ 2009-02-26 18:43 . 2009-02-26 18:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-26 17:45 . 2009-02-26 17:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2006-07-24 17:50 . 2006-07-24 17:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\VBAME.DLL
+ 2009-02-26 14:24 . 2009-02-26 14:24 71536 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\ONFILTER.DLL
+ 2009-02-26 14:24 . 2009-02-26 14:24 97680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\ONENOTEM.EXE
+ 2006-07-24 17:50 . 2006-07-24 17:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSADDNDR.DLL
+ 2009-04-02 12:01 . 2009-04-02 12:01 56680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\EXP_XPS.DLL
+ 2009-04-03 18:46 . 2009-04-03 18:46 97640 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\EXP_PDF.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 56192 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACECNFLT.EXE
+ 2009-02-26 18:43 . 2009-02-26 18:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-26 17:45 . 2009-02-26 17:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2009-02-26 13:06 . 2009-02-26 13:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
+ 2009-02-26 13:06 . 2009-02-26 13:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBCOM.EXE
+ 2010-04-14 15:22 . 2010-04-14 15:22 16384 c:\windows\Hewlett-Packard\SystemDiags.dll
- 2009-07-23 21:52 . 2009-07-23 21:52 16384 c:\windows\Hewlett-Packard\SystemDiags.dll
+ 2010-04-14 09:35 . 2010-04-14 09:35 36864 c:\windows\Hewlett-Packard\Installer.exe
+ 2012-05-13 10:44 . 2012-05-13 10:44 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\7fa267d10b2df6dbd00d00d130715f0a\System.Xml.Serialization.ni.dll
+ 2012-05-13 10:44 . 2012-05-13 10:44 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\054fce9466c6cef615b2f7cc9ff4e7f8\System.Windows.Presentation.ni.dll
+ 2012-05-13 10:44 . 2012-05-13 10:44 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\ff78ec1b5bf38a8fb74c2d4f41bb308a\System.Web.ApplicationServices.ni.dll
+ 2012-05-13 10:39 . 2012-05-13 10:39 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\e144d0028365c62178eb0662911ac910\System.AddIn.Contract.ni.dll
+ 2012-05-13 10:30 . 2012-05-13 10:30 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\93295f3771dc9e5be2d49d5f5d76a7a6\Microsoft.VisualC.ni.dll
+ 2012-05-12 22:33 . 2012-05-12 22:33 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\5ea625ce2d6c08687f70cb81a003a28b\dfsvc.ni.exe
+ 2012-05-12 22:33 . 2012-05-12 22:33 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\061cbee19075e086d675a9e1f65725d7\Accessibility.ni.dll
+ 2012-05-13 10:55 . 2012-05-13 10:55 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\4add87007e0864467659e6a248a7fe06\UIAutomationProvider.ni.dll
+ 2012-05-13 10:59 . 2012-05-13 10:59 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\28caa2ab8a4999900321b653e8b6ddc1\System.Windows.Presentation.ni.dll
+ 2012-05-13 10:59 . 2012-05-13 10:59 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\4967f3e8b106851802f212e963bb8735\System.Web.ApplicationServices.ni.dll
+ 2012-05-13 10:59 . 2012-05-13 10:59 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\7f49661d0e79763b30e9e99e714409a3\System.ServiceModel.Channels.ni.dll
+ 2012-05-13 10:56 . 2012-05-13 10:56 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\a5c37bc9caf315df294f8b680a1ccd6f\System.AddIn.Contract.ni.dll
+ 2012-06-16 14:48 . 2012-06-16 14:48 67072 c:\windows\assembly\NativeImages_v4.0.30319_32\PHOTOfunSTUDIO\484494848cbd34505504dbdaefc8e36a\PHOTOfunSTUDIO.ni.exe
+ 2012-06-16 14:36 . 2012-06-16 14:36 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\PFAC\448339e515640c09589145952ae32f7f\PFAC.ni.exe
+ 2012-06-04 13:59 . 2012-06-04 13:59 10752 c:\windows\assembly\NativeImages_v4.0.30319_32\Panasonic.SMS.Exten#\e2f2f627980bf4e3ec17199e90b9ed08\Panasonic.SMS.Extension.ni.dll
+ 2012-06-04 13:58 . 2012-06-04 13:58 23552 c:\windows\assembly\NativeImages_v4.0.30319_32\Panasonic.Framework#\5dfa7dc72e99d8f6e03eb70e776a8dfb\Panasonic.Framework.Extension.ni.dll
+ 2012-06-16 14:33 . 2012-06-16 14:33 33280 c:\windows\assembly\NativeImages_v4.0.30319_32\Panasonic.Core.Spec#\f26beaea39d1d9ce2f55dfbebe21ec6f\Panasonic.Core.Spec.Plugin.StillPicture.ni.dll
+ 2012-06-04 13:58 . 2012-06-04 13:58 29696 c:\windows\assembly\NativeImages_v4.0.30319_32\Panasonic.Core.Spec#\cb172b65c4431043bd69f88f4710e14d\Panasonic.Core.Spec.PluginFactory.ni.dll
+ 2012-06-04 13:58 . 2012-06-04 13:58 91648 c:\windows\assembly\NativeImages_v4.0.30319_32\Panasonic.Core.Help#\94b064ae8fd1be2cb9c416d0af48ebc6\Panasonic.Core.Helper.UAC.ni.dll
+ 2012-06-04 13:58 . 2012-06-04 13:58 95232 c:\windows\assembly\NativeImages_v4.0.30319_32\Panasonic.Core.Help#\14e17ed4e5176c526171c7c270a000d3\Panasonic.Core.Helper.AutoPlay.ni.dll
+ 2012-06-04 13:58 . 2012-06-04 13:58 17408 c:\windows\assembly\NativeImages_v4.0.30319_32\Panasonic.Core.Core#\0c2d0e01b95d177558b130fea4aa67ef\Panasonic.Core.CoreException.ni.dll
+ 2012-06-04 14:00 . 2012-06-04 14:00 83456 c:\windows\assembly\NativeImages_v4.0.30319_32\MovieRetouch\799e19a4c9421268c8ad6a2f3d68a524\MovieRetouch.ni.exe
+ 2012-05-13 10:54 . 2012-05-13 10:54 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\5ccc57bb582bf753166610089f204601\Microsoft.VisualC.ni.dll
+ 2012-06-04 14:00 . 2012-06-04 14:00 75776 c:\windows\assembly\NativeImages_v4.0.30319_32\Leadtools.Windows.M#\563a3ecd5e56ab502cee0a1712f56333\Leadtools.Windows.Media.TransitionBase.ni.dll
+ 2012-06-04 14:00 . 2012-06-04 14:00 17408 c:\windows\assembly\NativeImages_v4.0.30319_32\ApplicationFramewor#\452f6c90a52d10aa43e136ec81d51a43\ApplicationFramework.View.Effects.ni.dll
+ 2012-05-13 10:54 . 2012-05-13 10:54 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\414da765b5d5bb7fde97c0ea22de7d74\Accessibility.ni.dll
+ 2012-05-13 10:29 . 2012-05-13 10:29 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\fb4bc14964a1d415bdbe55b62ce73a52\System.Windows.Presentation.ni.dll
+ 2012-06-16 15:15 . 2012-06-16 15:15 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\eef76dd965ea0a8ae5fb0c734d84389c\System.Web.DynamicData.Design.ni.dll
+ 2012-05-13 10:28 . 2012-05-13 10:28 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\acd8bdefdcae0ce7c27b5ec016ef865c\System.Web.DynamicData.Design.ni.dll
+ 2012-05-13 10:18 . 2012-05-13 10:18 90624 c:\windows\assembly\NativeImages_v2.0.50727_64\stdole\ee709a01b51c82626f4b2c1173f2db28\stdole.ni.dll
+ 2012-05-13 10:25 . 2012-05-13 10:25 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\78f495970511b726a0ca7b8119360e25\PresentationFontCache.ni.exe
+ 2012-05-13 09:59 . 2012-05-13 09:59 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\1a359e9b908a2565c546a8ca04b241c2\PresentationCFFRasterizer.ni.dll
+ 2012-05-13 10:24 . 2012-05-13 10:24 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\9d57c4bbbc0b3243046fc7839da71b00\Microsoft.WSMan.Runtime.ni.dll
+ 2012-05-13 10:24 . 2012-05-13 10:24 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\d6578432220dbabf2b15027681327bf8\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-05-13 10:24 . 2012-05-13 10:24 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\66deb65a87750efddf62d1e0c0655352\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-05-13 10:24 . 2012-05-13 10:24 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\4b6402dc918e41b8de8c501f29833d91\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-05-13 10:24 . 2012-05-13 10:24 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\28545d2b6a0aaef4aa168f9808603bc5\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-05-13 10:24 . 2012-05-13 10:24 70144 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\1d8a17a2c1416a8ad4d6ad2a28b4c5fd\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2012-05-13 10:24 . 2012-05-13 10:24 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\0abc7256549c204f39af7dcc52c9e5d5\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2012-05-13 09:55 . 2012-05-13 09:55 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\3c3a6cce983114e7406e0a6e6116ecd8\Microsoft.VisualC.ni.dll
+ 2012-05-13 10:18 . 2012-05-13 10:18 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\6ab0575bf49b60fd4b697d47e1754072\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2012-05-13 10:20 . 2012-05-13 10:20 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\1569a004b1f41193818e3b3777f2c73d\LoadMxf.ni.exe
+ 2012-05-13 10:18 . 2012-05-13 10:18 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\3ee98e8b2084e27d65953bbd7e362bf8\ehiUPnP.ni.dll
+ 2012-05-13 10:18 . 2012-05-13 10:18 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\1cd9f92749d29b9fd61fcb1c4ae84294\ehiTVMSMusic.ni.dll
+ 2012-05-13 10:17 . 2012-05-13 10:17 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\0811f67973c32efb2bfad62a4a2592b5\dfsvc.ni.exe
+ 2012-05-13 09:59 . 2012-05-13 09:59 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\ae9311dcb0e713330a2a86b04cf361dc\Accessibility.ni.dll
+ 2012-06-16 14:07 . 2012-06-16 14:07 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\6f2890f46db84bc57f09b9e898dcc0e2\WindowsLiveWriter.ni.exe
+ 2012-05-13 10:47 . 2012-05-13 10:47 80896 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b139a1cda26d066860aaa83ff1f0ff91\WindowsLive.Writer.Passport.ni.dll
+ 2012-05-13 10:06 . 2012-05-13 10:06 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll
+ 2012-05-13 10:53 . 2012-05-13 10:53 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\66d750f3f8dde0cc865f921497ab3545\System.Windows.Presentation.ni.dll
+ 2012-06-16 14:21 . 2012-06-16 14:21 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\2b97ccae44726f13c418f1406180c3e8\System.Web.DynamicData.Design.ni.dll
+ 2012-05-13 10:51 . 2012-05-13 10:51 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\543b0e12423bcec010bdd2ac27c5dc04\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-13 10:09 . 2012-05-13 10:09 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f34410ab8e82063735d876533db26c49\System.AddIn.Contract.ni.dll
+ 2012-05-13 10:49 . 2012-05-13 10:49 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\d246780b91fd9f6393e85fb13bde94a6\stdole.ni.dll
+ 2012-05-13 10:51 . 2012-05-13 10:51 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\d24744f15243e28ea541a459ff7ff5d5\PresentationFontCache.ni.exe
+ 2012-05-13 10:06 . 2012-05-13 10:06 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5a9d0ff936810991cedd098fe006a9be\PresentationCFFRasterizer.ni.dll
+ 2012-05-13 10:51 . 2012-05-13 10:51 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\87a30ba337ed55d0905f19742e2985bc\napcrypt.ni.dll
+ 2012-05-13 10:50 . 2012-05-13 10:50 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\9f2e8e0df9ff39ad21088f1d66cfadb1\Microsoft.WSMan.Runtime.ni.dll
+ 2012-05-13 10:50 . 2012-05-13 10:50 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\d797123d55bb7b823120d0a7ffbbc2a7\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-05-13 10:50 . 2012-05-13 10:50 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\cb8ad29814d9e5589bd400d38e7a0b10\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2012-05-13 10:50 . 2012-05-13 10:50 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\cb42a0f25b7608b2675080081b03f6e5\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2012-05-13 10:50 . 2012-05-13 10:50 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\c6e9143be5afb36345875d56b61c444f\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-05-13 10:50 . 2012-05-13 10:50 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\91767cf3facefe10e00734c815e925ad\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-05-13 10:50 . 2012-05-13 10:50 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\66cd99d2f576cde047074e98bd5e1848\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-05-13 10:50 . 2012-05-13 10:50 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\4308e1bdc640e1c3f1ea966e84e48900\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-05-13 10:46 . 2012-05-13 10:46 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\06fcf2fbbe38d9425fc49d935498ec93\Microsoft.Vsa.ni.dll
+ 2012-05-13 10:05 . 2012-05-13 10:05 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\55c57057dc81a5e8c5bde3a230f0bcb9\Microsoft.VisualC.ni.dll
+ 2012-05-13 10:49 . 2012-05-13 10:49 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e3ef400b1f37e4d3b79a42a8a602ea02\Microsoft.Build.Framework.ni.dll
+ 2012-05-13 10:49 . 2012-05-13 10:49 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\2095344bf8c40f8baa94ba53a993fb4c\Microsoft.Build.Framework.ni.dll
+ 2012-05-13 10:48 . 2012-05-13 10:48 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\dc93539af5a961641a26ada75f730136\ehiUserXp.ni.dll
+ 2012-05-13 10:46 . 2012-05-13 10:46 73728 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\763299b8e4ac3c909c996e1eb37c5939\DriversHQ.DriverDetective.ExceptionLogging.ni.dll
+ 2012-05-13 10:48 . 2012-05-13 10:48 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\53d03b0e238c77cf7e5ac88e02aecd2c\dfsvc.ni.exe
+ 2012-05-13 10:06 . 2012-05-13 10:06 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
+ 2012-06-04 13:54 . 2012-06-04 13:54 10096 c:\windows\assembly\GAC_MSIL\policy.3.5.System.Data.SqlServerCe\3.5.0.0__89845dcd8080cc91\policy.3.5.System.Data.SqlServerCe.dll
+ 2012-06-04 13:54 . 2012-06-04 13:54 10096 c:\windows\assembly\GAC_MSIL\policy.3.5.System.Data.SqlServerCe.Entity\3.5.0.0__89845dcd8080cc91\policy.3.5.System.Data.SqlServerCe.Entity.dll
+ 2012-06-04 13:54 . 2012-06-04 13:54 92016 c:\windows\assembly\GAC_MSIL\Microsoft.Synchronization.Data.SqlServerCe\3.5.0.0__89845dcd8080cc91\Microsoft.Synchronization.Data.SqlServerCe.dll
+ 2012-03-03 09:05 . 2012-03-03 09:05 73728 c:\windows\assembly\GAC_MSIL\Google.GData.YouTube\1.9.0.0__af04a32718ae8833\Google.GData.YouTube.dll
+ 2012-03-03 09:05 . 2012-03-03 09:05 90112 c:\windows\assembly\GAC_MSIL\Google.GData.Extensions\1.9.0.0__0b4c5df2ebf20876\Google.GData.Extensions.dll
+ 2012-03-08 10:45 . 2012-03-08 10:45 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2012-03-08 10:45 . 2012-03-08 10:45 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2009-12-26 01:01 . 2009-12-26 01:01 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2009-07-14 00:19 . 2009-07-14 01:11 5120 c:\windows\SysWOW64\wmi.dll
+ 2012-04-20 19:28 . 2012-03-01 05:29 5120 c:\windows\SysWOW64\wmi.dll
+ 2011-12-15 20:30 . 2011-11-05 04:26 2048 c:\windows\SysWOW64\tzres.dll
- 2011-08-24 19:54 . 2011-07-09 04:29 2048 c:\windows\SysWOW64\tzres.dll
+ 2012-07-16 19:28 . 2010-06-26 03:24 2048 c:\windows\SysWOW64\msxml3r.dll
- 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\SysWOW64\msxml3r.dll
+ 2012-06-04 14:21 . 2004-03-03 05:10 4943 c:\windows\SysWOW64\EPPICPattern6.dat
+ 2012-04-20 19:28 . 2012-03-01 06:28 5120 c:\windows\system32\wmi.dll
- 2009-07-14 00:41 . 2009-07-14 01:33 5120 c:\windows\system32\wmi.dll
+ 2010-03-30 18:46 . 2012-08-25 22:01 6946 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2009-10-20 08:25 . 2011-11-16 17:17 2894 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1632850937-2603528192-2068011120-500_UserData.bin
- 2011-08-24 19:54 . 2011-07-09 05:26 2048 c:\windows\system32\tzres.dll
+ 2011-12-15 20:30 . 2011-11-05 05:32 2048 c:\windows\system32\tzres.dll
+ 2012-06-16 08:04 . 2012-04-26 05:34 9216 c:\windows\system32\rdrmemptylst.exe
+ 2012-07-16 19:28 . 2010-06-26 03:55 2048 c:\windows\system32\msxml3r.dll
- 2009-07-14 00:41 . 2009-07-14 01:30 2048 c:\windows\system32\msxml3r.dll
- 2011-11-15 21:05 . 2011-11-15 21:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-16 16:24 . 2012-09-16 16:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-16 16:24 . 2012-09-16 16:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-15 21:05 . 2011-11-15 21:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-13 10:59 . 2012-05-13 10:59 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\5d0529cca67ada47749f5373ae050a4a\System.Xml.Serialization.ni.dll
+ 2012-05-13 10:54 . 2012-05-13 10:54 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\1361a05238cfe45d7da6cb4b367a986c\dfsvc.ni.exe
- 2011-05-13 14:42 . 2011-05-13 14:42 302448 c:\windows\WLXPGSS.SCR
+ 2012-03-08 17:37 . 2012-03-08 17:37 302448 c:\windows\WLXPGSS.SCR
+ 2012-02-14 21:04 . 2009-09-04 17:44 515416 c:\windows\SysWOW64\XAudio2_5.dll
- 2011-05-12 19:40 . 2009-09-04 16:44 515416 c:\windows\SysWOW64\XAudio2_5.dll
+ 2012-04-20 19:28 . 2012-03-01 05:37 172544 c:\windows\SysWOW64\wintrust.dll
- 2011-07-02 21:00 . 2010-11-20 12:21 492032 c:\windows\SysWOW64\win32spl.dll
+ 2012-08-16 18:42 . 2012-02-11 05:43 492032 c:\windows\SysWOW64\win32spl.dll
- 2011-07-02 21:00 . 2010-11-20 12:21 314880 c:\windows\SysWOW64\webio.dll
+ 2012-01-28 13:21 . 2011-11-17 05:35 314880 c:\windows\SysWOW64\webio.dll
+ 2012-08-19 17:12 . 2012-06-29 00:07 231936 c:\windows\SysWOW64\url.dll
- 2011-09-12 17:08 . 2011-09-12 17:08 231936 c:\windows\SysWOW64\url.dll
+ 2011-10-14 03:35 . 2011-10-14 03:35 107816 c:\windows\SysWOW64\SynTPCOM.dll
- 2009-07-14 23:13 . 2009-07-14 23:13 107816 c:\windows\SysWOW64\SynTPCOM.dll
+ 2011-10-14 03:35 . 2011-10-14 03:35 222504 c:\windows\SysWOW64\SynCtrl.dll
+ 2011-10-14 03:35 . 2011-10-14 03:35 177448 c:\windows\SysWOW64\SynCOM.dll
+ 2012-07-16 19:28 . 2012-06-02 04:40 225280 c:\windows\SysWOW64\schannel.dll
+ 2012-03-13 17:19 . 2012-02-17 05:34 826880 c:\windows\SysWOW64\rdpcore.dll
- 2009-07-14 00:05 . 2009-07-14 01:16 465408 c:\windows\SysWOW64\psisdecd.dll
+ 2011-11-16 01:15 . 2011-08-17 04:24 465408 c:\windows\SysWOW64\psisdecd.dll
+ 2012-06-04 14:21 . 2007-06-21 23:10 501912 c:\windows\SysWOW64\PICSDK2.dll
+ 2012-06-04 14:21 . 2006-10-19 23:10 108704 c:\windows\SysWOW64\PICEntry.dll
+ 2011-11-16 01:14 . 2011-08-27 04:26 571904 c:\windows\SysWOW64\oleaut32.dll
- 2011-06-17 19:37 . 2011-02-25 05:34 571904 c:\windows\SysWOW64\oleaut32.dll
+ 2011-11-16 01:14 . 2011-08-27 04:26 233472 c:\windows\SysWOW64\oleacc.dll
- 2009-07-13 23:26 . 2009-07-14 01:16 233472 c:\windows\SysWOW64\oleacc.dll
+ 2012-02-16 16:25 . 2012-01-04 08:58 442880 c:\windows\SysWOW64\ntshrui.dll
- 2011-07-02 20:59 . 2010-11-20 12:20 442880 c:\windows\SysWOW64\ntshrui.dll
- 2009-07-13 23:33 . 2009-07-14 01:16 219136 c:\windows\SysWOW64\ncrypt.dll
+ 2012-07-16 19:28 . 2012-06-02 04:39 219136 c:\windows\SysWOW64\ncrypt.dll
+ 2012-02-16 16:21 . 2011-12-16 07:52 690688 c:\windows\SysWOW64\msvcrt.dll
- 2009-07-13 23:12 . 2009-07-14 01:15 690688 c:\windows\SysWOW64\msvcrt.dll
+ 2011-06-11 01:58 . 2011-06-11 01:58 773968 c:\windows\SysWOW64\msvcr100.dll
+ 2011-06-11 01:58 . 2011-06-11 01:58 421200 c:\windows\SysWOW64\msvcp100.dll
+ 2012-08-29 15:38 . 2012-08-29 15:38 690888 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
+ 2012-08-29 15:38 . 2012-08-29 15:38 474824 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.dll
+ 2012-08-16 18:50 . 2012-08-16 18:50 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe
+ 2012-03-29 16:18 . 2012-08-29 15:38 250568 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-08-19 17:12 . 2012-06-29 00:04 717824 c:\windows\SysWOW64\jscript.dll
- 2011-07-02 12:52 . 2011-05-04 03:52 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-01-28 18:45 . 2012-01-28 18:45 157472 c:\windows\SysWOW64\javaws.exe
- 2011-07-02 12:52 . 2011-05-04 03:52 145184 c:\windows\SysWOW64\javaw.exe
+ 2012-01-28 18:45 . 2012-01-28 18:45 145184 c:\windows\SysWOW64\javaw.exe
- 2011-07-02 12:52 . 2011-05-04 03:52 145184 c:\windows\SysWOW64\java.exe
+ 2012-01-28 18:45 . 2012-01-28 18:45 145184 c:\windows\SysWOW64\java.exe
+ 2011-11-16 01:12 . 2011-07-27 04:27 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL
- 2009-07-13 23:26 . 2009-07-14 01:15 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL
+ 2012-04-20 19:28 . 2012-03-01 05:33 159232 c:\windows\SysWOW64\imagehlp.dll
- 2011-09-12 17:08 . 2011-09-12 17:08 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-08-19 17:12 . 2012-06-29 00:04 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-08-19 17:12 . 2012-06-28 23:57 176640 c:\windows\SysWOW64\ieui.dll
- 2011-09-12 17:08 . 2011-09-12 17:08 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-06-04 14:21 . 2006-10-30 23:10 120992 c:\windows\SysWOW64\EpPicPrt.dll
+ 2012-06-04 14:21 . 2005-05-31 23:20 111932 c:\windows\SysWOW64\EPPICPrinterDB.dat
+ 2011-12-15 20:30 . 2011-10-15 05:38 534528 c:\windows\SysWOW64\EncDec.dll
- 2011-03-08 21:30 . 2010-12-23 05:54 534528 c:\windows\SysWOW64\EncDec.dll
- 2011-07-02 12:52 . 2011-05-04 03:52 472808 c:\windows\SysWOW64\deployJava1.dll
+ 2011-07-02 12:52 . 2012-01-28 18:45 472808 c:\windows\SysWOW64\deployJava1.dll
+ 2012-02-14 21:04 . 2009-09-04 17:29 453456 c:\windows\SysWOW64\d3dx10_42.dll
- 2011-05-12 19:40 . 2009-09-04 16:29 453456 c:\windows\SysWOW64\d3dx10_42.dll
+ 2012-06-16 08:19 . 2012-04-24 04:36 140288 c:\windows\SysWOW64\cryptsvc.dll
+ 2012-06-16 08:19 . 2012-04-24 04:36 103936 c:\windows\SysWOW64\cryptnet.dll
- 2010-01-24 10:26 . 2011-04-20 19:45 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-01-24 10:26 . 2012-03-12 16:54 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-16 19:26 . 2012-06-06 05:03 805376 c:\windows\SysWOW64\cdosys.dll
- 2011-07-02 20:58 . 2010-11-20 12:18 805376 c:\windows\SysWOW64\cdosys.dll
+ 2011-06-11 01:58 . 2011-06-11 01:58 138056 c:\windows\SysWOW64\atl100.dll
+ 2012-06-21 18:57 . 2012-06-02 14:19 186752 c:\windows\system32\wuwebv.dll
+ 2012-06-21 18:57 . 2012-06-02 22:19 701976 c:\windows\system32\wuapi.dll
+ 2012-04-20 19:28 . 2012-03-01 06:38 220672 c:\windows\system32\wintrust.dll
- 2011-07-02 21:00 . 2010-11-20 13:27 220672 c:\windows\system32\wintrust.dll
+ 2012-08-16 18:42 . 2012-02-11 06:43 751104 c:\windows\system32\win32spl.dll
- 2011-07-02 21:00 . 2010-11-20 13:27 751104 c:\windows\system32\win32spl.dll
- 2011-07-02 21:00 . 2010-11-20 13:27 395776 c:\windows\system32\webio.dll
+ 2012-01-28 13:21 . 2011-11-17 06:35 395776 c:\windows\system32\webio.dll
+ 2010-01-18 15:39 . 2012-09-06 19:34 214392 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-01-02 21:27 . 2012-09-01 21:30 301788 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-09-12 17:08 . 2011-09-12 17:08 237056 c:\windows\system32\url.dll
+ 2012-08-19 17:12 . 2012-06-29 03:47 237056 c:\windows\system32\url.dll
+ 2011-10-14 03:35 . 2011-10-14 03:35 148776 c:\windows\system32\SynTPCo9.dll
- 2009-07-14 23:13 . 2009-07-14 23:13 147752 c:\windows\system32\SynTPCo4.dll
+ 2012-01-28 14:01 . 2012-01-28 14:00 147752 c:\windows\system32\SynTPCo4.dll
+ 2011-10-14 03:35 . 2011-10-14 03:35 226600 c:\windows\system32\SynTPAPI.dll
+ 2011-10-14 03:35 . 2011-10-14 03:35 277800 c:\windows\system32\SynCtrl.dll
+ 2012-01-28 14:01 . 2011-10-14 03:35 415528 c:\windows\system32\SynCOM.dll
- 2011-07-02 20:59 . 2010-11-20 13:27 136192 c:\windows\system32\sspicli.dll
+ 2012-01-28 13:21 . 2011-11-17 06:35 136192 c:\windows\system32\sspicli.dll
+ 2012-08-16 18:27 . 2012-05-05 08:36 503808 c:\windows\system32\srcore.dll
- 2011-07-02 21:00 . 2010-11-20 13:25 559104 c:\windows\system32\spoolsv.exe
+ 2012-08-16 18:42 . 2012-02-11 06:36 559104 c:\windows\system32\spoolsv.exe
+ 2009-08-22 10:47 . 2009-02-27 03:42 863128 c:\windows\system32\spool\drivers\x64\msonpdrv.dll
- 2011-07-02 21:01 . 2010-11-20 13:27 340992 c:\windows\system32\schannel.dll
+ 2012-07-16 19:28 . 2012-06-02 05:45 340992 c:\windows\system32\schannel.dll
- 2011-07-02 20:59 . 2010-11-20 13:27 149504 c:\windows\system32\rdpcorekmts.dll
+ 2012-06-16 08:04 . 2012-04-26 05:41 149504 c:\windows\system32\rdpcorekmts.dll
+ 2011-11-16 01:15 . 2011-08-17 05:26 613888 c:\windows\system32\psisdecd.dll
- 2009-07-14 00:20 . 2009-07-14 01:41 613888 c:\windows\system32\psisdecd.dll
- 2011-07-02 21:00 . 2010-11-20 13:27 209920 c:\windows\system32\profsvc.dll
+ 2012-06-16 07:53 . 2012-05-01 05:40 209920 c:\windows\system32\profsvc.dll
+ 2009-07-14 02:36 . 2012-09-13 19:43 628874 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-13 19:43 111026 c:\windows\system32\perfc009.dat
- 2011-06-17 19:37 . 2011-02-25 06:22 861696 c:\windows\system32\oleaut32.dll
+ 2011-11-16 01:14 . 2011-08-27 05:37 861696 c:\windows\system32\oleaut32.dll
+ 2011-11-16 01:14 . 2011-08-27 05:37 331776 c:\windows\system32\oleacc.dll
- 2009-07-13 23:39 . 2009-07-14 01:41 331776 c:\windows\system32\oleacc.dll
+ 2012-02-16 16:25 . 2012-01-04 10:44 509952 c:\windows\system32\ntshrui.dll
- 2011-07-02 21:00 . 2010-11-20 13:27 509952 c:\windows\system32\ntshrui.dll
+ 2012-07-16 19:28 . 2012-06-02 05:44 307200 c:\windows\system32\ncrypt.dll
- 2009-07-13 23:49 . 2009-07-14 01:41 307200 c:\windows\system32\ncrypt.dll
- 2009-07-13 23:19 . 2009-07-14 01:41 6

ASJ112

delete this folder in bold

c:\programdata\dciepjphdmrmncs


then we are all done unless there are any issues.

Hedgecutter

ASJ112 wrote: »

delete this folder in bold

c:\programdata\dciepjphdmrmncs


then we are all done unless there are any issues.

Cheers ASJ1122

Anthonyk2010

ASJ112 wrote: »

delete this folder in bold

c:\programdata\dciepjphdmrmncs


then we are all done unless there are any issues.

Working like a dream again ASJ. Thank you.
How do you know which folder it was ?

ASJ112

well it was a few different files/folders that were deleted during the process, that was just a left over entry. Randomly named file/folders are often malware related

Anthonyk2010

ASJ112 wrote: »

well it was a few different files/folders that were deleted during the process, that was just a left over entry. Randomly named file/folders are often malware related

Thanks again. Appreciate your help.