vicisaran

Members
  • Content count

    23
  • Joined

  • Last visited

About vicisaran

  • Rank
    New Member
  1. Here is the Extras.Txt log: OTL Extras logfile created on: 8/22/2012 8:14:56 PM - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Victor\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.80 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 71.10% Memory free 7.60 Gb Paging File | 5.95 Gb Available in Paging File | 78.25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452.58 Gb Total Space | 283.07 Gb Free Space | 62.55% Space Free | Partition Type: NTFS Computer Name: VICTOR-PC | User Name: Victor | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl[@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0BA9CF43-267F-4DA6-8B7B-9E7CB10981F6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{6A1F2482-A969-444B-BAC4-D40AC9D2DD68}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{210C2287-7277-4032-9D84-EBEE9835DECF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{7A8025D2-D8F6-4805-A09D-5AFE813725A0}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{8E9E864D-DB5A-4835-B29A-4AD1E723A7BD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{964EFD39-49E9-4435-9346-07ACF7D7CC18}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{99F0D604-086D-4EE4-910D-32A289FFF709}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{A0994ADE-855D-4B92-A308-BDC0A25DB2FD}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{BFA3EA71-55DD-400C-8A07-2D60423C694D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DC5C4C5C-F17A-4336-A26C-570AA9C8A5DD}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "TCP Query User{144FF054-8101-455C-A137-3A55102D44B7}C:\users\work\appdata\local\vghd\bin\virtuagirl_downloader.exe" = protocol=6 | dir=in | app=c:\users\work\appdata\local\vghd\bin\virtuagirl_downloader.exe | "TCP Query User{18A033BC-88B9-4B87-9661-CD67C652D1E1}C:\users\work\appdata\local\vghd\bin\virtuagirl_downloader.exe" = protocol=6 | dir=in | app=c:\users\work\appdata\local\vghd\bin\virtuagirl_downloader.exe | "TCP Query User{9141A79E-0CED-49BC-B9AF-B09546D3D321}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{1C20B207-A4E1-4713-9A00-24871ACB472A}C:\users\work\appdata\local\vghd\bin\virtuagirl_downloader.exe" = protocol=17 | dir=in | app=c:\users\work\appdata\local\vghd\bin\virtuagirl_downloader.exe | "UDP Query User{6842E96C-302A-4D08-B8E3-2E97307AA25E}C:\users\work\appdata\local\vghd\bin\virtuagirl_downloader.exe" = protocol=17 | dir=in | app=c:\users\work\appdata\local\vghd\bin\virtuagirl_downloader.exe | "UDP Query User{C8543A4A-8620-4A49-9C03-5CA778DDDC0E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor "{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board "{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup "{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "CNXT_AUDIO_HDA" = Conexant HD Audio "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0 "{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver "{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{39187A4B-7538-4BE7-8BAD-9E83303793AA}" = Toshiba Book Place "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{78FADD33-5D93-4FB8-AC29-1D823C0574B8}" = ASPCA Reminder by We-Care.com v4.1.17.1 "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer "{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor "Any Video Converter_is1" = Any Video Converter 3.4.0 "AVG Secure Search" = AVG Security Toolbar "BurnAware Free_is1" = BurnAware Free 5.0.1 "DVD Shrink_is1" = DVD Shrink 3.2 "ERUNT_is1" = ERUNT 1.1j "ESET Online Scanner" = ESET Online Scanner v3 "funmoods" = Funmoods Web Search "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board "InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup "InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "Magic DVD Ripper_is1" = Magic DVD Ripper V7.0.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "NortonPCCheckup" = Toshiba Laptop Checkup "Opera 12.00.1467" = Opera 12.00 "RealPlayer 15.0" = RealPlayer "TOSHIBA Game Console" = WildTangent ORB Game Console "VLC media player" = VLC media player 2.0.0 "WildTangent toshiba Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.20 (32-bit) "WT088682" = Bejeweled 2 Deluxe "WT088696" = Chuzzle Deluxe "WT088750" = Jewel Quest - Heritage "WT088759" = Polar Bowler "WT089366" = Cake Mania - Lights, Camera, Action! "WT089368" = FATE - The Traitor Soul "WT089379" = Mystery P.I. - The London Caper "WT089381" = Slingo Supreme "WT089386" = Governor of Poker 2 Premium Edition "WT089395" = Plants vs. Zombies - Game of the Year "ZMatrix_is1" = ZMatrix 1.4.8 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 8/19/2012 11:11:19 PM | Computer Name = Victor-PC | Source = Toshiba App Place | ID = 0 Description = Error - 8/20/2012 7:41:01 AM | Computer Name = Victor-PC | Source = Toshiba App Place | ID = 0 Description = Error - 8/20/2012 8:26:48 AM | Computer Name = Victor-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 8/20/2012 9:28:54 AM | Computer Name = Victor-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error - 8/20/2012 11:08:08 AM | Computer Name = Victor-PC | Source = Toshiba App Place | ID = 0 Description = Error - 8/20/2012 11:41:13 AM | Computer Name = Victor-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error - 8/20/2012 2:56:15 PM | Computer Name = Victor-PC | Source = Toshiba App Place | ID = 0 Description = Error - 8/21/2012 12:02:51 AM | Computer Name = Victor-PC | Source = Toshiba App Place | ID = 0 Description = Error - 8/21/2012 12:49:54 AM | Computer Name = Victor-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 8/21/2012 8:35:49 AM | Computer Name = Victor-PC | Source = Toshiba App Place | ID = 0 Description = [ System Events ] Error - 8/12/2012 2:51:13 PM | Computer Name = Victor-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 2:45:58 PM on ?8/?12/?2012 was unexpected. Error - 8/12/2012 6:44:28 PM | Computer Name = Victor-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 6:43:01 PM on ?8/?12/?2012 was unexpected. Error - 8/12/2012 6:50:00 PM | Computer Name = Victor-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 6:46:20 PM on ?8/?12/?2012 was unexpected. Error - 8/12/2012 7:45:49 PM | Computer Name = Victor-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 7:43:53 PM on ?8/?12/?2012 was unexpected. Error - 8/12/2012 7:53:21 PM | Computer Name = Victor-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 7:50:13 PM on ?8/?12/?2012 was unexpected. Error - 8/12/2012 8:45:45 PM | Computer Name = Victor-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 8:44:15 PM on ?8/?12/?2012 was unexpected. Error - 8/12/2012 8:47:32 PM | Computer Name = Victor-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 8:45:45 PM on ?8/?12/?2012 was unexpected. Error - 8/12/2012 9:05:13 PM | Computer Name = Victor-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 9:02:26 PM on ?8/?12/?2012 was unexpected. Error - 8/12/2012 9:07:51 PM | Computer Name = Victor-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 9:06:30 PM on ?8/?12/?2012 was unexpected. Error - 8/12/2012 11:11:46 PM | Computer Name = Victor-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 10:05:44 PM on ?8/?12/?2012 was unexpected. < End of report >
  2. [2012/07/27 12:18:09 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll [2012/07/27 12:18:09 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\packager.dll [2012/07/27 12:02:24 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Toshiba [2012/07/27 12:02:23 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\TOSHIBA_Corporation [2012/07/27 12:00:17 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll [2012/07/27 12:00:17 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll [2012/07/27 11:58:37 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\Toshiba [2012/07/27 11:57:58 | 000,000,000 | R--D | C] -- C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012/07/27 11:57:58 | 000,000,000 | R--D | C] -- C:\Users\Victor\Searches [2012/07/27 11:57:58 | 000,000,000 | R--D | C] -- C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012/07/27 11:57:58 | 000,000,000 | -H-D | C] -- C:\Users\Victor\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2012/07/27 11:57:48 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Identities [2012/07/27 11:57:46 | 000,000,000 | R--D | C] -- C:\Users\Victor\Contacts [2012/07/27 11:57:44 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\VirtualStore [2012/07/27 11:56:41 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll [2012/07/27 11:56:41 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe [2012/07/27 11:56:41 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll [2012/07/27 11:56:41 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\WinBatch [2012/07/27 11:56:20 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll [2012/07/27 11:56:20 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll [2012/07/27 11:56:20 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll [2012/07/27 11:56:00 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll [2012/07/27 11:56:00 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe [2012/07/27 11:55:47 | 000,000,000 | -HSD | C] -- C:\Users\Victor\AppData\Local\Temporary Internet Files [2012/07/27 11:55:47 | 000,000,000 | -HSD | C] -- C:\Users\Victor\Templates [2012/07/27 11:55:47 | 000,000,000 | -HSD | C] -- C:\Users\Victor\Start Menu [2012/07/27 11:55:47 | 000,000,000 | -HSD | C] -- C:\Users\Victor\SendTo [2012/07/27 11:55:47 | 000,000,000 | -HSD | C] -- C:\Users\Victor\Recent [2012/07/27 11:55:47 | 000,000,000 | -HSD | C] -- C:\Users\Victor\PrintHood [2012/07/27 11:55:47 | 000,000,000 | -HSD | C] -- C:\Users\Victor\NetHood [2012/07/27 11:55:47 | 000,000,000 | -HSD | C] -- C:\Users\Victor\Documents\My Videos [2012/07/27 11:55:47 | 000,000,000 | -HSD | C] -- C:\Users\Victor\Documents\My Pictures [2012/07/27 11:55:47 | 000,000,000 | -HSD | C] -- C:\Users\Victor\Documents\My Music [2012/07/27 11:55:47 | 000,000,000 | -HSD | C] -- C:\Users\Victor\My Documents [2012/07/27 11:55:47 | 000,000,000 | -HSD | C] -- C:\Users\Victor\Local Settings [2012/07/27 11:55:47 | 000,000,000 | -HSD | C] -- C:\Users\Victor\AppData\Local\History [2012/07/27 11:55:47 | 000,000,000 | -HSD | C] -- C:\Users\Victor\Cookies [2012/07/27 11:55:47 | 000,000,000 | -HSD | C] -- C:\Users\Victor\Application Data [2012/07/27 11:55:47 | 000,000,000 | -HSD | C] -- C:\Users\Victor\AppData\Local\Application Data [2012/07/27 11:55:46 | 000,000,000 | --SD | C] -- C:\Users\Victor\AppData\Roaming\Microsoft [2012/07/27 11:55:46 | 000,000,000 | R--D | C] -- C:\Users\Victor\Videos [2012/07/27 11:55:46 | 000,000,000 | R--D | C] -- C:\Users\Victor\Saved Games [2012/07/27 11:55:46 | 000,000,000 | R--D | C] -- C:\Users\Victor\Pictures [2012/07/27 11:55:46 | 000,000,000 | R--D | C] -- C:\Users\Victor\Music [2012/07/27 11:55:46 | 000,000,000 | R--D | C] -- C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012/07/27 11:55:46 | 000,000,000 | R--D | C] -- C:\Users\Victor\Links [2012/07/27 11:55:46 | 000,000,000 | R--D | C] -- C:\Users\Victor\Favorites [2012/07/27 11:55:46 | 000,000,000 | R--D | C] -- C:\Users\Victor\Downloads [2012/07/27 11:55:46 | 000,000,000 | R--D | C] -- C:\Users\Victor\Documents [2012/07/27 11:55:46 | 000,000,000 | R--D | C] -- C:\Users\Victor\Desktop [2012/07/27 11:55:46 | 000,000,000 | R--D | C] -- C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012/07/27 11:55:46 | 000,000,000 | -H-D | C] -- C:\Users\Victor\AppData [2012/07/27 11:55:46 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\Temp [2012/07/27 11:55:46 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\Microsoft [2012/07/27 11:55:46 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Media Center Programs [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/22 20:11:24 | 000,735,882 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/08/22 20:11:24 | 000,630,420 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/08/22 20:11:24 | 000,109,466 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/08/22 20:11:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Victor\Desktop\OTL.exe [2012/08/22 20:08:40 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/22 20:08:17 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/08/22 14:40:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/21 18:44:17 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\rmoc3260.dll [2012/08/21 18:44:07 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5016.dll [2012/08/21 18:44:07 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5032.dll [2012/08/21 18:44:06 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll [2012/08/20 14:40:23 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012/08/20 14:40:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012/08/20 11:16:38 | 009,826,504 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Victor\Desktop\install_flash_player.exe [2012/08/20 11:15:20 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/20 11:15:20 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/20 11:07:24 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys [2012/08/20 11:06:15 | 000,002,154 | ---- | M] () -- C:\windows\epplauncher.mif [2012/08/20 11:06:01 | 000,749,728 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012/08/20 10:01:24 | 012,621,696 | ---- | M] (Microsoft Corporation) -- C:\Users\Victor\Desktop\mseinstall.exe [2012/08/18 12:38:39 | 000,999,840 | ---- | M] (Solid State Networks) -- C:\Users\Victor\Desktop\install_flashplayer11x32_mssd_aih.exe.part [2012/08/18 11:47:25 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2012/08/18 11:16:19 | 004,733,838 | R--- | M] (Swearware) -- C:\Users\Victor\Desktop\ComboFix.exe [2012/08/18 09:39:13 | 000,000,971 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZMatrix.lnk [2012/08/17 11:12:08 | 000,364,448 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/08/16 22:19:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Victor\Desktop\dds.scr [2012/08/16 22:14:39 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\Victor\Desktop\FSS.exe [2012/08/16 22:14:24 | 000,881,521 | ---- | M] () -- C:\Users\Victor\Desktop\SecurityCheck.exe [2012/08/12 21:15:13 | 000,139,264 | ---- | M] () -- C:\Users\Victor\Desktop\SystemLook.exe [2012/08/12 11:13:20 | 000,000,040 | RH-- | M] () -- C:\Users\Victor\Desktop\stinger.opt [2012/08/12 11:06:54 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\windows\stinger.sys [2012/08/12 11:04:24 | 009,781,352 | ---- | M] (McAfee Inc.) -- C:\Users\Victor\Desktop\stinger.exe [2012/08/12 09:24:06 | 000,000,512 | ---- | M] () -- C:\Users\Victor\Desktop\MBR.dat [2012/08/12 09:21:38 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Victor\Desktop\tdsskiller.exe [2012/08/12 09:21:34 | 001,558,528 | ---- | M] () -- C:\Users\Victor\Desktop\RogueKiller.exe [2012/08/12 09:21:07 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Victor\Desktop\aswMBR.exe [2012/08/12 09:15:25 | 000,000,935 | ---- | M] () -- C:\Users\Victor\Desktop\NTREGOPT.lnk [2012/08/12 09:15:25 | 000,000,916 | ---- | M] () -- C:\Users\Victor\Desktop\ERUNT.lnk [2012/08/12 09:10:11 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Victor\Desktop\erunt-setup.exe [2012/08/06 18:51:10 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012/07/31 00:51:20 | 000,000,376 | ---- | M] () -- C:\windows\ODBC.INI [2012/07/29 08:29:45 | 000,000,198 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\burnaware.ini [2012/07/28 00:51:38 | 000,000,074 | ---- | M] () -- C:\windows\ZMatrixSS.ini [2012/07/27 20:25:05 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe [2012/07/27 20:25:05 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2012/07/27 20:25:05 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2012/07/27 20:16:39 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys [2012/07/27 17:24:36 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2012/07/27 17:18:39 | 000,015,794 | ---- | M] () -- C:\windows\SysNative\results.xml [2012/07/27 14:54:50 | 000,039,252 | ---- | M] () -- C:\windows\SysWow64\license.rtf [2012/07/27 14:54:50 | 000,039,252 | ---- | M] () -- C:\windows\SysNative\license.rtf [2012/07/27 13:05:22 | 000,001,448 | ---- | M] () -- C:\Users\Victor\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/07/27 12:31:07 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll [2012/07/27 12:31:07 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieakeng.dll [2012/07/27 12:31:07 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll [2012/07/27 12:31:07 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll [2012/07/27 12:31:07 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll [2012/07/27 12:31:07 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe [2012/07/27 12:31:07 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe [2012/07/27 12:31:07 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll [2012/07/27 12:31:07 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe [2012/07/27 12:31:06 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat [2012/07/27 12:31:06 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll [2012/07/27 12:31:06 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec [2012/07/27 12:31:06 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieaksie.dll [2012/07/27 12:31:06 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieakui.dll [2012/07/27 12:31:06 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe [2012/07/27 12:31:06 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe [2012/07/27 12:31:06 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll [2012/07/27 12:31:06 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\admparse.dll [2012/07/27 12:31:06 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll [2012/07/27 12:31:06 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2012/07/27 12:31:06 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ie4uinit.exe [2012/07/27 12:31:06 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf [2012/07/27 12:31:06 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll [2012/07/27 12:31:06 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx [2012/07/27 12:31:06 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll [2012/07/27 12:31:06 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2012/07/27 12:31:06 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll [2012/07/27 12:31:05 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll [2012/07/27 12:31:05 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll [2012/07/27 12:31:05 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe [2012/07/27 12:31:04 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat [2012/07/27 12:31:04 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll [2012/07/27 12:31:04 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll [2012/07/27 12:31:04 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec [2012/07/27 12:31:04 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll [2012/07/27 12:31:04 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieaksie.dll [2012/07/27 12:31:04 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieakui.dll [2012/07/27 12:31:04 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieakeng.dll [2012/07/27 12:31:04 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll [2012/07/27 12:31:04 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll [2012/07/27 12:31:04 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll [2012/07/27 12:31:04 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\admparse.dll [2012/07/27 12:31:04 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll [2012/07/27 12:31:04 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll [2012/07/27 12:31:04 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe [2012/07/27 12:31:04 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2012/07/27 12:31:04 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2012/07/27 12:31:04 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll [2012/07/27 12:31:04 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx [2012/07/27 12:31:04 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf [2012/07/27 12:31:04 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll [2012/07/27 12:31:04 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll [2012/07/27 12:31:04 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll [2012/07/27 12:31:04 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2012/07/27 12:31:04 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll [2012/07/27 12:31:04 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe [2012/07/27 12:31:04 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe [2012/07/27 12:31:03 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2012/07/27 12:31:03 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2012/07/27 12:31:03 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe [2012/07/27 12:31:03 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe [2012/07/27 11:57:20 | 000,000,013 | RHS- | M] () -- C:\windows\SysNative\drivers\fbd.sys [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/20 11:06:15 | 000,002,154 | ---- | C] () -- C:\windows\epplauncher.mif [2012/08/20 11:06:07 | 000,001,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012/08/20 11:06:01 | 000,749,728 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012/08/18 12:15:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012/08/18 11:35:40 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012/08/18 11:35:40 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012/08/18 11:35:40 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012/08/18 11:35:40 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012/08/18 11:35:40 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012/08/18 09:39:13 | 000,000,971 | ---- | C] () -- C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZMatrix.lnk [2012/08/16 22:14:17 | 000,881,521 | ---- | C] () -- C:\Users\Victor\Desktop\SecurityCheck.exe [2012/08/12 21:15:13 | 000,139,264 | ---- | C] () -- C:\Users\Victor\Desktop\SystemLook.exe [2012/08/12 11:13:20 | 000,000,040 | RH-- | C] () -- C:\Users\Victor\Desktop\stinger.opt [2012/08/12 09:24:06 | 000,000,512 | ---- | C] () -- C:\Users\Victor\Desktop\MBR.dat [2012/08/12 09:21:30 | 001,558,528 | ---- | C] () -- C:\Users\Victor\Desktop\RogueKiller.exe [2012/08/12 09:15:25 | 000,000,935 | ---- | C] () -- C:\Users\Victor\Desktop\NTREGOPT.lnk [2012/08/12 09:15:25 | 000,000,916 | ---- | C] () -- C:\Users\Victor\Desktop\ERUNT.lnk [2012/08/06 18:51:10 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012/08/01 09:31:22 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012/07/29 07:55:47 | 000,000,198 | ---- | C] () -- C:\Users\Victor\AppData\Roaming\burnaware.ini [2012/07/28 00:51:38 | 000,000,074 | ---- | C] () -- C:\windows\ZMatrixSS.ini [2012/07/27 21:21:28 | 001,870,831 | ---- | C] () -- C:\Users\Victor\Documents\picture-574.jpg [2012/07/27 21:21:28 | 000,843,740 | ---- | C] () -- C:\Users\Victor\Documents\my_name_is_earl_joy_wedding.pdf [2012/07/27 21:21:28 | 000,078,971 | ---- | C] () -- C:\Users\Victor\Documents\profile (4).JPG [2012/07/27 21:21:28 | 000,042,730 | ---- | C] () -- C:\Users\Victor\Documents\profile (3).jpg [2012/07/27 21:21:28 | 000,019,247 | ---- | C] () -- C:\Users\Victor\Documents\profile (2).jpg [2012/07/27 21:21:27 | 002,122,528 | ---- | C] () -- C:\Users\Victor\Documents\Lamb - Christopher Moore.pdf [2012/07/27 21:21:27 | 001,142,848 | ---- | C] () -- C:\Users\Victor\Documents\Lamb - Christopher Moore.rtf [2012/07/27 21:21:27 | 000,555,958 | ---- | C] () -- C:\Users\Victor\Documents\greatdebate.pdf [2012/07/27 21:21:26 | 003,811,472 | ---- | C] () -- C:\Users\Victor\Documents\A Beautiful Mind.pdf [2012/07/27 21:21:26 | 003,616,058 | ---- | C] () -- C:\Users\Victor\Documents\Dreadfully Ever After - Steve Hockensmith.pdf [2012/07/27 21:21:26 | 003,030,473 | ---- | C] () -- C:\Users\Victor\Documents\Dawn of the Dreadfuls - Steve Hockensmith.pdf [2012/07/27 21:17:20 | 001,141,615 | ---- | C] () -- C:\Users\Victor\Documents\Zombieland.pdf [2012/07/27 21:17:20 | 001,035,761 | ---- | C] () -- C:\Users\Victor\Documents\semipro.pdf [2012/07/27 21:17:20 | 000,283,531 | ---- | C] () -- C:\Users\Victor\Documents\The_Hangover.pdf [2012/07/27 21:17:20 | 000,000,209 | ---- | C] () -- C:\Users\Victor\Documents\ui_redirect.pl [2012/07/27 20:15:14 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI [2012/07/27 19:52:56 | 000,001,153 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/07/27 17:24:36 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2012/07/27 17:18:39 | 000,015,794 | ---- | C] () -- C:\windows\SysNative\results.xml [2012/07/27 17:11:11 | 3062,255,616 | -HS- | C] () -- C:\hiberfil.sys [2012/07/27 14:41:50 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NortonPCCheckupx64\0200050.03C\isolate.ini [2012/07/27 14:41:19 | 000,001,726 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com - Shopping.lnk [2012/07/27 13:05:22 | 000,001,420 | ---- | C] () -- C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012/07/27 13:05:18 | 000,001,448 | ---- | C] () -- C:\Users\Victor\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/07/27 12:31:06 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf [2012/07/27 12:31:04 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf [2012/07/27 11:58:00 | 000,001,454 | ---- | C] () -- C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012/07/27 11:57:20 | 000,000,013 | RHS- | C] () -- C:\windows\SysNative\drivers\fbd.sys [2012/07/27 11:55:47 | 000,000,290 | ---- | C] () -- C:\Users\Victor\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2012/07/27 11:55:47 | 000,000,272 | ---- | C] () -- C:\Users\Victor\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %ALLUSERSPROFILE%\Application Data\*.dll /s > < %APPDATA%\*. > [2012/07/28 00:51:42 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\.ZMatrix [2012/07/28 17:24:17 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Adobe [2012/07/28 19:53:46 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\AnvSoft [2012/07/28 21:47:08 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Blackboard [2012/07/28 17:44:58 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Collaborate [2012/07/28 17:37:39 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Google [2012/07/27 11:57:48 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Identities [2012/07/27 18:23:27 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Macromedia [2012/07/27 20:10:32 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Malwarebytes [2009/07/14 03:44:38 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Media Center Programs [2012/08/12 09:02:01 | 000,000,000 | --SD | M] -- C:\Users\Victor\AppData\Roaming\Microsoft [2012/07/27 19:53:20 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Mozilla [2012/08/01 09:31:29 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Opera [2012/07/27 20:07:51 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Real [2012/08/18 10:50:00 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Skype [2012/08/04 16:44:39 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Tific [2012/07/27 12:02:24 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Toshiba [2012/08/17 14:02:52 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\vlc [2012/07/27 11:56:41 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\WinBatch [2012/07/27 20:09:30 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Victor\AppData\Roaming\Google\Google Talk\googletalk.exe [2012/07/28 17:37:39 | 000,079,367 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\Google\Google Talk\uninstall.exe [2012/08/21 18:36:12 | 000,653,464 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Victor\AppData\Roaming\Real\RealPlayer\setup\AU_setup32.exe < %SYSTEMDRIVE%\*.exe > < c:|Fun4IM;true;true;true; /FP > < c:|Bandoo;true;true;true; /FP > < c:|Searchn;true;true;true; /FP > < c:|Searchq;true;true;true; /FP > < c:|datamngr;true;true;true; /FP > < c:|iLivid;true;true;true; /FP > < c:|whitesmoke;true;true;true; /FP > < c:|services;true;true;true; /FP > [2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- c:\Program Files\Common Files\Services [2012/08/18 12:15:57 | 000,000,000 | ---D | M] -- c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services [2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- c:\Program Files (x86)\Common Files\Services [2012/07/27 20:14:00 | 000,000,000 | ---D | M] -- c:\Program Files (x86)\Microsoft Office\OFFICE11\1033\DataServices [2012/07/28 02:41:34 | 000,000,000 | ---D | M] -- c:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery [2012/08/12 09:02:40 | 000,000,000 | ---D | M] -- c:\Users\Victor\AppData\Local\TOSHIBA_Corporation\ToshibaServiceStation.exe_Url_lidkhntuzcqftx1osnwucx1afj3bgluo [2012/08/21 22:06:01 | 000,000,000 | ---D | M] -- c:\Users\Victor\AppData\Local\TOSHIBA_Corporation\ToshibaServiceStation.exe_Url_lidkhntuzcqftx1osnwucx1afj3bgluo\2.1.3565.26576 [2012/07/27 13:09:04 | 000,000,000 | ---D | M] -- c:\Users\Victor\AppData\LocalLow\Microsoft\Internet Explorer\Services [2012/08/20 09:59:10 | 000,000,000 | ---D | M] -- c:\Users\Victor\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7NFSHAC2\media.mtvnservices.com [2012/08/01 09:38:24 | 000,000,000 | ---D | M] -- c:\Users\Victor\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7NFSHAC2\media.mtvnservices.com\player [2012/08/01 09:38:24 | 000,000,000 | ---D | M] -- c:\Users\Victor\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.mtvnservices.com [2012/08/12 09:02:43 | 000,000,000 | ---D | M] -- c:\Users\Work\AppData\Local\TOSHIBA_Corporation\ToshibaServiceStation.exe_Url_lidkhntuzcqftx1osnwucx1afj3bgluo [2012/08/22 07:35:05 | 000,000,000 | ---D | M] -- c:\Users\Work\AppData\Local\TOSHIBA_Corporation\ToshibaServiceStation.exe_Url_lidkhntuzcqftx1osnwucx1afj3bgluo\2.1.3565.26576 [2009/07/13 23:20:09 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_32\System.EnterpriseServices [2009/07/13 23:20:09 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a [2009/07/13 23:20:09 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_64\System.EnterpriseServices [2009/07/13 23:20:09 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a [2009/07/14 01:32:41 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.Data.Services [2009/07/14 01:32:41 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089 [2009/07/14 01:32:41 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.Data.Services.Client [2009/07/14 01:32:41 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089 [2009/07/14 01:32:41 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.Data.Services.Design [2009/07/14 01:32:41 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089 [2009/07/13 23:20:09 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.DirectoryServices [2009/07/13 23:20:09 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a [2009/07/14 01:32:41 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement [2009/07/14 01:32:41 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089 [2009/07/13 23:20:09 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols [2009/07/13 23:20:09 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a [2009/07/13 23:20:09 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.Web.Services [2009/07/13 23:20:09 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a [2009/07/14 01:32:41 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.WorkflowServices [2009/07/14 01:32:41 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35 [2012/07/29 10:58:08 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services [2012/07/29 10:58:08 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\30664d5f93b99eb6e51900ec8137909d [2012/07/29 10:55:07 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services [2012/07/29 10:55:07 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\675c8bd801698993255d100c3b350d4b [2012/07/29 11:42:20 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services [2012/07/29 11:42:20 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\027818d739a4d16c6c6a6d3a3f97d5ed [2012/07/29 11:35:35 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services [2012/07/29 11:35:35 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\35b994e63fbc2836f32326e9f5862a1b [2012/07/29 11:01:13 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services [2012/07/29 11:01:13 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b37cc0aa41e7feaba9f290da4da91d71 [2012/07/29 11:49:41 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services [2012/07/29 11:49:41 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\bc6df78c506c89659ab7be738179b2ba [2012/07/29 01:01:02 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices [2012/07/29 01:01:02 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a [2012/07/29 01:01:12 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices [2012/07/29 01:01:12 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a [2012/07/29 01:01:14 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client [2012/07/29 01:01:14 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089 [2012/07/29 01:01:13 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices [2012/07/29 01:01:13 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a [2012/07/29 01:01:13 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement [2012/07/29 01:01:13 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089 [2012/07/29 01:01:13 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols [2012/07/29 01:01:13 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a [2012/07/29 01:01:15 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices [2012/07/29 01:01:15 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35 [2012/07/29 01:01:17 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services [2012/07/29 01:01:17 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a [2012/07/27 15:03:00 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-d..services-sam-netapi_31bf3856ad364e35_6.1.7601.17514_none_e4e845f8dcca9f23 [2012/07/27 15:03:00 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.1.7601.17514_none_10145eccb79418a5 [2012/07/27 15:03:00 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7601.17514_none_1b8f8373383de46a [2012/07/27 15:03:06 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-t..alservices-lsmproxy_31bf3856ad364e35_6.1.7601.17514_none_69b23aa9e1fce5a2 [2012/07/27 15:03:06 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-t..andinkinputservices_31bf3856ad364e35_6.1.7601.17514_none_7ad330432fb24d63 [2012/07/27 15:03:06 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-t..lservices-workspace_31bf3856ad364e35_6.1.7601.17514_none_2f1505d970be5493 [2012/07/27 15:03:06 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7601.17514_none_ac02530437b71a3f [2012/07/27 15:03:06 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-t..nalservices-drivers_31bf3856ad364e35_6.1.7601.17514_none_af761db50d19d44f [2012/07/27 15:03:06 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.1.7601.17514_none_3b05f4d3e2a0703c [2012/07/27 15:03:06 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-t..services-remotepage_31bf3856ad364e35_6.1.7601.17514_none_631c9722c4191077 [2012/07/27 15:03:07 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-terminalservices-rdpdr_31bf3856ad364e35_6.1.7601.17514_none_5f60151d5fa6ce24 [2012/07/27 15:03:09 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.1.7601.17514_none_90ba4080c9f2e648 [2012/07/27 15:03:09 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-webservices_31bf3856ad364e35_6.1.7601.17514_none_6ca25da84551ca13 [2012/07/27 15:03:09 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_netfx35cdf-system.workflowservices_31bf3856ad364e35_6.1.7601.17514_none_c60c71ccff3a107f [2012/07/27 15:03:09 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_netfx35linq-system.data.services.client_31bf3856ad364e35_6.1.7601.17514_none_2c400be857e72e9c [2012/07/27 15:03:09 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_netfx35linq-system.data.services.design_31bf3856ad364e35_6.1.7601.17514_none_57f64808c4ad1ed1 [2012/07/27 15:03:09 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_netfx35linq-system.data.services_31bf3856ad364e35_6.1.7601.17514_none_4d80338bda6aae67 [2012/07/27 15:03:09 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_netfx-system.directoryservices_b03f5f7f11d50a3a_6.1.7601.17514_none_16b6c895a094210d [2012/07/27 15:03:09 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_netfx-system.web.services_b03f5f7f11d50a3a_6.1.7601.17514_none_f88c2ed4e4f8c858 [2012/07/27 15:03:10 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_system.enterpriseservices_b03f5f7f11d50a3a_6.1.7601.17514_none_6255c435563eb9c7 [2012/07/27 15:03:21 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_system.data.services.client_b77a5c561934e089_6.1.7601.17514_none_f18a3b06e9085403 [2012/07/27 15:03:21 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_system.data.services.design_b77a5c561934e089_6.1.7601.17514_none_1d40772755ce4438 [2012/07/27 15:03:21 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_system.data.services_b77a5c561934e089_6.1.7601.17514_none_ffdee3edd2f6841c [2012/07/27 15:03:21 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_system.directoryservices_b03f5f7f11d50a3a_6.1.7601.17514_none_2afaa0f3ee15f952 [2012/07/27 15:03:21 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_system.web.services_b03f5f7f11d50a3a_6.1.7601.17514_none_c721f9706ebc717d [2012/07/27 15:03:21 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\msil_system.workflowservices_31bf3856ad364e35_6.1.7601.17514_none_e5f6ab8026e23e63 [2012/07/27 15:03:24 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-t..lservices-workspace_31bf3856ad364e35_6.1.7601.17514_none_3969b02ba51f168e [2012/07/27 15:03:24 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7601.17514_none_b656fd566c17dc3a [2012/07/27 15:03:25 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_microsoft-windows-d..services-sam-netapi_31bf3856ad364e35_6.1.7601.17514_none_88c9aa75246d2ded [2012/07/27 15:03:27 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_microsoft-windows-t..alservices-lsmproxy_31bf3856ad364e35_6.1.7601.17514_none_0d939f26299f746c [2012/07/27 15:03:27 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.1.7601.17514_none_dee759502a42ff06 [2012/07/27 15:03:27 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_microsoft-windows-t..nalservices-utildll_31bf3856ad364e35_6.1.7601.17514_none_138553d0ef80e052 [2012/07/27 15:03:27 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.1.7601.17514_none_c938554924975526 [2012/07/27 15:03:27 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_microsoft-windows-t..services-remotepage_31bf3856ad364e35_6.1.7601.17514_none_06fdfb9f0bbb9f41 [2012/07/27 15:03:27 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_microsoft-windows-webservices_31bf3856ad364e35_6.1.7601.17514_none_1083c2248cf458dd [2012/07/27 15:03:27 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_netfx35cdf-system.workflowservices_31bf3856ad364e35_6.1.7601.17514_none_69edd64946dc9f49 [2012/07/27 15:03:27 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_netfx35linq-system.data.services.client_31bf3856ad364e35_6.1.7601.17514_none_d02170649f89bd66 [2012/07/27 15:03:27 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_netfx35linq-system.data.services.design_31bf3856ad364e35_6.1.7601.17514_none_fbd7ac850c4fad9b [2012/07/27 15:03:27 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_netfx35linq-system.data.services_31bf3856ad364e35_6.1.7601.17514_none_f1619808220d3d31 [2012/07/27 15:03:28 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.1.7601.17514_none_aa02fb0c6abae2cd [2009/07/14 01:32:40 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-ActiveDirectory-WebServices-DL [2009/07/14 01:32:40 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-DirectoryServices-ADAM-DL [2009/07/14 01:32:40 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL [2009/07/14 01:32:40 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-activedirectory-webservices [2009/07/14 01:32:40 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-AppServer-Licensing [2009/07/14 01:32:40 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-LicenseServer [2009/07/13 23:20:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-commonlogservicesapi_31bf3856ad364e35_6.1.7600.16385_none_caaa1808998835c4 [2009/07/13 23:20:31 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.1.7600.16385_none_2ad2380d0ae7577e [2009/07/13 23:20:31 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-d..services-sam-netapi_31bf3856ad364e35_6.1.7600.16385_none_e2b73230dfdc1b89 [2009/07/13 23:20:31 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-d..t-services-unattend_31bf3856ad364e35_6.1.7600.16385_none_25104b6dbe690465 [2009/07/13 23:20:32 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.1.7600.16385_none_0de34b04baa5950b [2012/07/27 14:04:17 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.1.7601.17514_none_10145eccb79418a5 [2009/07/14 01:30:09 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7600.16385_none_195e6fab3b4f60d0 [2010/10/14 23:32:57 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7600.16590_none_194ea2193b5bf85c [2012/07/27 12:42:52 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7600.16648_none_198cb5eb3b2c3486 [2010/10/14 23:32:57 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7600.20710_none_1a2ec02a5438b5c5 [2012/07/27 12:42:52 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7600.20771_none_19eee0ec546876c2 [2012/07/27 14:04:54 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7601.17514_none_1b8f8373383de46a [2009/07/14 01:30:09 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-ehome-services-ehsched_31bf3856ad364e35_6.1.7600.16385_none_0167f08155bf1c81 [2009/07/14 01:30:19 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-live-services_31bf3856ad364e35_6.1.7600.16385_none_31a075c6a5802364 [2009/07/13 23:20:38 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a [2009/07/13 23:20:38 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c [2009/07/13 23:20:38 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-t..alservices-lsmproxy_31bf3856ad364e35_6.1.7600.16385_none_678126e1e50e6208 [2009/07/13 23:20:38 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-t..alservices-webproxy_31bf3856ad364e35_6.1.7600.16385_none_8d6c9c807200865a [2009/07/14 01:30:09 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-t..andinkinputservices_31bf3856ad364e35_6.1.7600.16385_none_78a21c7b32c3c9c9 [2009/07/13 23:20:38 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-t..inalservices-drprov_31bf3856ad364e35_6.1.7600.16385_none_29cdb92232f3fab5 [2009/07/13 23:20:39 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-t..lservices-workspace_31bf3856ad364e35_6.1.7600.16385_none_2ce3f21173cfd0f9 [2012/07/27 14:02:49 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-t..lservices-workspace_31bf3856ad364e35_6.1.7601.17514_none_2f1505d970be5493 [2009/07/13 23:20:39 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7600.16385_none_a9d13f3c3ac896a5 [2012/07/27 12:24:50 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7600.16722_none_aa0f257e3a9a9796 [2012/07/27 12:24:50 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7600.20861_none_aa6c824f53d98dcd [2012/07/27 14:02:46 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7601.17514_none_ac02530437b71a3f [2009/07/13 23:20:39 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-t..nalservices-drivers_31bf3856ad364e35_6.1.7600.16385_none_ad4509ed102b50b5 [2012/07/27 14:03:12 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-t..nalservices-drivers_31bf3856ad364e35_6.1.7601.17514_none_af761db50d19d44f [2009/07/13 23:20:39 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.1.7600.16385_none_38d4e10be5b1eca2 [2009/07/13 23:20:39 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-t..nalservices-sysprep_31bf3856ad364e35_6.1.7600.16385_none_8d8e87f861f2a220 [2009/07/13 23:20:39 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-t..nalservices-utildll_31bf3856ad364e35_6.1.7600.16385_none_6d72db8caaefcdee [2009/07/13 23:20:39 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.1.7600.16385_none_2325dd04e00642c2 [2009/07/13 23:20:39 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-t..services-remotepage_31bf3856ad364e35_6.1.7600.16385_none_60eb835ac72a8cdd [2009/07/14 01:37:20 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-t..tservices.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6d56e46461ee1b1a [2009/07/14 01:30:28 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-terminalservices-rdpdr_31bf3856ad364e35_6.1.7600.16385_none_5d2f015562b84a8a [2009/07/13 23:20:39 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-terminalservices-theme_31bf3856ad364e35_6.1.7600.16385_none_31db018394805d6b [2009/07/14 01:37:17 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-w..eservices.resources_31bf3856ad364e35_6.1.7600.16385_en-us_354c8605d3d714f3 [2009/07/14 01:30:15 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.1.7600.16385_none_8e892cb8cd0462ae [2012/07/27 14:05:48 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.1.7601.17514_none_90ba4080c9f2e648 [2009/07/14 01:37:02 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-webservices.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6aac11498ff0f4ac [2009/07/13 23:20:40 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-webservices_31bf3856ad364e35_6.1.7600.16385_none_6a7149e048634679 [2009/07/14 01:30:23 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_netfx35cdf-system.workflowservices_31bf3856ad364e35_6.1.7600.16385_none_c3db5e05024b8ce5 [2009/07/14 01:30:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_netfx35linq-system.data.services.client_31bf3856ad364e35_6.1.7600.16385_none_2a0ef8205af8ab02 [2009/07/14 01:30:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_netfx35linq-system.data.services.design_31bf3856ad364e35_6.1.7600.16385_none_55c53440c7be9b37 [2009/07/14 01:30:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_netfx35linq-system.data.services_31bf3856ad364e35_6.1.7600.16385_none_4b4f1fc3dd7c2acd [2009/07/13 23:20:41 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.1.7600.16385_none_a8a4035909e14dff [2009/07/13 23:20:41 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_netfx-system.directoryservices.protocols_b03f5f7f11d50a3a_6.1.7600.16385_none_f65534c04a41b956 [2009/07/13 23:20:42 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_netfx-system.directoryservices_b03f5f7f11d50a3a_6.1.7600.16385_none_16e1bb11a03cda57 [2009/07/13 23:20:42 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_netfx-system.web.services_b03f5f7f11d50a3a_6.1.7600.16385_none_f8b72150e4a181a2 [2009/07/13 23:20:42 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_system.enterpriseservices_b03f5f7f11d50a3a_6.1.7600.16385_none_6280b6b155e77311 [2009/07/14 01:30:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.data.services.client_b77a5c561934e089_6.1.7600.16385_none_ef59273eec19d069 [2009/07/14 01:30:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.data.services.design_b77a5c561934e089_6.1.7600.16385_none_1b0f635f58dfc09e [2009/07/14 01:30:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.data.services_b77a5c561934e089_6.1.7600.16385_none_fdadd025d6080082 [2009/07/13 23:21:04 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.1.7600.16385_none_83a19ecc10aa89e7 [2009/07/13 23:21:04 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.directoryservices_b03f5f7f11d50a3a_6.1.7600.16385_none_2b25936fedbeb29c [2009/07/13 23:21:04 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.web.services_b03f5f7f11d50a3a_6.1.7600.16385_none_c74cebec6e652ac7 [2009/07/14 01:30:23 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.workflowservices_31bf3856ad364e35_6.1.7600.16385_none_e3c597b829f3bac9 [2009/07/13 23:21:04 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\wow64_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.1.7600.16385_none_1837f556ef065706 [2009/07/14 01:30:28 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\wow64_microsoft-windows-t..andinkinputservices_31bf3856ad364e35_6.1.7600.16385_none_82f6c6cd67248bc4 [2009/07/13 23:21:06 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\wow64_microsoft-windows-t..lservices-workspace_31bf3856ad364e35_6.1.7600.16385_none_37389c63a83092f4 [2009/07/13 23:21:06 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\wow64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7600.16385_none_b425e98e6f2958a0 [2012/07/27 12:24:50 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\wow64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7600.16722_none_b463cfd06efb5991 [2012/07/27 12:24:50 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\wow64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7600.20861_none_b4c12ca1883a4fc8 [2012/07/27 14:02:24 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\wow64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7601.17514_none_b656fd566c17dc3a [2009/07/14 01:37:20 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\wow64_microsoft-windows-t..tservices.resources_31bf3856ad364e35_6.1.7600.16385_en-us_77ab8eb6964edd15 [2009/07/14 01:30:32 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\wow64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.1.7600.16385_none_98ddd70b016524a9 [2009/07/13 23:21:06 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-commonlogservicesapi_31bf3856ad364e35_6.1.7600.16385_none_6e8b7c84e12ac48e [2009/07/13 23:21:06 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.1.7600.16385_none_ceb39c895289e648 [2009/07/13 23:21:06 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-d..services-sam-netapi_31bf3856ad364e35_6.1.7600.16385_none_869896ad277eaa53 [2009/07/14 01:30:35 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-live-services_31bf3856ad364e35_6.1.7600.16385_none_d581da42ed22b22e [2009/07/13 23:21:09 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54 [2009/07/13 23:21:09 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356 [2009/07/13 23:21:09 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..alservices-lsmproxy_31bf3856ad364e35_6.1.7600.16385_none_0b628b5e2cb0f0d2 [2009/07/13 23:21:09 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..inalservices-drprov_31bf3856ad364e35_6.1.7600.16385_none_cdaf1d9e7a96897f [2009/07/13 23:21:09 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.1.7600.16385_none_dcb645882d547b6c [2009/07/13 23:21:09 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..nalservices-sysprep_31bf3856ad364e35_6.1.7600.16385_none_316fec74a99530ea [2009/07/13 23:21:09 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..nalservices-utildll_31bf3856ad364e35_6.1.7600.16385_none_11544008f2925cb8 [2009/07/13 23:21:09 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.1.7600.16385_none_c707418127a8d18c [2009/07/13 23:21:09 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..services-remotepage_31bf3856ad364e35_6.1.7600.16385_none_04cce7d70ecd1ba7 [2009/07/13 23:21:09 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-terminalservices-theme_31bf3856ad364e35_6.1.7600.16385_none_d5bc65ffdc22ec35 [2009/07/14 01:37:13 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-w..eservices.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d92dea821b79a3bd [2009/07/14 01:37:05 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-webservices.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0e8d75c5d7938376 [2009/07/13 23:21:09 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-webservices_31bf3856ad364e35_6.1.7600.16385_none_0e52ae5c9005d543 [2009/07/14 01:30:36 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_netfx35cdf-system.workflowservices_31bf3856ad364e35_6.1.7600.16385_none_67bcc28149ee1baf [2009/07/14 01:30:36 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_netfx35linq-system.data.services.client_31bf3856ad364e35_6.1.7600.16385_none_cdf05c9ca29b39cc [2009/07/14 01:30:36 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_netfx35linq-system.data.services.design_31bf3856ad364e35_6.1.7600.16385_none_f9a698bd0f612a01 [2009/07/14 01:30:36 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_netfx35linq-system.data.services_31bf3856ad364e35_6.1.7600.16385_none_ef308440251eb997 [2009/07/13 23:21:09 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.1.7600.16385_none_f0513a301e5d7705 [2009/07/13 23:21:09 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.1.7600.16385_none_aa2ded886a639c17 < c:|mydomain;true;true;true; /FP > < c:|afd;true;true;true; /FP > [2010/10/15 00:15:55 | 000,000,000 | ---D | M] -- c:\Program Files (x86)\InstallShield Installation Information\{C4FFA951-9678-4D51-84B4-AFD15D3C45AD} [2012/07/27 13:02:58 | 000,000,000 | ---D | M] -- c:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ccSvcHst.exe_9572b02b2c943c7b7b6dc1e72dafd7fe483ec_cab_0aadc467 [2012/07/27 13:02:58 | 000,000,000 | ---D | M] -- c:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_ccSvcHst.exe_9572b02b2c943c7b7b6dc1e72dafd7fe483ec_cab_0aadc467 [2012/08/18 15:47:50 | 000,000,000 | -HSD | M] -- c:\Users\Victor\AppData\Local\Temp\Temporary Internet Files\Content.IE5\4AFDF18N [2012/07/29 10:57:10 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\0329bf8cfafd687cee2b2d682d182ce9 [2012/07/29 10:57:27 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4bc345ee664ca736a30a7fafd8c5a16c [2012/07/29 11:37:44 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\611f809f625bafde88d989c624f5fd0f [2012/07/29 11:36:56 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\f37d2ca916cafdabe1c4f6f9c6b2c518 [2012/07/27 17:30:04 | 000,000,000 | ---D | M] -- c:\Windows\Downloaded Installations\{2FCF3AC6-AE7F-4D89-AFDE-DE1E2590677C} [2010/10/15 00:15:47 | 000,000,000 | ---D | M] -- c:\Windows\Installer\{C4FFA951-9678-4D51-84B4-AFD15D3C45AD} [2012/07/27 15:02:59 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-c..ent-indexing-common_31bf3856ad364e35_6.1.7601.17514_none_64da1339edafdc37 [2012/07/27 15:03:00 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900 [2012/07/27 15:03:03 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_8c235f42afcafdda [2012/07/27 15:03:03 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-isoburn_31bf3856ad364e35_6.1.7601.17514_none_4458ac8eafdacbdd [2012/07/27 15:03:05 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_6.1.7601.17514_none_4afdc98b09e3cfe8 [2012/07/27 15:03:09 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-w..ystemassessmenttool_31bf3856ad364e35_6.1.7601.17514_none_d9bafd47cdf9833b [2012/07/27 15:03:26 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_microsoft-windows-netutils_31bf3856ad364e35_6.1.7601.17514_none_3220778aa85afd05 [2012/07/27 15:03:26 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_microsoft-windows-networkexplorer_31bf3856ad364e35_6.1.7601.17514_none_4259cafda42274a4 [2012/07/27 15:03:26 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_microsoft-windows-p..g-printticket-win32_31bf3856ad364e35_6.1.7601.17514_none_1562129afd710f2c [2012/07/27 15:03:27 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.1.7601.17514_none_6eaa2afd36b1e303 [2012/07/27 15:03:27 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_netfx35linq-system.web.dynamicdata_31bf3856ad364e35_6.1.7601.17514_none_0ddf9afd5455510c [2009/07/14 01:31:53 | 000,000,000 | ---D | M] -- [2009/07/14 01:32:06 | 000,000,000 | ---D | M] -- [2009/07/14 01:31:33 | 000,000,000 | ---D | M] -- [2009/07/14 01:37:09 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_1394.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_beafdf583b909e3f [2009/07/14 01:29:50 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_mdmcrtix.inf_31bf3856ad364e35_6.1.7600.16385_none_8a345ba26a11afd0 [2009/07/14 01:37:17 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-alttab.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3e7f003afda10faa [2009/07/13 23:20:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_es-es_be8a1256afbafd72 [2009/07/13 23:20:31 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_6.1.7600.16385_none_c15ac71fc7aafddc [2009/07/14 01:37:01 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-cttunesvr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1faafdf66e11dfec [2009/07/14 01:37:20 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-ehome-ehmsas.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b85d0baafd3364de [2009/07/14 01:37:02 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-eventviewer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_809afd26837a22dc [2012/07/27 14:04:54 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900 [2009/07/14 01:37:21 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942 [2010/10/14 23:30:04 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16600_none_06198dbf73fafd2d [2009/07/14 01:37:17 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-help-netvsta.resources_31bf3856ad364e35_6.1.7600.16385_en-us_01783f8afd02ed89 [2009/07/13 23:20:33 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-homegroup-controlpanel_31bf3856ad364e35_6.1.7600.16385_none_1229b0afdb02e1a1 [2009/07/13 23:20:34 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00010408_31bf3856ad364e35_6.1.7600.16385_none_e9700c3d6e7afd1b [2012/07/27 12:34:47 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21995_none_7afd638b48d224c2 [2012/07/27 14:02:24 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_8c235f42afcafdda [2012/07/27 12:34:47 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17824_none_8c189508afd31140 [2009/07/14 01:37:24 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-ie-ielowutil.resources_31bf3856ad364e35_8.0.7600.16385_en-us_48bafdace8a39fec [2009/07/14 01:30:04 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-native-80211_31bf3856ad364e35_6.1.7600.16385_none_aafd9ab7a8a38ce7 [2012/07/27 14:03:58 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_6.1.7601.17514_none_4afdc98b09e3cfe8 [2009/07/13 23:20:37 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7600.16385_none_f7feafd2baa4f6b7 [2009/07/14 01:37:17 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-t..pulations.resources_31bf3856ad364e35_6.1.7600.16385_en-us_864a84afd1bdd008 [2009/07/14 01:30:04 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-telnet-server-tlntsvr_31bf3856ad364e35_6.1.7600.16385_none_1ab997fb0a83afdd [2012/07/27 14:04:17 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-w..ystemassessmenttool_31bf3856ad364e35_6.1.7601.17514_none_d9bafd47cdf9833b [2009/07/14 01:36:58 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276 [2009/07/13 23:20:40 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-winsock-legacy-afd_31bf3856ad364e35_6.1.7600.16385_none_477be503cda35f27 [2009/07/13 23:20:41 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-wwan-coinstaller_31bf3856ad364e35_6.1.7600.16385_none_f03daa5afd0277e3 [2009/07/13 23:20:41 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_netfx-cvtres_for_vc_and_vb_b03f5f7f11d50a3a_6.1.7600.16385_none_729a32afdbde935f [2009/07/14 01:29:49 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_ph3xibc6.inf_31bf3856ad364e35_6.1.7600.16385_none_9f0614a5fafd2f53 [2009/07/14 01:29:55 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_prnep00g.inf_31bf3856ad364e35_6.1.7600.16385_none_afdac3e7463477e2 [2009/07/14 01:29:55 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_prnep00g.inf_31bf3856ad364e35_6.1.7600.16385_none_afdac3e7463477e2\Amd64 [2009/07/14 01:30:24 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_wpf-presentationnative_31bf3856ad364e35_6.1.7600.16385_none_b2bafd8160314f8f [2012/07/27 12:33:02 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.1.7600.20658_none_773afd616e52e333 [2009/07/13 23:21:06 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\wow64_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.1.7600.16385_none_dd4b472f7afdc1a7 [2009/07/14 01:37:17 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\wow64_microsoft-windows-p..an-plugin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7561afd6ec26345d [2009/07/14 01:37:08 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-b..xthandler.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e1aaadd0fafd6f34 [2012/07/27 14:03:33 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_ru-ru_361eafdb1f34fd8e [2009/07/13 23:21:06 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-detectionandsharingapi_31bf3856ad364e35_6.1.7600.16385_none_39796cfe3f7f6afd [2009/07/13 23:21:06 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-eventviewer_31bf3856ad364e35_6.1.7600.16385_none_6dc176bafd6e281f [2009/07/13 23:21:06 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b18013afd5eb4684 [2009/07/13 23:21:06 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.1.7600.16385_none_ce0882b8c63afdf6 [2009/07/14 01:37:13 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-h..centercpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a6dce91c4afdb4aa [2009/07/13 23:21:06 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-i..onal-codepage-21025_31bf3856ad364e35_6.1.7600.16385_none_5228328547760afd [2012/07/27 12:23:44 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-i..timezones.resources_31bf3856ad364e35_6.1.7601.21855_et-ee_7f67459afd729012 [2009/07/14 01:30:35 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpshell_31bf3856ad364e35_6.1.7600.16385_none_0b9dafdba6a26625 [2012/07/27 14:03:13 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-networkexplorer_31bf3856ad364e35_6.1.7601.17514_none_4259cafda42274a4 [2009/07/13 23:21:09 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-printing-oleprn_31bf3856ad364e35_6.1.7600.16385_none_7afd327dc09634d7 [2009/07/14 01:37:02 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-s..mcomputer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5afd61c793b8bc13 [2009/07/14 01:37:05 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-s..-vbscript.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0fb240afd169f47b [2009/07/14 01:30:32 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-slc-component-sku-ocur_31bf3856ad364e35_6.1.7600.16385_none_1823f0a0cfafd61b [2012/07/27 14:06:02 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.1.7601.17514_none_6eaa2afd36b1e303 [2009/07/13 23:21:09 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-winsock-legacy-afd_31bf3856ad364e35_6.1.7600.16385_none_eb5d49801545edf1 < c:|tcpip;true;true;true; /FP > [2012/07/27 15:03:04 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.1.7601.17514_none_e4433b761c0c84cd [2012/07/27 15:03:07 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.1.7601.17514_none_bfab9b4ba5f934f9 [2012/07/27 15:03:07 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37 [2012/07/27 15:03:07 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.1.7601.17514_none_90ecf919657dacf4 [2012/07/27 15:03:07 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8 [2012/07/27 15:03:24 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ca00459dda59f6f4 [2012/07/27 15:03:27 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.1.7601.17514_none_34ce5d95ad203bbe [2009/07/13 23:20:34 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.1.7600.16385_none_e21227ae1f1e0133 [2009/07/14 01:37:02 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-t..tcpip-pro.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1254aa008171f7aa [2009/07/14 01:37:06 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_6.1.7600.16385_en-us_28376affe6d50544 [2009/07/13 23:20:39 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.1.7600.16385_none_bd7a8783a90ab15f [2012/07/27 14:03:33 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.1.7601.17514_none_bfab9b4ba5f934f9 [2009/07/14 01:37:22 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-tcpip-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_32fce046277d287b [2009/07/14 01:30:12 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-tcpip-adm_31bf3856ad364e35_6.1.7600.16385_none_8efe707fa1acdc48 [2009/07/13 23:20:39 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d [2012/08/20 11:05:46 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65 [2010/10/14 23:27:01 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8 [2012/07/27 12:23:31 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde [2012/08/20 11:05:46 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463 [2010/10/14 23:27:01 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079 [2012/07/27 12:23:31 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7 [2012/07/27 14:03:58 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37 [2012/07/27 12:23:31 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d [2012/07/27 12:23:31 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a [2009/07/13 23:20:39 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-tcpip-mof_31bf3856ad364e35_6.1.7600.16385_none_93d2d57d9ea09496 [2009/07/13 23:20:39 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-tcpip-netip6-pro_31bf3856ad364e35_6.1.7600.16385_none_bc82dc0973ef3b46 [2009/07/13 23:20:39 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-tcpip-nettcpip-pro_31bf3856ad364e35_6.1.7600.16385_none_0451aba3e9d81445 [2009/07/13 23:20:39 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.1.7600.16385_none_8ebbe551688f295a [2012/07/27 14:04:35 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.1.7601.17514_none_90ecf919657dacf4 [2009/07/13 23:20:39 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e [2009/07/14 01:37:04 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-w..per-tcpip.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bf22f74eb8bda0f6 [2009/07/13 23:20:40 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_27a7f7694b388c01 [2009/07/14 01:37:21 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_server-help-chm.tcpip.resources_31bf3856ad364e35_6.1.7600.16385_en-us_818c87c5cd3b25b1 [2009/07/13 23:21:06 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\wow64_microsoft-windows-tcpip_31bf3856ad364e35_6.1.7600.16385_none_c7cf31d5dd6b735a [2012/07/27 14:02:48 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\wow64_microsoft-windows-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ca00459dda59f6f4 [2009/07/13 23:21:06 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\wow64_microsoft-windows-tcpip-mof_31bf3856ad364e35_6.1.7600.16385_none_9e277fcfd3015691 [2009/07/14 01:36:58 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-tcpip.resources_31bf3856ad364e35_6.1.7600.16385_en-us_cc18cf7c2e77940e [2009/07/13 23:21:09 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.1.7600.16385_none_329d49cdb031b824 [2012/07/27 14:03:57 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.1.7601.17514_none_34ce5d95ad203bbe [2009/07/14 01:36:57 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-w..per-tcpip.resources_31bf3856ad364e35_6.1.7600.16385_en-us_63045bcb00602fc0 [2009/07/13 23:21:09 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_cb895be592db1acb < c:|mpssvc;true;true;true; /FP > [2012/07/27 15:03:09 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_networking-mpssvc_31bf3856ad364e35_6.1.7601.17514_none_689f8c48cfca2cbb [2012/07/27 15:03:09 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_networking-mpssvc-admin.resources_31bf3856ad364e35_6.1.7601.17514_en-us_9f1620ebad6921e4 [2012/07/27 15:03:09 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_networking-mpssvc-admin_31bf3856ad364e35_6.1.7601.17514_none_03783362986e804b [2012/07/27 15:03:09 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_networking-mpssvc-svc.resources_31bf3856ad364e35_6.1.7601.17514_en-us_e58eb9a1a517b5e1 [2012/07/27 15:03:09 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7601.17514_none_f83a40e7de7c47da [2012/07/27 15:03:27 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_networking-mpssvc_31bf3856ad364e35_6.1.7601.17514_none_0c80f0c5176cbb85 [2012/07/27 15:03:27 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_6.1.7601.17514_en-us_42f78567f50bb0ae [2012/07/27 15:03:27 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_networking-mpssvc-admin_31bf3856ad364e35_6.1.7601.17514_none_a75997dee0110f15 [2012/07/27 15:03:27 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_networking-mpssvc-svc.resources_31bf3856ad364e35_6.1.7601.17514_en-us_89701e1decba44ab [2009/07/14 01:32:40 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\migwiz\dlmanifests\Networking-MPSSVC-Svc [2009/07/14 01:37:08 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_networking-mpssvc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_24b3cfe4ff928bea [2009/07/13 23:20:42 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_networking-mpssvc_31bf3856ad364e35_6.1.7600.16385_none_666e7880d2dba921 [2012/07/27 14:02:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_networking-mpssvc_31bf3856ad364e35_6.1.7601.17514_none_689f8c48cfca2cbb [2009/07/14 01:37:03 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_networking-mpssvc-admin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9ce50d23b07a9e4a [2012/07/27 14:04:35 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_networking-mpssvc-admin.resources_31bf3856ad364e35_6.1.7601.17514_en-us_9f1620ebad6921e4 [2009/07/13 23:20:42 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_networking-mpssvc-admin_31bf3856ad364e35_6.1.7600.16385_none_01471f9a9b7ffcb1 [2012/07/27 14:02:46 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_networking-mpssvc-admin_31bf3856ad364e35_6.1.7601.17514_none_03783362986e804b [2009/07/14 01:36:58 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_networking-mpssvc-netsh.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4285fd252bd260cf [2009/07/13 23:20:42 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_networking-mpssvc-netsh_31bf3856ad364e35_6.1.7600.16385_none_0ae586d2e060c6b8 [2009/07/14 01:37:03 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_networking-mpssvc-svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e35da5d9a8293247 [2012/07/27 14:04:35 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_networking-mpssvc-svc.resources_31bf3856ad364e35_6.1.7601.17514_en-us_e58eb9a1a517b5e1 [2009/07/13 23:20:42 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440 [2012/07/27 14:02:49 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7601.17514_none_f83a40e7de7c47da [2009/07/13 23:21:06 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\wow64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_005dd77215ee863b [2009/07/14 01:36:59 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_networking-mpssvc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c895346147351ab4 [2009/07/13 23:21:09 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_networking-mpssvc_31bf3856ad364e35_6.1.7600.16385_none_0a4fdcfd1a7e37eb [2012/07/27 14:04:35 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_networking-mpssvc_31bf3856ad364e35_6.1.7601.17514_none_0c80f0c5176cbb85 [2009/07/14 01:37:08 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_40c6719ff81d2d14 [2012/07/27 14:02:23 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_6.1.7601.17514_en-us_42f78567f50bb0ae [2009/07/13 23:21:09 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_networking-mpssvc-admin_31bf3856ad364e35_6.1.7600.16385_none_a5288416e3228b7b [2012/07/27 14:03:12 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_networking-mpssvc-admin_31bf3856ad364e35_6.1.7601.17514_none_a75997dee0110f15 [2009/07/14 01:37:01 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_networking-mpssvc-netsh.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e66761a17374ef99 [2009/07/13 23:21:09 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_networking-mpssvc-netsh_31bf3856ad364e35_6.1.7600.16385_none_aec6eb4f28035582 [2009/07/14 01:37:06 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_networking-mpssvc-svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_873f0a55efcbc111 [2012/07/27 14:05:04 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_networking-mpssvc-svc.resources_31bf3856ad364e35_6.1.7601.17514_en-us_89701e1decba44ab < c:|sdrsvc;true;true;true; /FP > < c:|cryptsvc;true;true;true; /FP > [2012/07/27 15:02:59 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a [2012/07/27 15:03:24 | 000,000,000 | ---D | M] -- c:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4 [2009/07/14 01:36:57 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00bbc5aa103d49e7 [2009/07/13 23:20:31 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490 [2012/07/27 12:25:29 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339 [2012/07/27 12:25:29 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3 [2012/07/27 12:25:29 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795 [2012/07/27 12:25:29 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2 [2009/07/14 01:37:00 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a49d2a2657dfd8b1 [2009/07/13 23:21:06 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a [2012/07/27 12:25:29 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203 [2012/07/27 12:25:29 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d [2012/07/27 12:25:29 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f [2012/07/27 12:25:29 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c < %USERPROFILE%\..|smtmp;true;true;true /FP > < %systemroot%\*. /mp /s > < End of report >
  3. [2012/07/27 17:35:37 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_3.dll [2012/07/27 17:35:37 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_3.dll [2012/07/27 17:35:36 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10.dll [2012/07/27 17:35:36 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10.dll [2012/07/27 17:35:36 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_6.dll [2012/07/27 17:35:36 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_5.dll [2012/07/27 17:35:36 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_6.dll [2012/07/27 17:35:36 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_5.dll [2012/07/27 17:35:35 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_31.dll [2012/07/27 17:35:35 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_31.dll [2012/07/27 17:35:35 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_4.dll [2012/07/27 17:35:35 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_3.dll [2012/07/27 17:35:35 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_2.dll [2012/07/27 17:35:35 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_1.dll [2012/07/27 17:35:35 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_4.dll [2012/07/27 17:35:35 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_3.dll [2012/07/27 17:35:35 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_2.dll [2012/07/27 17:35:35 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_1.dll [2012/07/27 17:35:35 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_2.dll [2012/07/27 17:35:35 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_1.dll [2012/07/27 17:35:35 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_2.dll [2012/07/27 17:35:35 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_1.dll [2012/07/27 17:35:35 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_1.dll [2012/07/27 17:35:35 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_1.dll [2012/07/27 17:35:33 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_30.dll [2012/07/27 17:35:33 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_29.dll [2012/07/27 17:35:33 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_30.dll [2012/07/27 17:35:33 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_29.dll [2012/07/27 17:35:33 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_0.dll [2012/07/27 17:35:33 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_0.dll [2012/07/27 17:35:33 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_0.dll [2012/07/27 17:35:33 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_0.dll [2012/07/27 17:35:32 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_25.dll [2012/07/27 17:35:32 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_28.dll [2012/07/27 17:35:32 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_27.dll [2012/07/27 17:35:32 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_26.dll [2012/07/27 17:35:32 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_25.dll [2012/07/27 17:35:32 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_28.dll [2012/07/27 17:35:32 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_27.dll [2012/07/27 17:35:32 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_26.dll [2012/07/27 17:35:31 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_24.dll [2012/07/27 17:35:31 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_24.dll [2012/07/27 17:31:04 | 000,035,008 | ---- | C] (TOSHIBA Corporation) -- C:\windows\SysNative\drivers\PGEffect.sys [2012/07/27 17:27:30 | 000,024,576 | ---- | C] (Toshiba) -- C:\windows\SysWow64\TSCI.dll [2012/07/27 17:27:30 | 000,024,576 | ---- | C] (Toshiba) -- C:\windows\SysWow64\THCI.dll [2012/07/27 17:26:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek WLAN Driver [2012/07/27 17:25:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2012/07/27 17:24:50 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Atheros_L1e [2012/07/27 17:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2012/07/27 17:24:18 | 008,038,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RTSUSTORicon.dll [2012/07/27 17:24:10 | 008,038,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysWow64\RtsUStoricon.dll [2012/07/27 17:24:10 | 000,422,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RtsUStor.dll [2012/07/27 17:24:10 | 000,239,136 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\drivers\RtsUStor.sys [2012/07/27 17:24:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2012/07/27 17:22:04 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT [2012/07/27 17:19:54 | 000,540,696 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\drivers\iaStor.sys [2012/07/27 17:17:00 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution [2012/07/27 17:16:43 | 000,000,000 | ---D | C] -- C:\Intel [2012/07/27 17:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2012/07/27 14:58:22 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys [2012/07/27 14:58:22 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys [2012/07/27 14:58:17 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\esent.dll [2012/07/27 14:58:17 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\esent.dll [2012/07/27 14:58:17 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys [2012/07/27 14:58:17 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdsata.sys [2012/07/27 14:58:17 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fsutil.exe [2012/07/27 14:58:17 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fsutil.exe [2012/07/27 14:58:17 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdxata.sys [2012/07/27 14:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetZero [2012/07/27 14:41:50 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NortonPCCheckupx64 [2012/07/27 14:41:50 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NortonPCCheckupx64\0200050.03C [2012/07/27 14:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Laptop Checkup [2012/07/27 14:41:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton PC Checkup [2012/07/27 14:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012/07/27 14:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2012/07/27 14:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2012/07/27 14:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Online Backup [2012/07/27 14:41:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toshiba Online Backup [2012/07/27 14:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/07/27 14:41:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOSHIBA Corporation [2012/07/27 14:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com [2012/07/27 13:19:44 | 000,000,000 | ---D | C] -- C:\bb09752b29c2c2eb4dcd8ecb [2012/07/27 13:11:53 | 000,000,000 | ---D | C] -- C:\a80f1e2482abe34001 [2012/07/27 13:09:42 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\WindowsUpdate [2012/07/27 13:08:54 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\Google [2012/07/27 13:01:55 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat [2012/07/27 13:01:55 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat [2012/07/27 12:32:22 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dfshim.dll [2012/07/27 12:32:22 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dfshim.dll [2012/07/27 12:32:22 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationHost.exe [2012/07/27 12:32:22 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationHost.exe [2012/07/27 12:32:22 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationHostProxy.dll [2012/07/27 12:32:22 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationHostProxy.dll [2012/07/27 12:32:22 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netfxperf.dll [2012/07/27 12:32:22 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netfxperf.dll [2012/07/27 12:31:07 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll [2012/07/27 12:31:07 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieakeng.dll [2012/07/27 12:31:07 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll [2012/07/27 12:31:07 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll [2012/07/27 12:31:07 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll [2012/07/27 12:31:07 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe [2012/07/27 12:31:07 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe [2012/07/27 12:31:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll [2012/07/27 12:31:07 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe [2012/07/27 12:31:06 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat [2012/07/27 12:31:06 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll [2012/07/27 12:31:06 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec [2012/07/27 12:31:06 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieaksie.dll [2012/07/27 12:31:06 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieakui.dll [2012/07/27 12:31:06 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe [2012/07/27 12:31:06 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe [2012/07/27 12:31:06 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll [2012/07/27 12:31:06 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\admparse.dll [2012/07/27 12:31:06 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll [2012/07/27 12:31:06 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2012/07/27 12:31:06 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ie4uinit.exe [2012/07/27 12:31:06 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll [2012/07/27 12:31:06 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx [2012/07/27 12:31:06 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll [2012/07/27 12:31:06 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2012/07/27 12:31:06 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll [2012/07/27 12:31:05 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll [2012/07/27 12:31:05 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll [2012/07/27 12:31:05 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe [2012/07/27 12:31:04 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat [2012/07/27 12:31:04 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll [2012/07/27 12:31:04 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll [2012/07/27 12:31:04 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec [2012/07/27 12:31:04 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll [2012/07/27 12:31:04 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieaksie.dll [2012/07/27 12:31:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieakui.dll [2012/07/27 12:31:04 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieakeng.dll [2012/07/27 12:31:04 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll [2012/07/27 12:31:04 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll [2012/07/27 12:31:04 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll [2012/07/27 12:31:04 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\admparse.dll [2012/07/27 12:31:04 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll [2012/07/27 12:31:04 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll [2012/07/27 12:31:04 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe [2012/07/27 12:31:04 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2012/07/27 12:31:04 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2012/07/27 12:31:04 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll [2012/07/27 12:31:04 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx [2012/07/27 12:31:04 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll [2012/07/27 12:31:04 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll [2012/07/27 12:31:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll [2012/07/27 12:31:04 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2012/07/27 12:31:04 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll [2012/07/27 12:31:04 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe [2012/07/27 12:31:04 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe [2012/07/27 12:31:03 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2012/07/27 12:31:03 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2012/07/27 12:31:03 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe [2012/07/27 12:31:03 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe [2012/07/27 12:24:38 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll [2012/07/27 12:24:38 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll [2012/07/27 12:24:38 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys [2012/07/27 12:22:23 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ole32.dll [2012/07/27 12:22:19 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskschd.dll [2012/07/27 12:22:19 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmicmiplugin.dll [2012/07/27 12:22:19 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\taskschd.dll [2012/07/27 12:22:19 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskcomp.dll [2012/07/27 12:22:19 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskeng.exe [2012/07/27 12:22:19 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\taskcomp.dll [2012/07/27 12:22:19 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\schtasks.exe [2012/07/27 12:22:18 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\schtasks.exe [2012/07/27 12:22:02 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssrch.dll [2012/07/27 12:22:01 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tquery.dll [2012/07/27 12:22:01 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tquery.dll [2012/07/27 12:22:01 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssrch.dll [2012/07/27 12:22:01 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssph.dll [2012/07/27 12:22:00 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssvp.dll [2012/07/27 12:22:00 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssvp.dll [2012/07/27 12:22:00 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssph.dll [2012/07/27 12:22:00 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssphtb.dll [2012/07/27 12:22:00 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchProtocolHost.exe [2012/07/27 12:22:00 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchFilterHost.exe [2012/07/27 12:22:00 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msscntrs.dll [2012/07/27 12:22:00 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msscntrs.dll [2012/07/27 12:21:57 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll [2012/07/27 12:21:57 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntshrui.dll [2012/07/27 12:21:56 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll [2012/07/27 12:21:56 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll [2012/07/27 12:21:56 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1core.dll [2012/07/27 12:21:56 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1.dll [2012/07/27 12:21:52 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\poqexec.exe [2012/07/27 12:21:52 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\poqexec.exe [2012/07/27 12:21:51 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sbe.dll [2012/07/27 12:21:51 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\CPFilters.dll [2012/07/27 12:21:51 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sbe.dll [2012/07/27 12:21:51 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CPFilters.dll [2012/07/27 12:21:51 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mpg2splt.ax [2012/07/27 12:21:51 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mpg2splt.ax [2012/07/27 12:21:49 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\quartz.dll [2012/07/27 12:21:49 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\quartz.dll [2012/07/27 12:21:49 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll [2012/07/27 12:21:49 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll [2012/07/27 12:21:48 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbcjt32.dll [2012/07/27 12:21:48 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbctrac.dll [2012/07/27 12:21:48 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbctrac.dll [2012/07/27 12:21:48 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccp32.dll [2012/07/27 12:21:48 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccp32.dll [2012/07/27 12:21:48 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccu32.dll [2012/07/27 12:21:48 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccr32.dll [2012/07/27 12:21:48 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccu32.dll [2012/07/27 12:21:48 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccr32.dll [2012/07/27 12:21:47 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\t2embed.dll [2012/07/27 12:21:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\t2embed.dll [2012/07/27 12:21:46 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe [2012/07/27 12:21:46 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\explorer.exe [2012/07/27 12:21:45 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\StructuredQuery.dll [2012/07/27 12:21:44 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xmllite.dll [2012/07/27 12:21:41 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll [2012/07/27 12:21:41 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\webio.dll [2012/07/27 12:20:02 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\upnp.dll [2012/07/27 12:20:01 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\upnp.dll [2012/07/27 12:19:59 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\davclnt.dll [2012/07/27 12:19:59 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wscapi.dll [2012/07/27 12:19:58 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wscapi.dll [2012/07/27 12:19:58 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\slwga.dll [2012/07/27 12:19:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\slwga.dll [2012/07/27 12:19:55 | 005,505,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2012/07/27 12:19:54 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2012/07/27 12:19:54 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2012/07/27 12:19:47 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ExplorerFrame.dll [2012/07/27 12:19:47 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ExplorerFrame.dll [2012/07/27 12:19:47 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys [2012/07/27 12:19:47 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsRasterService.dll [2012/07/27 12:19:47 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll [2012/07/27 12:19:47 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsRasterService.dll [2012/07/27 12:19:35 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll [2012/07/27 12:19:35 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll [2012/07/27 12:19:35 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll [2012/07/27 12:19:35 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2012/07/27 12:19:35 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll [2012/07/27 12:19:35 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll [2012/07/27 12:19:35 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll [2012/07/27 12:19:33 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msdri.dll [2012/07/27 12:19:29 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\comctl32.dll [2012/07/27 12:19:25 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\timedate.cpl [2012/07/27 12:19:25 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\timedate.cpl [2012/07/27 12:19:24 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfc42.dll [2012/07/27 12:19:24 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfc42u.dll [2012/07/27 12:19:24 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfc42.dll [2012/07/27 12:19:23 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfc42u.dll [2012/07/27 12:19:23 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dnsapi.dll [2012/07/27 12:19:23 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dnscacheugc.exe [2012/07/27 12:19:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dnscacheugc.exe [2012/07/27 12:19:22 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll [2012/07/27 12:19:21 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll [2012/07/27 12:19:21 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll [2012/07/27 12:19:21 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll [2012/07/27 12:19:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll [2012/07/27 12:19:20 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll [2012/07/27 12:19:20 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll [2012/07/27 12:19:19 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmpmde.dll [2012/07/27 12:19:19 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmpmde.dll [2012/07/27 12:19:19 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Diskdump.sys [2012/07/27 12:19:15 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.efi [2012/07/27 12:19:15 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.exe [2012/07/27 12:19:15 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.exe [2012/07/27 12:19:15 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll [2012/07/27 12:19:15 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll [2012/07/27 12:19:15 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe [2012/07/27 12:19:14 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.efi [2012/07/27 12:19:14 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdusb.dll [2012/07/27 12:19:14 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kd1394.dll [2012/07/27 12:19:14 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdcom.dll [2012/07/27 12:19:13 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll [2012/07/27 12:19:13 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll [2012/07/27 12:19:12 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll [2012/07/27 12:19:12 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe [2012/07/27 12:19:12 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll [2012/07/27 12:19:12 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll [2012/07/27 12:19:12 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe [2012/07/27 12:19:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll [2012/07/27 12:19:12 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll [2012/07/27 12:19:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll [2012/07/27 12:19:12 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe [2012/07/27 12:19:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012/07/27 12:19:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012/07/27 12:19:12 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012/07/27 12:19:12 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012/07/27 12:19:12 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll [2012/07/27 12:19:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012/07/27 12:19:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012/07/27 12:19:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012/07/27 12:19:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012/07/27 12:19:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012/07/27 12:19:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012/07/27 12:19:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012/07/27 12:19:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012/07/27 12:19:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012/07/27 12:19:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012/07/27 12:19:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012/07/27 12:19:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012/07/27 12:19:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012/07/27 12:19:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012/07/27 12:19:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe [2012/07/27 12:19:08 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfc40.dll [2012/07/27 12:19:08 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfc40u.dll [2012/07/27 12:19:05 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmp.dll [2012/07/27 12:19:01 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmploc.DLL [2012/07/27 12:19:01 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmp.dll [2012/07/27 12:19:00 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmploc.DLL [2012/07/27 12:18:59 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll [2012/07/27 12:18:58 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisdecd.dll [2012/07/27 12:18:58 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisdecd.dll [2012/07/27 12:18:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSNP.ax [2012/07/27 12:18:58 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSNP.ax [2012/07/27 12:18:58 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisrndr.ax [2012/07/27 12:18:58 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Mpeg2Data.ax [2012/07/27 12:18:58 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisrndr.ax [2012/07/27 12:18:58 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSDvbNP.ax [2012/07/27 12:18:58 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Mpeg2Data.ax [2012/07/27 12:18:58 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSDvbNP.ax [2012/07/27 12:18:50 | 001,460,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll [2012/07/27 12:18:50 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll [2012/07/27 12:18:43 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll [2012/07/27 12:18:43 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll [2012/07/27 12:18:43 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe [2012/07/27 12:18:43 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe [2012/07/27 12:18:42 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\drvinst.exe [2012/07/27 12:18:42 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\devrtl.dll [2012/07/27 12:18:35 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbc32.dll [2012/07/27 12:18:35 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbc32.dll [2012/07/27 12:18:31 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msvcrt.dll [2012/07/27 12:18:30 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll [2012/07/27 12:18:30 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleacc.dll [2012/07/27 12:18:30 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FXSCOVER.exe [2012/07/27 12:18:30 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\prevhost.exe [2012/07/27 12:18:30 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\prevhost.exe [2012/07/27 12:18:29 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe [2012/07/27 12:18:15 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDec.dll [2012/07/27 12:18:14 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll [2012/07/27 12:18:14 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\EncDec.dll [2012/07/27 12:18:13 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sscore.dll
  4. O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) SafeBootMin:64bit: 51789203.sys - Driver SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PEVSystemStart - Service SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: procexp90.Sys - Driver SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: 51789203.sys - Driver SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PEVSystemStart - Service SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: procexp90.Sys - Driver SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: 51789203.sys - Driver SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PEVSystemStart - Service SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: procexp90.Sys - Driver SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WRkrn - Driver SafeBootNet:64bit: WRSVC - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: 51789203.sys - Driver SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PEVSystemStart - Service SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: procexp90.Sys - Driver SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WRkrn - Driver SafeBootNet: WRSVC - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{4260FD8B-EB85-4A91-93B1-7EFD1CB5204D} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.) CLEARALLRESTOREPOINTS Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/08/22 20:10:58 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Victor\Desktop\OTL.exe [2012/08/21 18:44:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2012/08/20 11:12:18 | 009,826,504 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Victor\Desktop\install_flash_player.exe [2012/08/20 11:05:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2012/08/20 11:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012/08/20 11:05:38 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys [2012/08/20 10:00:11 | 012,621,696 | ---- | C] (Microsoft Corporation) -- C:\Users\Victor\Desktop\mseinstall.exe [2012/08/20 08:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/08/18 12:41:10 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012/08/18 12:41:10 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012/08/18 12:38:34 | 000,999,840 | ---- | C] (Solid State Networks) -- C:\Users\Victor\Desktop\install_flashplayer11x32_mssd_aih.exe.part [2012/08/18 12:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012/08/18 12:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012/08/18 11:51:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/08/18 11:46:05 | 000,000,000 | ---D | C] -- C:\windows\temp [2012/08/18 11:35:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012/08/18 11:35:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012/08/18 11:35:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012/08/18 11:35:38 | 000,000,000 | ---D | C] -- C:\ComboFix [2012/08/18 11:35:35 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/08/18 11:14:10 | 004,733,838 | R--- | C] (Swearware) -- C:\Users\Victor\Desktop\ComboFix.exe [2012/08/17 10:30:46 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012/08/17 10:30:46 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012/08/17 10:30:45 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012/08/17 10:30:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012/08/17 10:30:44 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012/08/17 10:30:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012/08/17 10:30:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012/08/17 10:30:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012/08/17 10:30:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012/08/17 10:30:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012/08/17 10:30:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012/08/17 10:30:41 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012/08/17 10:30:41 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012/08/16 22:27:08 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll [2012/08/16 22:21:51 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll [2012/08/16 22:21:51 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll [2012/08/16 22:21:51 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\splwow64.exe [2012/08/16 22:18:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Victor\Desktop\dds.scr [2012/08/16 22:16:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netapi32.dll [2012/08/16 22:16:22 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browcli.dll [2012/08/16 22:16:22 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\browcli.dll [2012/08/16 22:16:09 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll [2012/08/16 22:14:29 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\Victor\Desktop\FSS.exe [2012/08/12 11:06:54 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\windows\stinger.sys [2012/08/12 11:06:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger [2012/08/12 11:03:29 | 009,781,352 | ---- | C] (McAfee Inc.) -- C:\Users\Victor\Desktop\stinger.exe [2012/08/12 09:32:45 | 000,000,000 | ---D | C] -- C:\Users\Victor\Desktop\RK_Quarantine [2012/08/12 09:31:12 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/08/12 09:21:20 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Victor\Desktop\tdsskiller.exe [2012/08/12 09:20:31 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Victor\Desktop\aswMBR.exe [2012/08/12 09:15:52 | 000,000,000 | ---D | C] -- C:\windows\ERDNT [2012/08/12 09:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2012/08/12 09:15:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2012/08/12 09:09:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Victor\Desktop\erunt-setup.exe [2012/08/06 14:45:29 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\vlc [2012/08/06 13:16:49 | 000,000,000 | ---D | C] -- C:\Users\Victor\Documents\PORTFOLIO [2012/08/06 13:13:52 | 000,000,000 | ---D | C] -- C:\Users\Victor\Documents\ENG 260 class [2012/08/04 16:44:39 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Tific [2012/08/04 16:44:39 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\Tific [2012/08/04 00:49:55 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\Diagnostics [2012/07/30 11:23:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2012/07/30 11:22:58 | 000,279,040 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNMLM9H.DLL [2012/07/30 01:26:05 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\rmoc3260.dll [2012/07/30 01:26:01 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5016.dll [2012/07/30 01:26:01 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5032.dll [2012/07/30 01:26:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks [2012/07/30 01:26:00 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll [2012/07/28 19:53:47 | 000,000,000 | ---D | C] -- C:\Users\Victor\Documents\Any Video Converter [2012/07/28 19:53:46 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\AnvSoft [2012/07/28 19:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft [2012/07/28 19:43:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft [2012/07/28 17:44:58 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Collaborate [2012/07/28 17:44:48 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Blackboard [2012/07/28 17:38:33 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\Microsoft Games [2012/07/28 17:37:39 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk [2012/07/28 17:37:37 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Google [2012/07/28 17:04:57 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\Macromedia [2012/07/28 17:01:11 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed [2012/07/28 16:55:18 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\Adobe [2012/07/28 02:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012/07/28 02:41:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2012/07/28 02:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder [2012/07/28 02:40:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funmoods [2012/07/28 00:51:42 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\.ZMatrix [2012/07/28 00:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZMatrix [2012/07/28 00:51:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZMatrix [2012/07/28 00:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars [2012/07/28 00:49:48 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\blekkotb_031 [2012/07/28 00:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor [2012/07/27 21:21:24 | 000,000,000 | ---D | C] -- C:\Users\Victor\Documents\YANG; THE GIRL WHO SLEPT A THOUSAND YEARS [2012/07/27 21:21:21 | 000,000,000 | ---D | C] -- C:\Users\Victor\Documents\UNARMD [2012/07/27 21:21:21 | 000,000,000 | ---D | C] -- C:\Users\Victor\Documents\THE SUICIDE MEETINGS [2012/07/27 21:21:21 | 000,000,000 | ---D | C] -- C:\Users\Victor\Documents\OUR NEW LIVES [2012/07/27 21:21:07 | 000,000,000 | ---D | C] -- C:\Users\Victor\Documents\TEACHING MATERIAL [2012/07/27 21:21:07 | 000,000,000 | ---D | C] -- C:\Users\Victor\Documents\SILENT WITNESS [2012/07/27 21:21:07 | 000,000,000 | ---D | C] -- C:\Users\Victor\Documents\SIGHT UNSEEN stuff [2012/07/27 21:21:06 | 000,000,000 | ---D | C] -- C:\Users\Victor\Documents\RAMPANT TUESDAY AND RT RELATED [2012/07/27 21:21:06 | 000,000,000 | ---D | C] -- C:\Users\Victor\Documents\MY SF CHARACTERS [2012/07/27 21:21:05 | 000,000,000 | ---D | C] -- C:\Users\Victor\Documents\MODUS OPERANDI stuff [2012/07/27 21:21:05 | 000,000,000 | ---D | C] -- C:\Users\Victor\Documents\ENG 465 class [2012/07/27 21:20:44 | 000,000,000 | ---D | C] -- C:\Users\Victor\Documents\COMIC SCRIPTS [2012/07/27 21:17:20 | 000,000,000 | ---D | C] -- C:\Users\Victor\Documents\COMIC BOOKS [2012/07/27 21:17:20 | 000,000,000 | ---D | C] -- C:\Users\Victor\Documents\ARTIST AD [2012/07/27 21:17:20 | 000,000,000 | ---D | C] -- C:\Users\Victor\Documents\ANGEL FALLS [2012/07/27 21:15:03 | 000,000,000 | ---D | C] -- C:\Users\Victor\OPEN ENGLISH [2012/07/27 21:15:03 | 000,000,000 | ---D | C] -- C:\Users\Victor\NEW stuff [2012/07/27 20:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012/07/27 20:27:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/07/27 20:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink [2012/07/27 20:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink [2012/07/27 20:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink [2012/07/27 20:26:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012/07/27 20:25:25 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll [2012/07/27 20:25:25 | 000,687,544 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll [2012/07/27 20:25:25 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe [2012/07/27 20:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012/07/27 20:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MagicSoftware [2012/07/27 20:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic DVD Ripper [2012/07/27 20:19:46 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\MagicSoftware [2012/07/27 20:19:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDVDRipper [2012/07/27 20:16:52 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\AVG Secure Search [2012/07/27 20:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free [2012/07/27 20:16:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BurnAware Free [2012/07/27 20:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012/07/27 20:16:39 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys [2012/07/27 20:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search [2012/07/27 20:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search [2012/07/27 20:15:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/07/27 20:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012/07/27 20:14:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync [2012/07/27 20:14:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012/07/27 20:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012/07/27 20:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2012/07/27 20:11:48 | 000,000,000 | R--D | C] -- C:\MSOCache [2012/07/27 20:10:32 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Malwarebytes [2012/07/27 20:10:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/27 20:10:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/07/27 20:10:23 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/07/27 20:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/07/27 20:07:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real [2012/07/27 20:07:13 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Real [2012/07/27 20:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2012/07/27 20:05:03 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\WinRAR [2012/07/27 20:05:03 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012/07/27 20:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012/07/27 20:05:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR [2012/07/27 20:00:26 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Skype [2012/07/27 20:00:22 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012/07/27 20:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012/07/27 20:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012/07/27 19:53:16 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Mozilla [2012/07/27 19:53:16 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\Mozilla [2012/07/27 19:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/07/27 19:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012/07/27 19:52:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/07/27 19:52:13 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Opera [2012/07/27 19:52:13 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\Opera [2012/07/27 19:52:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2012/07/27 18:23:27 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Macromedia [2012/07/27 18:23:26 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Adobe [2012/07/27 18:10:43 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012/07/27 17:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\WildTangent [2012/07/27 17:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOSHIBA Games [2012/07/27 17:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Label@Once [2012/07/27 17:35:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ulead Systems [2012/07/27 17:35:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel [2012/07/27 17:35:39 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_36.dll [2012/07/27 17:35:39 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_36.dll [2012/07/27 17:35:39 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_36.dll [2012/07/27 17:35:39 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_36.dll [2012/07/27 17:35:39 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_36.dll [2012/07/27 17:35:39 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_36.dll [2012/07/27 17:35:39 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_10.dll [2012/07/27 17:35:39 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_10.dll [2012/07/27 17:35:38 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_35.dll [2012/07/27 17:35:38 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_35.dll [2012/07/27 17:35:38 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_35.dll [2012/07/27 17:35:38 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_34.dll [2012/07/27 17:35:38 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_35.dll [2012/07/27 17:35:38 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_34.dll [2012/07/27 17:35:38 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_35.dll [2012/07/27 17:35:38 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_34.dll [2012/07/27 17:35:38 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_35.dll [2012/07/27 17:35:38 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_34.dll [2012/07/27 17:35:38 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_9.dll [2012/07/27 17:35:38 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_8.dll [2012/07/27 17:35:38 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_9.dll [2012/07/27 17:35:38 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_8.dll [2012/07/27 17:35:38 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_2.dll [2012/07/27 17:35:38 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_2.dll [2012/07/27 17:35:37 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_34.dll [2012/07/27 17:35:37 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_33.dll [2012/07/27 17:35:37 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_34.dll [2012/07/27 17:35:37 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_33.dll [2012/07/27 17:35:37 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_33.dll [2012/07/27 17:35:37 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_33.dll [2012/07/27 17:35:37 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_33.dll [2012/07/27 17:35:37 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_33.dll [2012/07/27 17:35:37 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_7.dll [2012/07/27 17:35:37 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_7.dll
  5. Hi Maurice, During the week I'm not on my computer as much. Things have been working well though Here are the OTL Logs, starting with OTL.Txt: OTL logfile created on: 8/22/2012 8:14:55 PM - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Victor\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.80 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 71.10% Memory free 7.60 Gb Paging File | 5.95 Gb Available in Paging File | 78.25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452.58 Gb Total Space | 283.07 Gb Free Space | 62.55% Space Free | Partition Type: NTFS Computer Name: VICTOR-PC | User Name: Victor | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/22 20:11:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Victor\Desktop\OTL.exe PRC - [2012/08/21 18:44:02 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2012/07/27 20:16:38 | 000,830,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe PRC - [2012/07/27 20:16:37 | 001,147,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010/09/03 19:58:23 | 000,115,056 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\SymcPCCULaunchSvc.exe PRC - [2010/09/01 00:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010/03/18 15:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/03/18 15:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/02/24 04:54:48 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe PRC - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe PRC - [2003/02/03 20:14:46 | 000,106,496 | ---- | M] (Happy Dude) -- C:\Program Files (x86)\ZMatrix\matrix.exe ========== Modules (No Company Name) ========== MOD - [2012/07/27 20:16:39 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\SiteSafety.dll MOD - [2012/07/27 20:16:37 | 001,147,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2010/09/28 15:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/02/23 20:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV - [2012/07/27 20:16:38 | 000,830,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe -- (vToolbarUpdater12.1.5) SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/13 20:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010/09/03 19:58:23 | 000,115,056 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher) SRV - [2010/07/28 17:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010/03/18 15:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/03/18 15:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/10/06 12:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe -- (PCCUJobMgr) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/07/27 20:16:39 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/04/20 09:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/07/29 08:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/06/21 20:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010/06/19 00:36:04 | 000,017,920 | ---- | M] (Siliten) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b) DRV:64bit: - [2010/04/28 03:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (rtl8192Ce) DRV:64bit: - [2010/03/31 02:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2010/03/24 16:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010/02/09 00:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009/06/15 16:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem) DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {66CCB4B7-7863-4577-B33D-239DF31FC2A1} IE:64bit: - HKLM\..\SearchScopes\{66CCB4B7-7863-4577-B33D-239DF31FC2A1}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {965659D8-9442-4E19-BEA6-9B8C812FBB5B} IE - HKLM\..\SearchScopes\{965659D8-9442-4E19-BEA6-9B8C812FBB5B}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/g/ IE - HKCU\..\SearchScopes,DefaultScope = {197DDC21-4E16-4928-8399-0EC22DF768F0} IE - HKCU\..\SearchScopes\{197DDC21-4E16-4928-8399-0EC22DF768F0}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS494 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={BA404D61-593E-49A5-BCAD-5BD968E0AAEE}&mid=863ffc3fce5847d0ab0cb1a22f153dfb-1f6330eb42dd8974cb1bd46fd9b683e109e7d073〈=en&ds=gf011&pr=sa&d=2012-07-27 20:16:39&v=12.1.0.21&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{965659D8-9442-4E19-BEA6-9B8C812FBB5B}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.asiafinest.com" FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7Bcb0ca02d-7115-4e6a-8ed3-4eb5babde760%7D&mid=863ffc3fce5847d0ab0cb1a22f153dfb-1f6330eb42dd8974cb1bd46fd9b683e109e7d073&ds=gf011&v=12.1.0.21〈=en&pr=sa&d=2012-07-27%2020%3A16%3A39&sap=ku&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012/07/27 20:16:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/21 18:44:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/28 02:17:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/27 19:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Victor\AppData\Roaming\mozilla\Extensions [2012/08/17 10:36:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Victor\AppData\Roaming\mozilla\Firefox\Profiles\034wfyfp.default\extensions [2012/08/17 10:36:18 | 000,000,000 | ---D | M] ("Default Theme Engine - Personas Interactive") -- C:\Users\Victor\AppData\Roaming\mozilla\Firefox\Profiles\034wfyfp.default\extensions\btpersonas@brandthunder.com [2012/07/28 02:22:25 | 000,000,000 | ---D | M] (My Web Search) -- C:\Users\Victor\AppData\Roaming\mozilla\Firefox\Profiles\034wfyfp.default\extensions\m3ffxtbr@mywebsearch.com [2012/08/21 08:41:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Victor\AppData\Roaming\mozilla\Firefox\Profiles\s1jamnsh.default-1345552746220\extensions [2012/08/16 22:13:05 | 000,001,088 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\034wfyfp.default\searchplugins\dictionarycom.xml [2012/07/27 19:52:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/07/27 20:16:46 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.1.0.21 [2012/08/21 18:44:25 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2012/07/30 14:52:39 | 000,046,747 | ---- | M] () (No name found) -- C:\USERS\VICTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\034WFYFP.DEFAULT\EXTENSIONS\{65E41D20-F092-41B7-BB83-C6E8A9AB0F57}.XPI [2012/07/28 18:02:38 | 000,013,069 | ---- | M] () (No name found) -- C:\USERS\VICTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\034WFYFP.DEFAULT\EXTENSIONS\DICTIONARY@COELHONAREDE.COM.XPI [2012/07/13 20:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/07/27 20:16:36 | 000,003,752 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012/07/13 20:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/07/13 20:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://start.toshiba.com/g/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://start.toshiba.com/g/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/08/18 11:47:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll () O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba) O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe" File not found O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [googletalk] C:\Users\Victor\AppData\Roaming\Google\Google Talk\googletalk.exe (Google) O4 - Startup: C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZMatrix.lnk = C:\Program Files (x86)\ZMatrix\matrix.exe (Happy Dude) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O1364bit: - gopher Prefix: missing O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14EABF20-F0D0-4C39-AEE4-8011AC8DBA70}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19B60485-C4A3-4538-94A8-EA2FA468DC7C}: DhcpNameServer = 209.18.47.61 209.18.47.62 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll ()
  6. Various people I talked to. A couple months ago I was having problems with blue screens, so I took it in to a local computer shop and they were the first to suggest I avoid having McAfee and Malwarebytes simultaneously on my system. A few weeks later, I had someone reinstall the operating system (Windows 7) from scratch because the problem persisted. He suggested I only reinstall Malwarebytes. After that, I never had any problems until the domainadvisor issue. Anyway, I downloaded MSE as you suggested, and have already run a scan. This is from the FSS log: Farbar Service Scanner Version: 06-08-2012 Ran by Victor (administrator) on 20-08-2012 at 11:55:31 Running from "C:\Users\Victor\Desktop" Microsoft Windows 7 Home Premium (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll". Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys [2012-07-27 12:18] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2012-07-27 12:18] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0 C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll [2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3 C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll [2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5 C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll [2012-07-27 12:18] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  7. I was told by several computer experts NOT to have both an antivirus program as well as an antispyware program -such as Malwarebytes on my system- at the same time. I used to use McAfee and Malwarebytes, but I was told to uninstall one (and McAfee being the more expensive and less reliable program was the recommended uninstall). At any rate, that was only a few months ago (less than 4 months) that I uninstalled McAfee.
  8. . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\034wfyfp.default\ FF - prefs.js: browser.startup.homepage - www.asiafinest.com FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bcb0ca02d-7115-4e6a-8ed3-4eb5babde760%7D&mid=863ffc3fce5847d0ab0cb1a22f153dfb-1f6330eb42dd8974cb1bd46fd9b683e109e7d073&ds=gf011&v=12.1.0.21〈=en&pr=sa&d=2012-07-27%2020%3A16%3A39&sap=ku&q= FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R1 avgtp;avgtp;\??\C:\windows\system32\drivers\avgtpx64.sys --> C:\windows\system32\drivers\avgtpx64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-27 655944] R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\SymcPCCULaunchSvc.exe [2012-7-27 115056] R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe [2012-7-27 126392] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-27 2320920] R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-7-27 830048] R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?] R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys --> C:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [?] R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?] R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?] R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?] R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-7-27 51512] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560] R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952] S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-27 113120] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %* VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2012-08-20 12:07:40 -------- d-----w- C:\Program Files (x86)\ESET 2012-08-18 16:41:10 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-18 16:41:10 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-08-18 15:51:01 -------- d-sh--w- C:\$RECYCLE.BIN 2012-08-18 15:35:40 98816 ----a-w- C:\windows\sed.exe 2012-08-18 15:35:40 518144 ----a-w- C:\windows\SWREG.exe 2012-08-18 15:35:40 256000 ----a-w- C:\windows\PEV.exe 2012-08-18 15:35:40 208896 ----a-w- C:\windows\MBR.exe 2012-08-18 15:35:38 -------- d-----w- C:\ComboFix 2012-08-17 14:39:37 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E255035B-85AD-486D-AE2C-1D972030D7D4}\mpengine.dll 2012-08-17 02:27:08 503808 ----a-w- C:\windows\System32\srcore.dll 2012-08-17 02:27:08 43008 ----a-w- C:\windows\SysWow64\srclient.dll 2012-08-17 02:21:51 751104 ----a-w- C:\windows\System32\win32spl.dll 2012-08-17 02:21:51 67584 ----a-w- C:\windows\splwow64.exe 2012-08-17 02:21:51 559104 ----a-w- C:\windows\System32\spoolsv.exe 2012-08-17 02:21:51 492032 ----a-w- C:\windows\SysWow64\win32spl.dll 2012-08-17 02:16:22 58880 ----a-w- C:\windows\System32\browcli.dll 2012-08-17 02:16:22 41472 ----a-w- C:\windows\SysWow64\browcli.dll 2012-08-17 02:16:22 136704 ----a-w- C:\windows\System32\browser.dll 2012-08-17 02:16:14 3146752 ----a-w- C:\windows\System32\win32k.sys 2012-08-17 02:16:09 956416 ----a-w- C:\windows\System32\localspl.dll 2012-08-12 15:06:54 16200 ----a-w- C:\windows\stinger.sys 2012-08-12 15:06:03 -------- d-----w- C:\Program Files (x86)\stinger 2012-08-12 13:31:12 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-04 20:44:39 -------- d-----w- C:\Users\Victor\AppData\Roaming\Tific 2012-08-04 20:44:39 -------- d-----w- C:\Users\Victor\AppData\Local\Tific 2012-08-04 04:49:55 -------- d-----w- C:\Users\Victor\AppData\Local\Diagnostics 2012-07-31 12:11:29 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-07-30 15:23:29 82944 ----a-w- C:\windows\System32\Spool\prtprocs\x64\CNMPP9H.DLL 2012-07-30 15:23:29 27648 ----a-w- C:\windows\System32\Spool\prtprocs\x64\CNMPD9H.DLL 2012-07-30 15:22:58 279040 ----a-w- C:\windows\System32\CNMLM9H.DLL 2012-07-30 05:26:11 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared 2012-07-30 05:25:59 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll 2012-07-30 05:25:59 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll 2012-07-30 00:49:10 163048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin 2012-07-28 23:53:46 -------- d-----w- C:\Users\Victor\AppData\Roaming\AnvSoft 2012-07-28 23:43:42 -------- d-----w- C:\Program Files (x86)\AnvSoft 2012-07-28 21:44:58 -------- d-----w- C:\Users\Victor\AppData\Roaming\Collaborate 2012-07-28 21:44:48 -------- d-----w- C:\Users\Victor\AppData\Roaming\Blackboard 2012-07-28 21:38:33 -------- d-----w- C:\Users\Victor\AppData\Local\Microsoft Games 2012-07-28 21:04:57 -------- d-----w- C:\Users\Victor\AppData\Local\Macromedia 2012-07-28 20:55:18 -------- d-----w- C:\Users\Victor\AppData\Local\Adobe 2012-07-28 06:41:29 -------- d-----w- C:\Program Files (x86)\VideoLAN 2012-07-28 06:41:10 -------- d-----w- C:\ProgramData\WeCareReminder 2012-07-28 06:40:55 -------- d-----w- C:\Program Files (x86)\Funmoods 2012-07-28 04:51:42 -------- d-----w- C:\Users\Victor\AppData\Roaming\.ZMatrix 2012-07-28 04:51:38 -------- d-----w- C:\Program Files (x86)\ZMatrix 2012-07-28 04:50:02 -------- d-----w- C:\ProgramData\blekko toolbars 2012-07-28 04:49:48 -------- d-----w- C:\Users\Victor\AppData\Local\blekkotb_031 2012-07-28 04:49:48 -------- d-----w- C:\ProgramData\Anti-phishing Domain Advisor 2012-07-28 01:15:03 -------- d-----w- C:\Users\Victor\OPEN ENGLISH 2012-07-28 01:15:03 -------- d-----w- C:\Users\Victor\NEW stuff 2012-07-28 00:26:33 -------- d-----w- C:\Program Files (x86)\DVD Shrink 2012-07-28 00:26:22 -------- d-----w- C:\Program Files (x86)\Oracle 2012-07-28 00:25:25 772544 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2012-07-28 00:25:25 687544 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-07-28 00:19:54 -------- d-----w- C:\ProgramData\MagicSoftware 2012-07-28 00:19:46 -------- d-----w- C:\Users\Victor\AppData\Local\MagicSoftware 2012-07-28 00:19:45 -------- d-----w- C:\Program Files (x86)\MagicDVDRipper 2012-07-28 00:16:52 -------- d-----w- C:\Users\Victor\AppData\Local\AVG Secure Search 2012-07-28 00:16:46 -------- d-----w- C:\ProgramData\AVG Secure Search 2012-07-28 00:16:46 -------- d-----w- C:\Program Files (x86)\BurnAware Free 2012-07-28 00:16:39 31080 ----a-w- C:\windows\System32\drivers\avgtpx64.sys 2012-07-28 00:16:37 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search 2012-07-28 00:16:37 -------- d-----w- C:\Program Files (x86)\AVG Secure Search 2012-07-28 00:15:21 -------- d--h--w- C:\ProgramData\Common Files 2012-07-28 00:14:15 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync 2012-07-28 00:10:32 -------- d-----w- C:\Users\Victor\AppData\Roaming\Malwarebytes 2012-07-28 00:10:24 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-28 00:10:23 24904 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-07-28 00:10:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-28 00:00:22 -------- d-----r- C:\Program Files (x86)\Skype 2012-07-27 23:53:16 -------- d-----w- C:\Users\Victor\AppData\Local\Mozilla 2012-07-27 21:37:28 -------- d-----w- C:\ProgramData\WildTangent 2012-07-27 21:37:28 -------- d-----w- C:\Program Files (x86)\TOSHIBA Games 2012-07-27 21:31:04 35008 ----a-w- C:\windows\System32\drivers\PGEffect.sys 2012-07-27 21:27:30 24576 ----a-w- C:\windows\SysWow64\TSCI.dll 2012-07-27 21:27:30 24576 ----a-w- C:\windows\SysWow64\THCI.dll 2012-07-27 21:26:06 -------- d-----w- C:\Program Files (x86)\Realtek WLAN Driver 2012-07-27 21:25:58 -------- d-----w- C:\Program Files (x86)\Cisco 2012-07-27 21:24:50 -------- d-----w- C:\windows\SysWow64\Atheros_L1e 2012-07-27 21:24:34 -------- d-----w- C:\Program Files\Synaptics 2012-07-27 21:24:18 8038944 ----a-w- C:\windows\System32\RTSUSTORicon.dll 2012-07-27 21:24:10 8038944 ----a-w- C:\windows\SysWow64\RtsUStoricon.dll 2012-07-27 21:24:10 422432 ----a-w- C:\windows\System32\RtsUStor.dll 2012-07-27 21:24:10 239136 ----a-w- C:\windows\System32\drivers\RtsUStor.sys 2012-07-27 21:24:10 -------- d-----w- C:\Program Files (x86)\Realtek 2012-07-27 21:22:04 -------- d-----w- C:\Program Files\CONEXANT 2012-07-27 21:19:54 540696 ----a-w- C:\windows\System32\drivers\iaStor.sys 2012-07-27 21:16:43 -------- d-----w- C:\Intel 2012-07-27 21:16:13 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent 2012-07-27 18:46:48 279656 ------w- C:\windows\System32\MpSigStub.exe 2012-07-27 18:44:30 -------- d--h--w- C:\windows\msdownld.tmp 2012-07-27 18:41:50 -------- d-----w- C:\windows\System32\drivers\NortonPCCheckupx64\0200050.03C 2012-07-27 18:41:50 -------- d-----w- C:\windows\System32\drivers\NortonPCCheckupx64 2012-07-27 18:41:49 -------- d-----w- C:\ProgramData\Norton 2012-07-27 18:41:49 -------- d-----w- C:\Program Files (x86)\Norton PC Checkup 2012-07-27 18:41:46 -------- d-----w- C:\ProgramData\NortonInstaller 2012-07-27 18:41:46 -------- d-----w- C:\Program Files (x86)\NortonInstaller 2012-07-27 18:41:39 -------- d-----w- C:\Program Files (x86)\Toshiba Online Backup 2012-07-27 18:41:19 -------- d-----w- C:\Program Files (x86)\TOSHIBA Corporation 2012-07-27 17:19:44 -------- d-----w- C:\bb09752b29c2c2eb4dcd8ecb 2012-07-27 17:11:53 -------- d-----w- C:\a80f1e2482abe34001 2012-07-27 17:09:42 -------- d-----w- C:\Users\Victor\AppData\Local\WindowsUpdate 2012-07-27 17:08:54 -------- d-----w- C:\Users\Victor\AppData\Local\Google 2012-07-27 17:01:55 -------- d-----w- C:\windows\SysWow64\Wat 2012-07-27 17:01:55 -------- d-----w- C:\windows\System32\Wat 2012-07-27 16:55:34 367104 ----a-w- C:\windows\System32\wcncsvc.dll 2012-07-27 16:55:34 276992 ----a-w- C:\windows\SysWow64\wcncsvc.dll 2012-07-27 16:32:22 99176 ----a-w- C:\windows\SysWow64\PresentationHostProxy.dll 2012-07-27 16:32:22 49472 ----a-w- C:\windows\SysWow64\netfxperf.dll 2012-07-27 16:32:22 48960 ----a-w- C:\windows\System32\netfxperf.dll 2012-07-27 16:32:22 444752 ----a-w- C:\windows\System32\mscoree.dll 2012-07-27 16:32:22 320352 ----a-w- C:\windows\System32\PresentationHost.exe 2012-07-27 16:32:22 297808 ----a-w- C:\windows\SysWow64\mscoree.dll 2012-07-27 16:32:22 295264 ----a-w- C:\windows\SysWow64\PresentationHost.exe 2012-07-27 16:32:22 1942856 ----a-w- C:\windows\System32\dfshim.dll 2012-07-27 16:32:22 1130824 ----a-w- C:\windows\SysWow64\dfshim.dll 2012-07-27 16:32:22 109912 ----a-w- C:\windows\System32\PresentationHostProxy.dll 2012-07-27 16:24:38 80896 ----a-w- C:\windows\System32\imagehlp.dll 2012-07-27 16:24:38 5120 ----a-w- C:\windows\SysWow64\wmi.dll 2012-07-27 16:24:38 5120 ----a-w- C:\windows\System32\wmi.dll 2012-07-27 16:24:38 22896 ----a-w- C:\windows\System32\drivers\fs_rec.sys 2012-07-27 16:24:38 220672 ----a-w- C:\windows\System32\wintrust.dll 2012-07-27 16:24:38 172544 ----a-w- C:\windows\SysWow64\wintrust.dll 2012-07-27 16:24:38 158720 ----a-w- C:\windows\SysWow64\imagehlp.dll 2012-07-27 16:21:57 509952 ----a-w- C:\windows\System32\ntshrui.dll 2012-07-27 16:20:02 264192 ----a-w- C:\windows\System32\upnp.dll 2012-07-27 16:20:01 442880 ----a-w- C:\windows\System32\winhttp.dll 2012-07-27 16:20:01 204288 ----a-w- C:\windows\SysWow64\upnp.dll 2012-07-27 16:18:59 3213824 ----a-w- C:\windows\System32\msi.dll 2012-07-27 16:02:23 -------- d-----w- C:\Users\Victor\AppData\Local\TOSHIBA_Corporation 2012-07-27 16:00:17 826368 ----a-w- C:\windows\SysWow64\rdpcore.dll 2012-07-27 16:00:17 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys 2012-07-27 16:00:17 1031680 ----a-w- C:\windows\System32\rdpcore.dll 2012-07-27 15:58:37 -------- d-----w- C:\Users\Victor\AppData\Local\Toshiba 2012-07-27 15:57:44 -------- d-----w- C:\Users\Victor\AppData\Local\VirtualStore 2012-07-27 15:57:20 13 --sh--r- C:\windows\System32\drivers\fbd.sys 2012-07-27 15:56:41 2622464 ----a-w- C:\windows\System32\wucltux.dll 2012-07-27 15:56:41 -------- d-----w- C:\Users\Victor\AppData\Roaming\WinBatch 2012-07-27 15:56:20 99840 ----a-w- C:\windows\System32\wudriver.dll 2012-07-27 15:56:00 36864 ----a-w- C:\windows\System32\wuapp.exe 2012-07-27 15:56:00 186752 ----a-w- C:\windows\System32\wuwebv.dll . ==================== Find3M ==================== . 2012-06-29 03:56:34 2312704 ----a-w- C:\windows\System32\jscript9.dll 2012-06-29 03:49:11 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-06-29 03:48:07 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-06-29 03:43:49 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-06-29 03:39:48 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-06-29 00:16:58 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-06-29 00:09:01 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-06-29 00:08:59 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-06-29 00:04:43 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-06-29 00:00:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-06-06 05:50:50 2003968 ----a-w- C:\windows\System32\msxml6.dll 2012-06-06 05:50:50 1880064 ----a-w- C:\windows\System32\msxml3.dll 2012-06-06 05:09:46 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll 2012-06-06 05:09:46 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll 2012-06-02 05:38:26 95088 ----a-w- C:\windows\System32\drivers\ksecdd.sys 2012-06-02 05:38:24 152432 ----a-w- C:\windows\System32\drivers\ksecpkg.sys 2012-06-02 05:37:45 459216 ----a-w- C:\windows\System32\drivers\cng.sys 2012-06-02 05:27:02 340992 ----a-w- C:\windows\System32\schannel.dll 2012-06-02 05:27:00 307200 ----a-w- C:\windows\System32\ncrypt.dll 2012-06-02 04:48:39 22016 ----a-w- C:\windows\SysWow64\secur32.dll 2012-06-02 04:48:35 225280 ----a-w- C:\windows\SysWow64\schannel.dll 2012-06-02 04:47:31 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll 2012-06-02 04:42:51 96768 ----a-w- C:\windows\SysWow64\sspicli.dll . ============= FINISH: 9:31:35.98 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 7/27/2012 11:55:34 AM System Uptime: 8/19/2012 12:10:20 PM (21 hours ago) . Motherboard: Intel Corp. | | Base Board Product Name Processor: Intel® Pentium® CPU P6200 @ 2.13GHz | CPU | 2133/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 453 GiB total, 287.631 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP20: 8/12/2012 9:07:36 AM - Windows Update RP21: 8/16/2012 10:21:58 PM - Windows Update RP22: 8/17/2012 10:26:53 AM - Windows Update RP23: 8/18/2012 11:07:28 AM - Removed Java 6 Update 17 RP24: 8/18/2012 11:10:38 AM - Removed Adobe Reader X (10.1.3). . ==== Installed Programs ====================== . Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Amazon Links Anti-phishing Domain Advisor Any Video Converter 3.4.0 ASPCA Reminder by We-Care.com v4.1.17.1 Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver AVG Security Toolbar Bejeweled 2 Deluxe BurnAware Free 5.0.1 Cake Mania - Lights, Camera, Action! Chuzzle Deluxe Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module D3DX10 DVD Shrink 3.2 ERUNT 1.1j ESET Online Scanner v3 FATE - The Traitor Soul Funmoods Web Search Google Talk (remove only) Google Update Helper Governor of Poker 2 Premium Edition Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® Rapid Storage Technology Java Auto Updater Java 7 Update 5 JavaFX 2.1.1 Jewel Quest - Heritage Junk Mail filter update Label@Once 1.0 Magic DVD Ripper V7.0.0 Malwarebytes Anti-Malware version 1.62.0.1300 Mesh Runtime Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 Mystery P.I. - The London Caper Opera 12.00 Plants vs. Zombies - Game of the Year PlayReady PC Runtime x86 Polar Bowler RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek USB 2.0 Card Reader Realtek WLAN Driver RealUpgrade 1.1 Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Skype™ 5.10 Slingo Supreme Toshiba App Place TOSHIBA Application Installer TOSHIBA Assist Toshiba Book Place TOSHIBA Bulletin Board TOSHIBA eco Utility TOSHIBA Face Recognition TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Laptop Checkup TOSHIBA Media Controller TOSHIBA Media Controller Plug-in Toshiba Online Backup TOSHIBA Quality Application TOSHIBA ReelTime TOSHIBA Service Station TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA Web Camera Application ToshibaRegistration Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VLC media player 2.0.0 WildTangent Games WildTangent ORB Game Console Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.20 (32-bit) ZMatrix 1.4.8 . ==== Event Viewer Messages From Past Week ======== . 8/19/2012 11:45:23 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR9. 8/18/2012 11:50:53 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found. 8/18/2012 11:46:22 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 8/18/2012 11:43:51 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. . ==== End Of File ===========================
  9. Here is the log from the Eset Online Scanner. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial= # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-20 01:17:09 # local_time=2012-08-20 09:17:09 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=5893 16776574 100 94 0 97008424 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=289382 # found=3 # cleaned=3 # scan_time=3654 C:\Qoobox\Quarantine\C\Users\Work\AppData\Local\RivalGaming\RiVAlgaming.dll.vir a variant of Win32/Adware.Gamevance.CG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Work\AppData\Local\RivalGaming\Uninstaller.exe a variant of Win32/Adware.Gamevance.CJ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Work\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com\components\xpcomponent.dll probably a variant of Win32/Adware.Gamevance.CI application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C And this is from the DDS tool: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by Victor at 9:30:31 on 2012-08-20 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.1876 [GMT -4:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\SymcPCCULaunchSvc.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\windows\system32\taskhost.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\windows\system32\igfxext.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\wuauclt.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\windows\system32\NOTEPAD.EXE C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\splwow64.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://start.toshiba.com/g/ uInternet Settings,ProxyOverride = <local> BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} uRun: [googletalk] C:\Users\Victor\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\Users\Victor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ZMatrix.lnk - C:\Program Files (x86)\ZMatrix\matrix.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{14EABF20-F0D0-4C39-AEE4-8011AC8DBA70} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{14EABF20-F0D0-4C39-AEE4-8011AC8DBA70}\25544454F51424F5F4 : DhcpNameServer = 192.168.42.1 192.168.100.1 8.8.8.8 TCP: Interfaces\{14EABF20-F0D0-4C39-AEE4-8011AC8DBA70}\453435 : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{14EABF20-F0D0-4C39-AEE4-8011AC8DBA70}\74D423 : DhcpNameServer = 200.222.145.86 200.165.132.148 192.168.0.1 TCP: Interfaces\{14EABF20-F0D0-4C39-AEE4-8011AC8DBA70}\96E63796768647F577966696F503930303 : DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62 TCP: Interfaces\{19B60485-C4A3-4538-94A8-EA2FA468DC7C} : DhcpNameServer = 209.18.47.61 209.18.47.62 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO-X64: WeCareReminder - No File BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
  10. Hi Maurice, I checked and I'm pretty sure that I copy & pasted everything in the log file. I'm attaching it again though just in case. I had absolutely ZERO problems today, so I'm very hopeful that domainadvisor is gone! Knock on wood.....I must wait longer before I make a final judgement call. ComboFix.txt
  11. Hi Maurice, I did everything from your last message this morning. Here is the C:/Combofix.txt log: ComboFix 12-08-17.03 - Victor 08/18/2012 11:38:09.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2545 [GMT -4:00] Running from: C:\Users\Victor\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\ProgramData\ReadOnlyInstaller.msi C:\ProgramData\uninstaller.exe C:\Users\Work\AppData\Local\RivalGaming\RiVAlgaming.dll ((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 ))))))))))))))))))))))))))))))) It's too early to say if my computer is FINALLY free of domainadvisor, but so far so good
  12. Hi Maurice, As always, thanks for your help. I haven’t had a chance to post in awhile because I normally work during the week, and I’m not on my computer very often until the weekend. I just found your latest instructions though, and followed them. As for whether or not the domainadvisor issue is long gone, I still can’t give you a definitive yes. I thought last Sunday it was gone, as I was no longer being redirected, but my laptop is acting…..funny now. It won’t stay powered on, even though the AC adaptor is plugged in. I’m not experiencing any power surges or problems with my power, and there’s not issue with the laptop batter because I normally don’t keep it in the laptop when it’s plugged into the wall. I never had any problems with my computer suddenly shutting down by itself until I got this virus, so I find it too much of a coincidence to be a power issue/AC adaptor issue. For this reason, I still think it’s a virus issue that’s causing my laptop to suddenly shutdown by itself at random times (literally, it’ll shut down after 10 minutes sometimes, other times it’ll work fine for 5 HOURS before shutting down), but I really don’t know. I could just have enormously bad luck, and the same time I got the domainadvisor virus, my AC adapter could’ve gotten a problem sending power to my laptop. Anyway, here are the latest logs you’ve requested. Thanks again From the Security check: Results of screen317's Security Check version 0.99.44 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 JavaFX 2.1.1 Java 6 Update 17 Java 7 Update 5 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Reader X 10.1.3 Adobe Reader out of Date! Mozilla Firefox (14.0.1) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` From the FSS log: Farbar Service Scanner Version: 06-08-2012 Ran by Victor (administrator) on 16-08-2012 at 22:20:48 Running from "C:\Users\Victor\Desktop" Microsoft Windows 7 Home Premium (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys [2012-07-27 12:18] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2012-07-27 12:18] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0 C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll [2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3 C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll [2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5 C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll [2012-07-27 12:18] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** Here are the two logs created by DDS . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by Victor at 22:22:40 on 2012-08-16 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2144 [GMT -4:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\SymcPCCULaunchSvc.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe C:\windows\system32\svchost.exe -k imgsvc C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\taskhost.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\windows\system32\igfxext.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\windows\system32\wuauclt.exe C:\windows\system32\svchost.exe -k defragsvc C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe C:\windows\SysWOW64\notepad.exe C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE C:\windows\splwow64.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\svchost.exe -k SDRSVC C:\windows\system32\vssvc.exe C:\windows\SysWOW64\notepad.exe C:\windows\System32\svchost.exe -k swprv C:\windows\servicing\TrustedInstaller.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\wuauclt.exe C:\windows\system32\SearchFilterHost.exe C:\windows\SoftwareDistribution\Download\Install\mpas-d_bd_1.131.1768.0.exe c:\48e36c7152e01b6f9b\MpMiniSigStub.exe C:\windows\system32\MpSigStub.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://start.toshiba.com/g/ uDefault_Page_URL = hxxp://start.toshiba.com/g/ uInternet Settings,ProxyOverride = <local> mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RivalGaming Games: {26d675ac-d925-4bbf-a720-62c2aa4a81eb} - C:\Users\Work\AppData\Local\RivalGaming\RivalGaming.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [googletalk] C:\Users\Victor\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart uRunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe -update plugin mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{14EABF20-F0D0-4C39-AEE4-8011AC8DBA70} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{14EABF20-F0D0-4C39-AEE4-8011AC8DBA70}\25544454F51424F5F4 : DhcpNameServer = 192.168.42.1 192.168.100.1 8.8.8.8 TCP: Interfaces\{14EABF20-F0D0-4C39-AEE4-8011AC8DBA70}\453435 : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{14EABF20-F0D0-4C39-AEE4-8011AC8DBA70}\74D423 : DhcpNameServer = 200.222.145.86 200.165.132.148 192.168.0.1 TCP: Interfaces\{14EABF20-F0D0-4C39-AEE4-8011AC8DBA70}\96E63796768647F577966696F503930303 : DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62 TCP: Interfaces\{19B60485-C4A3-4538-94A8-EA2FA468DC7C} : DhcpNameServer = 209.18.47.61 209.18.47.62 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: RivalGaming Games: {26D675AC-D925-4bbf-A720-62C2AA4A81EB} - C:\Users\Work\AppData\Local\RivalGaming\RivalGaming.dll BHO-X64: RivalGaming Games - No File BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO-X64: WeCareReminder - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\034wfyfp.default\ FF - prefs.js: browser.startup.homepage - www.asiafinest.com FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bcb0ca02d-7115-4e6a-8ed3-4eb5babde760%7D&mid=863ffc3fce5847d0ab0cb1a22f153dfb-1f6330eb42dd8974cb1bd46fd9b683e109e7d073&ds=gf011&v=12.1.0.21〈=en&pr=sa&d=2012-07-27%2020%3A16%3A39&sap=ku&q= FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R1 avgtp;avgtp;\??\C:\windows\system32\drivers\avgtpx64.sys --> C:\windows\system32\drivers\avgtpx64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-27 655944] R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\SymcPCCULaunchSvc.exe [2012-7-27 115056] R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe [2012-7-27 126392] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-27 2320920] R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-7-27 830048] R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?] R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys --> C:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [?] R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?] R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?] R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?] R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-7-27 51512] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560] R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-27 113120] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-08-17 02:22:15 -------- d-----w- C:\48e36c7152e01b6f9b 2012-08-12 15:06:54 16200 ----a-w- C:\windows\stinger.sys 2012-08-12 15:06:03 -------- d-----w- C:\Program Files (x86)\stinger 2012-08-12 13:31:12 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-12 13:08:23 9133488 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C9113FFC-AE71-4D0D-8BAC-A10EA7A14272}\mpengine.dll 2012-08-04 20:44:39 -------- d-----w- C:\Users\Victor\AppData\Roaming\Tific 2012-08-04 20:44:39 -------- d-----w- C:\Users\Victor\AppData\Local\Tific 2012-08-04 04:49:55 -------- d-----w- C:\Users\Victor\AppData\Local\Diagnostics 2012-07-31 12:11:29 9133488 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-07-30 15:23:29 82944 ----a-w- C:\windows\System32\Spool\prtprocs\x64\CNMPP9H.DLL 2012-07-30 15:23:29 27648 ----a-w- C:\windows\System32\Spool\prtprocs\x64\CNMPD9H.DLL 2012-07-30 15:22:58 279040 ----a-w- C:\windows\System32\CNMLM9H.DLL 2012-07-30 05:26:11 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared 2012-07-30 05:25:59 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll 2012-07-30 05:25:59 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll 2012-07-30 00:49:10 163048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin 2012-07-28 23:53:46 -------- d-----w- C:\Users\Victor\AppData\Roaming\AnvSoft 2012-07-28 23:43:42 -------- d-----w- C:\Program Files (x86)\AnvSoft 2012-07-28 21:44:58 -------- d-----w- C:\Users\Victor\AppData\Roaming\Collaborate 2012-07-28 21:44:48 -------- d-----w- C:\Users\Victor\AppData\Roaming\Blackboard 2012-07-28 21:38:33 -------- d-----w- C:\Users\Victor\AppData\Local\Microsoft Games 2012-07-28 21:04:57 -------- d-----w- C:\Users\Victor\AppData\Local\Macromedia 2012-07-28 21:01:14 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-28 21:01:14 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-07-28 20:55:18 -------- d-----w- C:\Users\Victor\AppData\Local\Adobe 2012-07-28 06:41:29 -------- d-----w- C:\Program Files (x86)\VideoLAN 2012-07-28 06:41:12 33958 ----a-w- C:\ProgramData\uninstaller.exe 2012-07-28 06:41:10 -------- d-----w- C:\ProgramData\WeCareReminder 2012-07-28 06:40:55 -------- d-----w- C:\Program Files (x86)\Funmoods 2012-07-28 04:51:42 -------- d-----w- C:\Users\Victor\AppData\Roaming\.ZMatrix 2012-07-28 04:51:38 -------- d-----w- C:\Program Files (x86)\ZMatrix 2012-07-28 04:50:02 -------- d-----w- C:\ProgramData\blekko toolbars 2012-07-28 04:49:48 -------- d-----w- C:\Users\Victor\AppData\Local\blekkotb_031 2012-07-28 04:49:48 -------- d-----w- C:\ProgramData\Anti-phishing Domain Advisor 2012-07-28 01:15:03 -------- d-----w- C:\Users\Victor\OPEN ENGLISH 2012-07-28 01:15:03 -------- d-----w- C:\Users\Victor\NEW stuff 2012-07-28 00:26:33 -------- d-----w- C:\Program Files (x86)\DVD Shrink 2012-07-28 00:26:22 -------- d-----w- C:\Program Files (x86)\Oracle 2012-07-28 00:25:25 772544 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2012-07-28 00:25:25 687544 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-07-28 00:19:54 -------- d-----w- C:\ProgramData\MagicSoftware 2012-07-28 00:19:46 -------- d-----w- C:\Users\Victor\AppData\Local\MagicSoftware 2012-07-28 00:19:45 -------- d-----w- C:\Program Files (x86)\MagicDVDRipper 2012-07-28 00:16:52 -------- d-----w- C:\Users\Victor\AppData\Local\AVG Secure Search 2012-07-28 00:16:46 -------- d-----w- C:\ProgramData\AVG Secure Search 2012-07-28 00:16:46 -------- d-----w- C:\Program Files (x86)\BurnAware Free 2012-07-28 00:16:39 31080 ----a-w- C:\windows\System32\drivers\avgtpx64.sys 2012-07-28 00:16:37 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search 2012-07-28 00:16:37 -------- d-----w- C:\Program Files (x86)\AVG Secure Search 2012-07-28 00:15:21 -------- d--h--w- C:\ProgramData\Common Files 2012-07-28 00:14:15 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync 2012-07-28 00:10:32 -------- d-----w- C:\Users\Victor\AppData\Roaming\Malwarebytes 2012-07-28 00:10:24 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-28 00:10:23 24904 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-07-28 00:10:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-28 00:00:22 -------- d-----r- C:\Program Files (x86)\Skype 2012-07-27 23:53:16 -------- d-----w- C:\Users\Victor\AppData\Local\Mozilla 2012-07-27 21:37:28 -------- d-----w- C:\ProgramData\WildTangent 2012-07-27 21:37:28 -------- d-----w- C:\Program Files (x86)\TOSHIBA Games 2012-07-27 21:31:04 35008 ----a-w- C:\windows\System32\drivers\PGEffect.sys 2012-07-27 21:27:30 24576 ----a-w- C:\windows\SysWow64\TSCI.dll 2012-07-27 21:27:30 24576 ----a-w- C:\windows\SysWow64\THCI.dll 2012-07-27 21:26:06 -------- d-----w- C:\Program Files (x86)\Realtek WLAN Driver 2012-07-27 21:25:58 -------- d-----w- C:\Program Files (x86)\Cisco 2012-07-27 21:24:50 -------- d-----w- C:\windows\SysWow64\Atheros_L1e 2012-07-27 21:24:34 -------- d-----w- C:\Program Files\Synaptics 2012-07-27 21:24:18 8038944 ----a-w- C:\windows\System32\RTSUSTORicon.dll 2012-07-27 21:24:10 8038944 ----a-w- C:\windows\SysWow64\RtsUStoricon.dll 2012-07-27 21:24:10 422432 ----a-w- C:\windows\System32\RtsUStor.dll 2012-07-27 21:24:10 239136 ----a-w- C:\windows\System32\drivers\RtsUStor.sys 2012-07-27 21:24:10 -------- d-----w- C:\Program Files (x86)\Realtek 2012-07-27 21:22:04 -------- d-----w- C:\Program Files\CONEXANT 2012-07-27 21:19:54 540696 ----a-w- C:\windows\System32\drivers\iaStor.sys 2012-07-27 21:16:43 -------- d-----w- C:\Intel 2012-07-27 21:16:13 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent 2012-07-27 18:46:48 279656 ------w- C:\windows\System32\MpSigStub.exe 2012-07-27 18:44:30 -------- d--h--w- C:\windows\msdownld.tmp 2012-07-27 18:41:50 -------- d-----w- C:\windows\System32\drivers\NortonPCCheckupx64\0200050.03C 2012-07-27 18:41:50 -------- d-----w- C:\windows\System32\drivers\NortonPCCheckupx64 2012-07-27 18:41:49 -------- d-----w- C:\ProgramData\Norton 2012-07-27 18:41:49 -------- d-----w- C:\Program Files (x86)\Norton PC Checkup 2012-07-27 18:41:46 -------- d-----w- C:\ProgramData\NortonInstaller 2012-07-27 18:41:46 -------- d-----w- C:\Program Files (x86)\NortonInstaller 2012-07-27 18:41:39 -------- d-----w- C:\Program Files (x86)\Toshiba Online Backup 2012-07-27 18:41:19 -------- d-----w- C:\Program Files (x86)\TOSHIBA Corporation 2012-07-27 17:19:44 -------- d-----w- C:\bb09752b29c2c2eb4dcd8ecb 2012-07-27 17:11:53 -------- d-----w- C:\a80f1e2482abe34001 2012-07-27 17:09:42 -------- d-----w- C:\Users\Victor\AppData\Local\WindowsUpdate 2012-07-27 17:08:54 -------- d-----w- C:\Users\Victor\AppData\Local\Google 2012-07-27 17:01:55 -------- d-----w- C:\windows\SysWow64\Wat 2012-07-27 17:01:55 -------- d-----w- C:\windows\System32\Wat 2012-07-27 16:55:34 367104 ----a-w- C:\windows\System32\wcncsvc.dll 2012-07-27 16:55:34 276992 ----a-w- C:\windows\SysWow64\wcncsvc.dll 2012-07-27 16:52:27 3147264 ----a-w- C:\windows\System32\win32k.sys 2012-07-27 16:32:22 99176 ----a-w- C:\windows\SysWow64\PresentationHostProxy.dll 2012-07-27 16:32:22 49472 ----a-w- C:\windows\SysWow64\netfxperf.dll 2012-07-27 16:32:22 48960 ----a-w- C:\windows\System32\netfxperf.dll 2012-07-27 16:32:22 444752 ----a-w- C:\windows\System32\mscoree.dll 2012-07-27 16:32:22 320352 ----a-w- C:\windows\System32\PresentationHost.exe 2012-07-27 16:32:22 297808 ----a-w- C:\windows\SysWow64\mscoree.dll 2012-07-27 16:32:22 295264 ----a-w- C:\windows\SysWow64\PresentationHost.exe 2012-07-27 16:32:22 1942856 ----a-w- C:\windows\System32\dfshim.dll 2012-07-27 16:32:22 1130824 ----a-w- C:\windows\SysWow64\dfshim.dll 2012-07-27 16:32:22 109912 ----a-w- C:\windows\System32\PresentationHostProxy.dll 2012-07-27 16:24:38 80896 ----a-w- C:\windows\System32\imagehlp.dll 2012-07-27 16:24:38 5120 ----a-w- C:\windows\SysWow64\wmi.dll 2012-07-27 16:24:38 5120 ----a-w- C:\windows\System32\wmi.dll 2012-07-27 16:24:38 22896 ----a-w- C:\windows\System32\drivers\fs_rec.sys 2012-07-27 16:24:38 220672 ----a-w- C:\windows\System32\wintrust.dll 2012-07-27 16:24:38 172544 ----a-w- C:\windows\SysWow64\wintrust.dll 2012-07-27 16:24:38 158720 ----a-w- C:\windows\SysWow64\imagehlp.dll 2012-07-27 16:21:57 509952 ----a-w- C:\windows\System32\ntshrui.dll 2012-07-27 16:20:02 264192 ----a-w- C:\windows\System32\upnp.dll 2012-07-27 16:20:01 442880 ----a-w- C:\windows\System32\winhttp.dll 2012-07-27 16:20:01 204288 ----a-w- C:\windows\SysWow64\upnp.dll 2012-07-27 16:18:59 3213824 ----a-w- C:\windows\System32\msi.dll 2012-07-27 16:02:23 -------- d-----w- C:\Users\Victor\AppData\Local\TOSHIBA_Corporation 2012-07-27 16:00:17 826368 ----a-w- C:\windows\SysWow64\rdpcore.dll 2012-07-27 16:00:17 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys 2012-07-27 16:00:17 1031680 ----a-w- C:\windows\System32\rdpcore.dll 2012-07-27 15:58:37 -------- d-----w- C:\Users\Victor\AppData\Local\Toshiba 2012-07-27 15:57:44 -------- d-----w- C:\Users\Victor\AppData\Local\VirtualStore 2012-07-27 15:57:20 13 --sh--r- C:\windows\System32\drivers\fbd.sys 2012-07-27 15:56:41 2622464 ----a-w- C:\windows\System32\wucltux.dll 2012-07-27 15:56:41 -------- d-----w- C:\Users\Victor\AppData\Roaming\WinBatch 2012-07-27 15:56:20 99840 ----a-w- C:\windows\System32\wudriver.dll 2012-07-27 15:56:00 36864 ----a-w- C:\windows\System32\wuapp.exe 2012-07-27 15:56:00 186752 ----a-w- C:\windows\System32\wuwebv.dll . ==================== Find3M ==================== . 2012-07-12 14:29:52 4534272 ----a-w- C:\ProgramData\ReadOnlyInstaller.msi 2012-06-06 05:50:50 2003968 ----a-w- C:\windows\System32\msxml6.dll 2012-06-06 05:50:50 1880064 ----a-w- C:\windows\System32\msxml3.dll 2012-06-06 05:09:46 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll 2012-06-06 05:09:46 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll 2012-06-02 05:38:26 95088 ----a-w- C:\windows\System32\drivers\ksecdd.sys 2012-06-02 05:38:24 152432 ----a-w- C:\windows\System32\drivers\ksecpkg.sys 2012-06-02 05:37:45 459216 ----a-w- C:\windows\System32\drivers\cng.sys 2012-06-02 05:27:02 340992 ----a-w- C:\windows\System32\schannel.dll 2012-06-02 05:27:00 307200 ----a-w- C:\windows\System32\ncrypt.dll 2012-06-02 04:48:39 22016 ----a-w- C:\windows\SysWow64\secur32.dll 2012-06-02 04:48:35 225280 ----a-w- C:\windows\SysWow64\schannel.dll 2012-06-02 04:47:31 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll 2012-06-02 04:42:51 96768 ----a-w- C:\windows\SysWow64\sspicli.dll . ============= FINISH: 22:24:12.78 =============== And: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 7/27/2012 11:55:34 AM System Uptime: 8/16/2012 10:09:42 PM (0 hours ago) . Motherboard: Intel Corp. | | Base Board Product Name Processor: Intel® Pentium® CPU P6200 @ 2.13GHz | CPU | 2133/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 453 GiB total, 293.176 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP20: 8/12/2012 9:07:36 AM - Windows Update RP21: 8/16/2012 10:21:58 PM - Windows Update . ==== Installed Programs ====================== . Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) Amazon Links Anti-phishing Domain Advisor Any Video Converter 3.4.0 ASPCA Reminder by We-Care.com v4.1.17.1 Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver AVG Security Toolbar Bejeweled 2 Deluxe BurnAware Free 5.0.1 Cake Mania - Lights, Camera, Action! Chuzzle Deluxe Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module D3DX10 DVD Shrink 3.2 ERUNT 1.1j FATE - The Traitor Soul Funmoods Web Search Google Talk (remove only) Google Update Helper Governor of Poker 2 Premium Edition Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® Rapid Storage Technology Java Auto Updater Java 6 Update 17 Java 7 Update 5 JavaFX 2.1.1 Jewel Quest - Heritage Junk Mail filter update Label@Once 1.0 Magic DVD Ripper V7.0.0 Malwarebytes Anti-Malware version 1.62.0.1300 Mesh Runtime Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 Mystery P.I. - The London Caper Opera 12.00 Plants vs. Zombies - Game of the Year PlayReady PC Runtime x86 Polar Bowler RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek USB 2.0 Card Reader Realtek WLAN Driver RealUpgrade 1.1 Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Skype™ 5.10 Slingo Supreme Toshiba App Place TOSHIBA Application Installer TOSHIBA Assist Toshiba Book Place TOSHIBA Bulletin Board TOSHIBA eco Utility TOSHIBA Face Recognition TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Laptop Checkup TOSHIBA Media Controller TOSHIBA Media Controller Plug-in Toshiba Online Backup TOSHIBA Quality Application TOSHIBA ReelTime TOSHIBA Service Station TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA Web Camera Application ToshibaRegistration Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VLC media player 2.0.0 WildTangent Games WildTangent ORB Game Console Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.20 (32-bit) ZMatrix 1.4.8 . ==== Event Viewer Messages From Past Week ======== . 8/9/2012 3:00:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. 8/12/2012 8:58:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 8/12/2012 8:57:16 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 8/12/2012 8:57:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 8/12/2012 8:57:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 8/12/2012 8:57:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 8/12/2012 8:57:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 8/12/2012 8:57:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/12/2012 8:57:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 8/12/2012 8:56:56 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 8/12/2012 8:56:53 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/12/2012 8:56:53 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/12/2012 8:56:53 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 8/12/2012 8:56:53 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/12/2012 8:56:53 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/12/2012 8:56:53 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 8/12/2012 8:56:53 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/12/2012 8:56:53 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/12/2012 8:56:53 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/12/2012 8:56:53 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. . ==== End Of File ===========================
  13. Hi Maurice, SystemLook log: SystemLook 30.07.11 by jpshortstuff Log created at 21:17 on 12/08/2012 by Victor Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. ========== filefind ========== Searching for "*TecoService*" No files found. -= EOF =-
  14. Stinger log: McAfee® Labs Stinger™ Version 10.2.0.735 built on Aug 10 2012 Copyright © 2012 McAfee, Inc. All Rights Reserved. Virus data file v1000.0000 created on Aug 10 2012. Ready to scan for 4827 viruses, trojans and variants. Scan initiated on Sun Aug 12 11:06:49 2012 Rootkit scan result : Not Scanned Master Boot Record(s):....1 Possibly Infected:.............0 Boot Sector(s):.................1 Possibly Infected: ............0 Number of clean files: 18120 MBAM log: Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.12.04 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Victor :: VICTOR-PC [administrator] Protection: Enabled 8/12/2012 11:14:11 AM mbam-log-2012-08-12 (11-14-11).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 475952 Time elapsed: 46 minute(s), 25 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) THANKS SO MUCH FOR THE HELP! So far so good. I will post again soon with another report after I've been using my computer for a few hours. Again though, my only concern right now is the Toshiba eco Utility Service, which gives me an error message when I start the computer. But of course, that's not really a big deal
  15. 2 RKreports were created after the last step. I'm posting the most recent RogueKiller V7.6.6 [08/10/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User: Victor [Admin rights] Mode: Remove -- Date: 08/12/2012 10:36:26 ¤¤¤ Bad processes: 1 ¤¤¤ [sUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 8 ¤¤¤ [sUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") -> DELETED [sUSP PATH] RGames Updater.job @ : C:\Users\Work\AppData\Local\RivalGaming\Updater.exe -> DELETED [sUSP PATH] RGames Updater.job @ : C:\Users\Work\AppData\Local\RivalGaming\Updater.exe -> DELETED [sUSP PATH] DesktopVideoPlayer.lnk @Work : C:\Users\Work\AppData\Local\vghd\bin\vghd.exe -> DELETED [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0) [HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK5065GSXN +++++ --- User --- [MBR] f2e70c56f5b165a2ac0e0af253223bfd [bSP] 0013612b643f43c1e16d704f4517ab9c : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 463437 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 952193024 | Size: 12002 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt