Browser search links hijacked

Jacee · 11 Jul 2011

I'd like you to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
1. Click on to download the ESET Smart Installer. Save it to your desktop.
2. Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

trie66 · 11 Jul 2011

There were no threats found, so nothing to download.
I attached a screen shot of result.

Thank you,

Jacee · 11 Jul 2011

Let me say this about that ....

Are you in the 'real estate' business?
Have you put these items in your "trusted Zone?
Trusted Zone: mlxchange.com\wpn
Trusted Zone: msn.com\dell
Trusted Zone: realtytools.com
Trusted Zone: Tabshttp://wpn.mlxchange.com/5.1.01.9506/Tools/ImageLink/ImageEditDlg.asp
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
Trusted Zone: trueforms.com\*
Trusted Zone: trueforms.com\www
Trusted Zone: trueformsonline.com\*
Trusted Zone: trueformsonline.com\www

If you have, please remove them by following this tutorial
Internet Explorer Security Zones - Add or Remove Sites
You shouldn't have anything listed there unless it's your personal Banking account or Windows update.

I would like you to uninstall FreeFixer, RegCure, FixCleaner and TelevisionFanatic.

Next, uninstall Combofix:
Go to Start---> Run Command ---> In the space provided, type ComboFix /u and press the Enter Key.

Now, download ( or run TFC by OldTimer) TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Okay, now ... if you are still being redirected

Download random's system information RSIT
http://images.malwareremoval.com/random/RSIT.exe
It is important that is saved to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

trie66 · 12 Jul 2011

1) yes in the Real Estate business.
2) I removed the url's from the Trusted Zone. Thank you clarifying what should go in the Trusted Zone.
3)Regarding FreeFixer, RegCure, FixCleaner; they do not appear in the Programs and Features so I do not know how else to uninstall them. I thought that I unistalled them a few days ago.
Regarding TelevisionFanatic; when I click to unistall it indicates that there is trouble starting 64bar.dll
4) Can't remove ComboFix. It does not bring up the panel as I found on the ComboFix site. Went out there to see if I could get a better explanation as to why it won't uninstall.

The redirect is still present.

I ran RSIT as instructed and logs are below.
Thank you for your continued support and persistance.

Code:

 
Logfile of random's system information tool 1.09 (written by random/random)
Run by Cathy at 2011-07-12 21:03:25
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 243 GB (84%) free of 290 GB
Total RAM: 6104 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:03:31 PM, on 7/12/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Cathy\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Cathy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
O2 - BHO: Search Assistant BHO - {5d79f641-c168-40df-a32f-bacea7509e75} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Toolbar BHO - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {61BB6943-A0FF-4637-AA85-47290BDE178E} (TFLauncherCtrl Class) - https://www.trueformsonline.com/Down...tflauncher.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://wpn.mlxchange.com/5.1.01.9506...l/IRCSharc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.northwood.com/_include/co...eUploader4.cab
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: dleaCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe
O23 - Service: dlea_device - - C:\Windows\system32\dleacoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12727 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1004034769-3964568363-3058316472-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1004034769-3964568363-3058316472-1000UA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\wv4gzxua.default
"64ffxtbr@TelevisionFanatic.com"=C:\Program Files (x86)\TelevisionFanatic\bar\1.bin
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
 
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@oberon-media.com/ONCAdapter]
"Description"=Oberon com adapter plugin
"Path"=C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@TelevisionFanatic.com/Plugin]
"Description"=TelevisionFanatic Plugin
"Path"=C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
wikipedia.xml
yahoo.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09B71986-2AC5-482d-B6CB-42EA34F4F85B}]
Dell Toolbar - C:\Program Files\Dell Printable Web\toolband.dll [2008-12-10 253952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d79f641-c168-40df-a32f-bacea7509e75}]
Search Assistant BHO
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [2011-04-26 1007160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL [2010-02-28 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb41fc95-f1b3-4797-8bb6-1012ff62abba}]
Toolbar BHO
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{09B71986-2AC5-482d-B6CB-42EA34F4F85B} - Dell Toolbar - C:\Program Files\Dell Printable Web\toolband.dll [2008-12-10 253952]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"=C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [2010-02-09 1807680]
"PDVDDXSrv"=C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2009-12-29 140520]
"Dell Webcam Central"=C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [2009-06-24 409744]
"Desktop Disc Tool"=c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [2009-06-18 494064]
"DellSupportCenter"=C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
""C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe""=C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [2010-10-01 560128]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2010-11-10 4240760]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-02-28 39408]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-06-30 2988928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWow64\webcheck.dll [2010-11-20 229376]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoBandCustomize"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoBandCustomize"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2011-07-12 21:03:25 ----D---- C:\rsit
2011-07-12 21:03:25 ----D---- C:\Program Files (x86)\trend micro
2011-07-12 20:44:25 ----SD---- C:\32788R22FWJFW
2011-07-12 14:36:04 ----A---- C:\Windows\SysWOW64\KernelBase.dll
2011-07-12 14:36:03 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-12 14:36:03 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-12 14:36:03 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-12 14:36:03 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-12 14:36:03 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-12 14:36:03 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-12 14:36:03 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-12 14:36:03 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-12 14:36:03 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-12 14:36:03 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-12 14:36:00 ----AH---- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-12 14:36:00 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-12 14:36:00 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 14:36:00 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-12 14:36:00 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-12 14:36:00 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-12 14:36:00 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-12 14:36:00 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-12 14:36:00 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-12 14:36:00 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-12 14:36:00 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-12 14:36:00 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-12 14:36:00 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-12 14:36:00 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-12 14:36:00 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-12 14:36:00 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-12 14:36:00 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-12 14:36:00 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-12 14:35:44 ----A---- C:\Windows\SysWOW64\wow32.dll
2011-07-12 14:35:44 ----A---- C:\Windows\SysWOW64\setup16.exe
2011-07-12 14:35:44 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2011-07-12 14:35:44 ----A---- C:\Windows\SysWOW64\kernel32.dll
2011-07-12 14:35:44 ----A---- C:\Windows\SysWOW64\instnm.exe
2011-07-12 14:35:42 ----A---- C:\Windows\SysWOW64\user.exe
2011-07-07 21:50:43 ----D---- C:\Users\Cathy\AppData\Roaming\SUPERAntiSpyware.com
2011-07-07 21:33:50 ----A---- C:\Windows\SysWOW64\aswBoot.exe
2011-07-07 21:33:50 ----A---- C:\Windows\avastSS.scr
2011-07-07 21:19:51 ----D---- C:\Windows\temp
2011-07-07 21:19:31 ----A---- C:\ComboFix.txt
2011-07-07 21:18:20 ----SHD---- C:\$RECYCLE.BIN
2011-07-07 20:24:53 ----D---- C:\cComboFix4855c
2011-07-05 22:38:05 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-05 21:11:26 ----A---- C:\Windows\zip.exe
2011-07-05 21:11:26 ----A---- C:\Windows\SWSC.exe
2011-07-05 21:11:26 ----A---- C:\Windows\SWREG.exe
2011-07-05 21:11:26 ----A---- C:\Windows\sed.exe
2011-07-05 21:11:26 ----A---- C:\Windows\PEV.exe
2011-07-05 21:11:26 ----A---- C:\Windows\NIRCMD.exe
2011-07-05 21:11:26 ----A---- C:\Windows\MBR.exe
2011-07-05 21:11:26 ----A---- C:\Windows\grep.exe
2011-07-05 21:10:17 ----D---- C:\cComboFix2785c
2011-07-05 21:07:23 ----D---- C:\cComboFix16726c
2011-07-05 21:05:03 ----D---- C:\Qoobox
2011-07-04 12:53:36 ----D---- C:\Users\Cathy\AppData\Roaming\FreeFixer
2011-07-04 11:20:21 ----A---- C:\Windows\nsreg.dat
2011-07-04 11:20:20 ----D---- C:\Users\Cathy\AppData\Roaming\Mozilla
2011-07-04 11:20:12 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-07-03 23:23:04 ----D---- C:\MGtools
2011-07-03 19:08:14 ----D---- C:\ProgramData\RegCure
2011-07-03 18:10:20 ----D---- C:\cComboFix22287c
2011-07-03 18:05:47 ----D---- C:\Users\Cathy\AppData\Roaming\FixCleaner
2011-07-03 18:05:37 ----D---- C:\Program Files (x86)\FixCleaner
2011-07-03 14:03:39 ----D---- C:\Windows\ERDNT
2011-07-03 14:03:30 ----D---- C:\cComboFix
2011-07-02 23:37:22 ----D---- C:\587fdcd6432f26a1a7
2011-07-02 23:32:51 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI
2011-07-02 15:39:58 ----D---- C:\Users\Cathy\AppData\Roaming\Windows Live Writer
2011-07-02 14:30:43 ----D---- C:\Users\Cathy\AppData\Roaming\Malwarebytes
2011-07-02 14:30:34 ----D---- C:\ProgramData\Malwarebytes
2011-07-02 02:45:48 ----A---- C:\Windows\SysWOW64\dfshim.dll
2011-07-02 02:45:41 ----A---- C:\Windows\SysWOW64\mstscax.dll
2011-07-02 02:45:39 ----A---- C:\Windows\SysWOW64\d3d10warp.dll
2011-07-02 02:45:38 ----A---- C:\Windows\SysWOW64\mfc40u.dll
2011-07-02 02:45:38 ----A---- C:\Windows\SysWOW64\mfc40.dll
2011-07-02 02:45:31 ----A---- C:\Windows\SysWOW64\shell32.dll
2011-07-02 02:45:31 ----A---- C:\Windows\SysWOW64\secproc_isv.dll
2011-07-02 02:45:30 ----A---- C:\Windows\SysWOW64\secproc.dll
2011-07-02 02:45:30 ----A---- C:\Windows\SysWOW64\RMActivate_isv.exe
2011-07-02 02:45:29 ----A---- C:\Windows\SysWOW64\RMActivate.exe
2011-07-02 02:45:27 ----A---- C:\Windows\SysWOW64\mscoree.dll
2011-07-02 02:45:26 ----A---- C:\Windows\SysWOW64\mf.dll
2011-07-02 02:45:25 ----A---- C:\Windows\SysWOW64\CertEnroll.dll
2011-07-02 02:45:24 ----A---- C:\Windows\SysWOW64\wmp.dll
2011-07-02 02:45:23 ----A---- C:\Windows\SysWOW64\PresentationHostProxy.dll
2011-07-02 02:45:23 ----A---- C:\Windows\SysWOW64\PresentationHost.exe
2011-07-02 02:45:20 ----A---- C:\Windows\SysWOW64\RacEngn.dll
2011-07-02 02:45:19 ----A---- C:\Windows\SysWOW64\AuthFWSnapin.dll
2011-07-02 02:45:16 ----A---- C:\Windows\SysWOW64\ExplorerFrame.dll
2011-07-02 02:45:15 ----A---- C:\Windows\SysWOW64\ole32.dll
2011-07-02 02:45:13 ----A---- C:\Windows\SysWOW64\vssapi.dll
2011-07-02 02:45:13 ----A---- C:\Windows\SysWOW64\SearchFolder.dll
2011-07-02 02:45:13 ----A---- C:\Windows\SysWOW64\d3d9.dll
2011-07-02 02:45:12 ----A---- C:\Windows\SysWOW64\taskschd.dll
2011-07-02 02:45:11 ----A---- C:\Windows\SysWOW64\mstsc.exe
2011-07-02 02:45:11 ----A---- C:\Windows\SysWOW64\crypt32.dll
2011-07-02 02:45:09 ----A---- C:\Windows\SysWOW64\wer.dll
2011-07-02 02:45:09 ----A---- C:\Windows\SysWOW64\ntdll.dll
2011-07-02 02:45:09 ----A---- C:\Windows\SysWOW64\msxml6.dll
2011-07-02 02:45:09 ----A---- C:\Windows\SysWOW64\certcli.dll
2011-07-02 02:45:08 ----A---- C:\Windows\SysWOW64\dwmcore.dll
2011-07-02 02:45:07 ----A---- C:\Windows\SysWOW64\tcpmonui.dll
2011-07-02 02:45:07 ----A---- C:\Windows\SysWOW64\odbc32.dll
2011-07-02 02:45:07 ----A---- C:\Windows\SysWOW64\mstime.dll
2011-07-02 02:45:06 ----A---- C:\Windows\SysWOW64\TSWorkspace.dll
2011-07-02 02:45:06 ----A---- C:\Windows\SysWOW64\quartz.dll
2011-07-02 02:45:06 ----A---- C:\Windows\SysWOW64\dot3api.dll
2011-07-02 02:45:05 ----A---- C:\Windows\SysWOW64\winhttp.dll
2011-07-02 02:45:05 ----A---- C:\Windows\SysWOW64\tsmf.dll
2011-07-02 02:45:05 ----A---- C:\Windows\SysWOW64\setupapi.dll
2011-07-02 02:45:05 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2011-07-02 02:45:05 ----A---- C:\Windows\SysWOW64\apphelp.dll
2011-07-02 02:45:04 ----A---- C:\Windows\SysWOW64\MSVidCtl.dll
2011-07-02 02:45:04 ----A---- C:\Windows\SysWOW64\dbgeng.dll
2011-07-02 02:45:03 ----A---- C:\Windows\SysWOW64\WindowsCodecs.dll
2011-07-02 02:45:03 ----A---- C:\Windows\SysWOW64\netlogon.dll
2011-07-02 02:45:03 ----A---- C:\Windows\SysWOW64\netcfgx.dll
2011-07-02 02:45:03 ----A---- C:\Windows\SysWOW64\d3d11.dll
2011-07-02 02:45:02 ----A---- C:\Windows\SysWOW64\WMVDECOD.DLL
2011-07-02 02:45:02 ----A---- C:\Windows\SysWOW64\webio.dll
2011-07-02 02:45:01 ----A---- C:\Windows\SysWOW64\WsmSvc.dll
2011-07-02 02:45:01 ----A---- C:\Windows\SysWOW64\upnp.dll
2011-07-02 02:45:01 ----A---- C:\Windows\SysWOW64\schannel.dll
2011-07-02 02:45:01 ----A---- C:\Windows\SysWOW64\Query.dll
2011-07-02 02:45:01 ----A---- C:\Windows\SysWOW64\mmcndmgr.dll
2011-07-02 02:45:01 ----A---- C:\Windows\SysWOW64\DShowRdpFilter.dll
2011-07-02 02:45:01 ----A---- C:\Windows\SysWOW64\advapi32.dll
2011-07-02 02:45:00 ----A---- C:\Windows\SysWOW64\netfxperf.dll
2011-07-02 02:45:00 ----A---- C:\Windows\SysWOW64\msv1_0.dll
2011-07-02 02:45:00 ----A---- C:\Windows\SysWOW64\imapi2fs.dll
2011-07-02 02:44:59 ----A---- C:\Windows\SysWOW64\usp10.dll
2011-07-02 02:44:59 ----A---- C:\Windows\SysWOW64\shlwapi.dll
2011-07-02 02:44:59 ----A---- C:\Windows\SysWOW64\SessEnv.dll
2011-07-02 02:44:59 ----A---- C:\Windows\SysWOW64\PortableDeviceApi.dll
2011-07-02 02:44:59 ----A---- C:\Windows\SysWOW64\msdrm.dll
2011-07-02 02:44:59 ----A---- C:\Windows\SysWOW64\authui.dll
2011-07-02 02:44:58 ----A---- C:\Windows\SysWOW64\mcbuilder.exe
2011-07-02 02:44:58 ----A---- C:\Windows\SysWOW64\certmgr.dll
2011-07-02 02:44:57 ----A---- C:\Windows\SysWOW64\xpsservices.dll
2011-07-02 02:44:57 ----A---- C:\Windows\SysWOW64\WebClnt.dll
2011-07-02 02:44:57 ----A---- C:\Windows\SysWOW64\userenv.dll
2011-07-02 02:44:57 ----A---- C:\Windows\SysWOW64\comdlg32.dll
2011-07-02 02:44:56 ----A---- C:\Windows\SysWOW64\cmd.exe
2011-07-02 02:44:55 ----A---- C:\Windows\SysWOW64\win32spl.dll
2011-07-02 02:44:55 ----A---- C:\Windows\SysWOW64\propsys.dll
2011-07-02 02:44:55 ----A---- C:\Windows\SysWOW64\framedynos.dll
2011-07-02 02:44:54 ----A---- C:\Windows\SysWOW64\Wldap32.dll
2011-07-02 02:44:54 ----A---- C:\Windows\SysWOW64\mfds.dll
2011-07-02 02:44:53 ----A---- C:\Windows\SysWOW64\user32.dll
2011-07-02 02:44:53 ----A---- C:\Windows\SysWOW64\ncsi.dll
2011-07-02 02:44:53 ----A---- C:\Windows\SysWOW64\azroles.dll
2011-07-02 02:44:52 ----A---- C:\Windows\SysWOW64\themeui.dll
2011-07-02 02:44:52 ----A---- C:\Windows\SysWOW64\credui.dll
2011-07-02 02:44:52 ----A---- C:\Windows\splwow64.exe
2011-07-02 02:44:51 ----A---- C:\Windows\SysWOW64\wintrust.dll
2011-07-02 02:44:51 ----A---- C:\Windows\SysWOW64\taskeng.exe
2011-07-02 02:44:51 ----A---- C:\Windows\SysWOW64\spp.dll
2011-07-02 02:44:51 ----A---- C:\Windows\SysWOW64\msxml3.dll
2011-07-02 02:44:51 ----A---- C:\Windows\SysWOW64\mswsock.dll
2011-07-02 02:44:51 ----A---- C:\Windows\SysWOW64\mfreadwrite.dll
2011-07-02 02:44:51 ----A---- C:\Windows\SysWOW64\dxgi.dll
2011-07-02 02:44:51 ----A---- C:\Windows\SysWOW64\dhcpcore.dll
2011-07-02 02:44:51 ----A---- C:\Windows\SysWOW64\dbghelp.dll
2011-07-02 02:44:51 ----A---- C:\Windows\SysWOW64\basecsp.dll
2011-07-02 02:44:50 ----A---- C:\Windows\SysWOW64\taskcomp.dll
2011-07-02 02:44:50 ----A---- C:\Windows\SysWOW64\NaturalLanguage6.dll
2011-07-02 02:44:50 ----A---- C:\Windows\SysWOW64\evr.dll
2011-07-02 02:44:49 ----A---- C:\Windows\SysWOW64\WinSATAPI.dll
2011-07-02 02:44:49 ----A---- C:\Windows\SysWOW64\sqlsrv32.dll
2011-07-02 02:44:49 ----A---- C:\Windows\SysWOW64\calc.exe
2011-07-02 02:44:47 ----A---- C:\Windows\SysWOW64\ws2_32.dll
2011-07-02 02:44:47 ----A---- C:\Windows\SysWOW64\UIRibbon.dll
2011-07-02 02:44:47 ----A---- C:\Windows\SysWOW64\sxs.dll
2011-07-02 02:44:47 ----A---- C:\Windows\SysWOW64\stobject.dll
2011-07-02 02:44:47 ----A---- C:\Windows\SysWOW64\netshell.dll
2011-07-02 02:44:47 ----A---- C:\Windows\SysWOW64\ie4uinit.exe
2011-07-02 02:44:47 ----A---- C:\Windows\SysWOW64\gdi32.dll
2011-07-02 02:44:47 ----A---- C:\Windows\SysWOW64\cryptsvc.dll
2011-07-02 02:44:46 ----A---- C:\Windows\SysWOW64\prncache.dll
2011-07-02 02:44:46 ----A---- C:\Windows\SysWOW64\comctl32.dll
2011-07-02 02:44:45 ----A---- C:\Windows\SysWOW64\WSDApi.dll
2011-07-02 02:44:45 ----A---- C:\Windows\SysWOW64\wmpeffects.dll
2011-07-02 02:44:45 ----A---- C:\Windows\SysWOW64\rpchttp.dll
2011-07-02 02:44:45 ----A---- C:\Windows\SysWOW64\printui.dll
2011-07-02 02:44:45 ----A---- C:\Windows\SysWOW64\net1.exe
2011-07-02 02:44:45 ----A---- C:\Windows\SysWOW64\msi.dll
2011-07-02 02:44:44 ----A---- C:\Windows\SysWOW64\scansetting.dll
2011-07-02 02:44:43 ----A---- C:\Windows\SysWOW64\wpdshext.dll
2011-07-02 02:44:43 ----A---- C:\Windows\SysWOW64\WMVCORE.DLL
2011-07-02 02:44:43 ----A---- C:\Windows\SysWOW64\wlangpui.dll
2011-07-02 02:44:43 ----A---- C:\Windows\SysWOW64\webservices.dll
2011-07-02 02:44:43 ----A---- C:\Windows\SysWOW64\t2embed.dll
2011-07-02 02:44:43 ----A---- C:\Windows\SysWOW64\QSHVHOST.DLL
2011-07-02 02:44:43 ----A---- C:\Windows\SysWOW64\pnidui.dll
2011-07-02 02:44:43 ----A---- C:\Windows\SysWOW64\MMDevAPI.dll
2011-07-02 02:44:43 ----A---- C:\Windows\SysWOW64\davclnt.dll
2011-07-02 02:44:43 ----A---- C:\Windows\SysWOW64\aaclient.dll
2011-07-02 02:44:42 ----A---- C:\Windows\SysWOW64\wuapi.dll
2011-07-02 02:44:42 ----A---- C:\Windows\SysWOW64\wscapi.dll
2011-07-02 02:44:42 ----A---- C:\Windows\SysWOW64\SyncCenter.dll
2011-07-02 02:44:42 ----A---- C:\Windows\SysWOW64\netdiagfx.dll
2011-07-02 02:44:42 ----A---- C:\Windows\SysWOW64\fde.dll
2011-07-02 02:44:41 ----A---- C:\Windows\SysWOW64\winsta.dll
2011-07-02 02:44:41 ----A---- C:\Windows\SysWOW64\WinSCard.dll
2011-07-02 02:44:41 ----A---- C:\Windows\SysWOW64\rdpcore.dll
2011-07-02 02:44:41 ----A---- C:\Windows\SysWOW64\pla.dll
2011-07-02 02:44:41 ----A---- C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2011-07-02 02:44:41 ----A---- C:\Windows\SysWOW64\msasn1.dll
2011-07-02 02:44:40 ----A---- C:\Windows\SysWOW64\ntshrui.dll
2011-07-02 02:44:40 ----A---- C:\Windows\SysWOW64\imapi2.dll
2011-07-02 02:44:40 ----A---- C:\Windows\SysWOW64\iepeers.dll
2011-07-02 02:44:40 ----A---- C:\Windows\SysWOW64\gameux.dll
2011-07-02 02:44:40 ----A---- C:\Windows\SysWOW64\DXPTaskRingtone.dll
2011-07-02 02:44:39 ----A---- C:\Windows\SysWOW64\WMPEncEn.dll
2011-07-02 02:44:39 ----A---- C:\Windows\SysWOW64\winmm.dll
2011-07-02 02:44:39 ----A---- C:\Windows\SysWOW64\shsvcs.dll
2011-07-02 02:44:39 ----A---- C:\Windows\SysWOW64\onex.dll
2011-07-02 02:44:39 ----A---- C:\Windows\SysWOW64\netiohlp.dll
2011-07-02 02:44:39 ----A---- C:\Windows\SysWOW64\hbaapi.dll
2011-07-02 02:44:39 ----A---- C:\Windows\SysWOW64\autofmt.exe
2011-07-02 02:44:39 ----A---- C:\Windows\SysWOW64\autochk.exe
2011-07-02 02:44:38 ----A---- C:\Windows\SysWOW64\thumbcache.dll
2011-07-02 02:44:38 ----A---- C:\Windows\SysWOW64\samcli.dll
2011-07-02 02:44:38 ----A---- C:\Windows\SysWOW64\regapi.dll
2011-07-02 02:44:38 ----A---- C:\Windows\SysWOW64\proquota.exe
2011-07-02 02:44:38 ----A---- C:\Windows\SysWOW64\msutb.dll
2011-07-02 02:44:38 ----A---- C:\Windows\SysWOW64\msinfo32.exe
2011-07-02 02:44:38 ----A---- C:\Windows\SysWOW64\mimefilt.dll
2011-07-02 02:44:38 ----A---- C:\Windows\SysWOW64\ipsmsnap.dll
2011-07-02 02:44:38 ----A---- C:\Windows\SysWOW64\IPHLPAPI.DLL
2011-07-02 02:44:38 ----A---- C:\Windows\SysWOW64\autoconv.exe
2011-07-02 02:44:38 ----A---- C:\Windows\SysWOW64\AudioSes.dll
2011-07-02 02:44:37 ----A---- C:\Windows\SysWOW64\wcncsvc.dll
2011-07-02 02:44:37 ----A---- C:\Windows\SysWOW64\tcpipcfg.dll
2011-07-02 02:44:37 ----A---- C:\Windows\SysWOW64\srchadmin.dll
2011-07-02 02:44:37 ----A---- C:\Windows\SysWOW64\schtasks.exe
2011-07-02 02:44:37 ----A---- C:\Windows\SysWOW64\QAGENT.DLL
2011-07-02 02:44:37 ----A---- C:\Windows\SysWOW64\powercpl.dll
2011-07-02 02:44:37 ----A---- C:\Windows\SysWOW64\msihnd.dll
2011-07-02 02:44:37 ----A---- C:\Windows\SysWOW64\mscorier.dll
2011-07-02 02:44:37 ----A---- C:\Windows\SysWOW64\framedyn.dll
2011-07-02 02:44:37 ----A---- C:\Windows\SysWOW64\eapphost.dll
2011-07-02 02:44:37 ----A---- C:\Windows\SysWOW64\AuxiliaryDisplayCpl.dll
2011-07-02 02:44:36 ----A---- C:\Windows\SysWOW64\wdc.dll
2011-07-02 02:44:36 ----A---- C:\Windows\SysWOW64\StructuredQuery.dll
2011-07-02 02:44:36 ----A---- C:\Windows\SysWOW64\scesrv.dll
2011-07-02 02:44:36 ----A---- C:\Windows\SysWOW64\netid.dll
2011-07-02 02:44:36 ----A---- C:\Windows\SysWOW64\actxprxy.dll
2011-07-02 02:44:35 ----A---- C:\Windows\SysWOW64\WMNetMgr.dll
2011-07-02 02:44:35 ----A---- C:\Windows\SysWOW64\wlanpref.dll
2011-07-02 02:44:35 ----A---- C:\Windows\SysWOW64\Vault.dll
2011-07-02 02:44:35 ----A---- C:\Windows\SysWOW64\untfs.dll
2011-07-02 02:44:35 ----A---- C:\Windows\SysWOW64\RpcRtRemote.dll
2011-07-02 02:44:35 ----A---- C:\Windows\SysWOW64\Robocopy.exe
2011-07-02 02:44:35 ----A---- C:\Windows\SysWOW64\rastls.dll
2011-07-02 02:44:35 ----A---- C:\Windows\SysWOW64\nci.dll
2011-07-02 02:44:35 ----A---- C:\Windows\SysWOW64\licmgr10.dll
2011-07-02 02:44:33 ----A---- C:\Windows\SysWOW64\XpsRasterService.dll
2011-07-02 02:44:33 ----A---- C:\Windows\SysWOW64\userinit.exe
2011-07-02 02:44:33 ----A---- C:\Windows\SysWOW64\taskmgr.exe
2011-07-02 02:44:33 ----A---- C:\Windows\SysWOW64\puiobj.dll
2011-07-02 02:44:33 ----A---- C:\Windows\SysWOW64\mtxclu.dll
2011-07-02 02:44:33 ----A---- C:\Windows\SysWOW64\DxpTaskSync.dll
2011-07-02 02:44:33 ----A---- C:\Windows\SysWOW64\Display.dll
2011-07-02 02:44:32 ----A---- C:\Windows\SysWOW64\termmgr.dll
2011-07-02 02:44:32 ----A---- C:\Windows\SysWOW64\eudcedit.exe
2011-07-02 02:44:31 ----A---- C:\Windows\SysWOW64\wiadefui.dll
2011-07-02 02:44:31 ----A---- C:\Windows\SysWOW64\themecpl.dll
2011-07-02 02:44:31 ----A---- C:\Windows\SysWOW64\sppcomapi.dll
2011-07-02 02:44:31 ----A---- C:\Windows\SysWOW64\shsetup.dll
2011-07-02 02:44:31 ----A---- C:\Windows\SysWOW64\SensorsCpl.dll
2011-07-02 02:44:31 ----A---- C:\Windows\SysWOW64\rasppp.dll
2011-07-02 02:44:31 ----A---- C:\Windows\SysWOW64\logoncli.dll
2011-07-02 02:44:31 ----A---- C:\Windows\SysWOW64\FWPUCLNT.DLL
2011-07-02 02:44:31 ----A---- C:\Windows\SysWOW64\FirewallControlPanel.dll
2011-07-02 02:44:31 ----A---- C:\Windows\SysWOW64\dnscmmc.dll
2011-07-02 02:44:31 ----A---- C:\Windows\SysWOW64\cabview.dll
2011-07-02 02:44:30 ----A---- C:\Windows\SysWOW64\PhotoScreensaver.scr
2011-07-02 02:44:30 ----A---- C:\Windows\SysWOW64\hgcpl.dll
2011-07-02 02:44:29 ----A---- C:\Windows\SysWOW64\usercpl.dll
2011-07-02 02:44:29 ----A---- C:\Windows\SysWOW64\tapisrv.dll
2011-07-02 02:44:29 ----A---- C:\Windows\SysWOW64\SndVolSSO.dll
2011-07-02 02:44:29 ----A---- C:\Windows\SysWOW64\scecli.dll
2011-07-02 02:44:29 ----A---- C:\Windows\SysWOW64\PerfCenterCPL.dll
2011-07-02 02:44:29 ----A---- C:\Windows\SysWOW64\mscories.dll
2011-07-02 02:44:29 ----A---- C:\Windows\SysWOW64\mscms.dll
2011-07-02 02:44:29 ----A---- C:\Windows\SysWOW64\mprddm.dll
2011-07-02 02:44:29 ----A---- C:\Windows\SysWOW64\localsec.dll
2011-07-02 02:44:29 ----A---- C:\Windows\SysWOW64\iasacct.dll
2011-07-02 02:44:29 ----A---- C:\Windows\SysWOW64\fontext.dll
2011-07-02 02:44:28 ----A---- C:\Windows\SysWOW64\wlanui.dll
2011-07-02 02:44:28 ----A---- C:\Windows\SysWOW64\w32tm.exe
2011-07-02 02:44:28 ----A---- C:\Windows\SysWOW64\VAN.dll
2011-07-02 02:44:28 ----A---- C:\Windows\SysWOW64\SndVol.exe
2011-07-02 02:44:28 ----A---- C:\Windows\SysWOW64\qedit.dll
2011-07-02 02:44:28 ----A---- C:\Windows\SysWOW64\qdvd.dll
2011-07-02 02:44:28 ----A---- C:\Windows\SysWOW64\prntvpt.dll
2011-07-02 02:44:28 ----A---- C:\Windows\SysWOW64\netcenter.dll
2011-07-02 02:44:28 ----A---- C:\Windows\SysWOW64\batmeter.dll
2011-07-02 02:44:27 ----A---- C:\Windows\SysWOW64\zipfldr.dll
2011-07-02 02:44:27 ----A---- C:\Windows\SysWOW64\spwizeng.dll
2011-07-02 02:44:27 ----A---- C:\Windows\SysWOW64\MSAC3ENC.DLL
2011-07-02 02:44:27 ----A---- C:\Windows\SysWOW64\fdeploy.dll
2011-07-02 02:44:27 ----A---- C:\Windows\SysWOW64\cryptui.dll
2011-07-02 02:44:27 ----A---- C:\Windows\SysWOW64\azroleui.dll
2011-07-02 02:44:27 ----A---- C:\Windows\SysWOW64\accessibilitycpl.dll
2011-07-02 02:44:26 ----A---- C:\Windows\SysWOW64\netjoin.dll
2011-07-02 02:44:26 ----A---- C:\Windows\SysWOW64\adsldp.dll
2011-07-02 02:44:25 ----A---- C:\Windows\SysWOW64\wusa.exe
2011-07-02 02:44:25 ----A---- C:\Windows\SysWOW64\sud.dll
2011-07-02 02:44:25 ----A---- C:\Windows\SysWOW64\prnfldr.dll
2011-07-02 02:44:25 ----A---- C:\Windows\SysWOW64\photowiz.dll
2011-07-02 02:44:25 ----A---- C:\Windows\SysWOW64\OnLineIDCpl.dll
2011-07-02 02:44:25 ----A---- C:\Windows\SysWOW64\networkmap.dll
2011-07-02 02:44:25 ----A---- C:\Windows\SysWOW64\msieftp.dll
2011-07-02 02:44:25 ----A---- C:\Windows\SysWOW64\MediaMetadataHandler.dll
2011-07-02 02:44:25 ----A---- C:\Windows\SysWOW64\MCEWMDRMNDBootstrap.dll
2011-07-02 02:44:25 ----A---- C:\Windows\SysWOW64\Faultrep.dll
2011-07-02 02:44:25 ----A---- C:\Windows\SysWOW64\credssp.dll
2011-07-02 02:44:25 ----A---- C:\Windows\SysWOW64\ActionCenter.dll
2011-07-02 02:44:24 ----A---- C:\Windows\SysWOW64\sisbkup.dll
2011-07-02 02:44:24 ----A---- C:\Windows\SysWOW64\shwebsvc.dll
2011-07-02 02:44:24 ----A---- C:\Windows\SysWOW64\iprtrmgr.dll
2011-07-02 02:44:24 ----A---- C:\Windows\SysWOW64\ifsutil.dll
2011-07-02 02:44:24 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2011-07-02 02:44:24 ----A---- C:\Windows\SysWOW64\iasrad.dll
2011-07-02 02:44:24 ----A---- C:\Windows\SysWOW64\ftp.exe
2011-07-02 02:44:24 ----A---- C:\Windows\SysWOW64\efscore.dll
2011-07-02 02:44:24 ----A---- C:\Windows\SysWOW64\dot3cfg.dll
2011-07-02 02:44:24 ----A---- C:\Windows\SysWOW64\defaultlocationcpl.dll
2011-07-02 02:44:23 ----A---- C:\Windows\SysWOW64\wmpmde.dll
2011-07-02 02:44:23 ----A---- C:\Windows\SysWOW64\systemcpl.dll
2011-07-02 02:44:23 ----A---- C:\Windows\SysWOW64\syncui.dll
2011-07-02 02:44:23 ----A---- C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2011-07-02 02:44:23 ----A---- C:\Windows\SysWOW64\rtutils.dll
2011-07-02 02:44:23 ----A---- C:\Windows\SysWOW64\OobeFldr.dll
2011-07-02 02:44:23 ----A---- C:\Windows\SysWOW64\odbcjt32.dll
2011-07-02 02:44:23 ----A---- C:\Windows\SysWOW64\ntprint.dll
2011-07-02 02:44:23 ----A---- C:\Windows\SysWOW64\ntlanman.dll
2011-07-02 02:44:23 ----A---- C:\Windows\SysWOW64\iesysprep.dll
2011-07-02 02:44:23 ----A---- C:\Windows\SysWOW64\dskquoui.dll
2011-07-02 02:44:23 ----A---- C:\Windows\SysWOW64\DeviceCenter.dll
2011-07-02 02:44:23 ----A---- C:\Windows\SysWOW64\autoplay.dll
2011-07-02 02:44:23 ----A---- C:\Windows\SysWOW64\ActionCenterCPL.dll
2011-07-02 02:44:22 ----A---- C:\Windows\SysWOW64\wmpsrcwp.dll
2011-07-02 02:44:22 ----A---- C:\Windows\SysWOW64\sethc.exe
2011-07-02 02:44:22 ----A---- C:\Windows\SysWOW64\riched20.dll
2011-07-02 02:44:22 ----A---- C:\Windows\SysWOW64\nshwfp.dll
2011-07-02 02:44:22 ----A---- C:\Windows\SysWOW64\netplwiz.dll
2011-07-02 02:44:22 ----A---- C:\Windows\SysWOW64\NAPHLPR.DLL
2011-07-02 02:44:22 ----A---- C:\Windows\SysWOW64\migisol.dll
2011-07-02 02:44:22 ----A---- C:\Windows\SysWOW64\fms.dll
2011-07-02 02:44:22 ----A---- C:\Windows\SysWOW64\blackbox.dll
2011-07-02 02:44:22 ----A---- C:\Windows\SysWOW64\activeds.dll
2011-07-02 02:44:21 ----A---- C:\Windows\SysWOW64\wuwebv.dll
2011-07-02 02:44:21 ----A---- C:\Windows\SysWOW64\wlanmsm.dll
2011-07-02 02:44:21 ----A---- C:\Windows\SysWOW64\wavemsp.dll
2011-07-02 02:44:21 ----A---- C:\Windows\SysWOW64\tzutil.exe
2011-07-02 02:44:21 ----A---- C:\Windows\SysWOW64\ReAgent.dll
2011-07-02 02:44:21 ----A---- C:\Windows\SysWOW64\provsvc.dll
2011-07-02 02:44:21 ----A---- C:\Windows\SysWOW64\nshipsec.dll
2011-07-02 02:44:21 ----A---- C:\Windows\SysWOW64\nlaapi.dll
2011-07-02 02:44:21 ----A---- C:\Windows\SysWOW64\msftedit.dll
2011-07-02 02:44:21 ----A---- C:\Windows\SysWOW64\isoburn.exe
2011-07-02 02:44:21 ----A---- C:\Windows\SysWOW64\httpapi.dll
2011-07-02 02:44:21 ----A---- C:\Windows\SysWOW64\dsuiext.dll
2011-07-02 02:44:21 ----A---- C:\Windows\SysWOW64\dot3ui.dll
2011-07-02 02:44:21 ----A---- C:\Windows\SysWOW64\dfrgui.exe
2011-07-02 02:44:21 ----A---- C:\Windows\SysWOW64\cdosys.dll
2011-07-02 02:44:21 ----A---- C:\Windows\SysWOW64\asycfilt.dll
2011-07-02 02:44:20 ----A---- C:\Windows\SysWOW64\wvc.dll
2011-07-02 02:44:20 ----A---- C:\Windows\SysWOW64\wtsapi32.dll
2011-07-02 02:44:20 ----A---- C:\Windows\SysWOW64\wimgapi.dll
2011-07-02 02:44:20 ----A---- C:\Windows\SysWOW64\ocsetup.exe
2011-07-02 02:44:19 ----A---- C:\Windows\twain_32.dll
2011-07-02 02:44:19 ----A---- C:\Windows\SysWOW64\webcheck.dll
2011-07-02 02:44:19 ----A---- C:\Windows\SysWOW64\uxlib.dll
2011-07-02 02:44:19 ----A---- C:\Windows\SysWOW64\twext.dll
2011-07-02 02:44:19 ----A---- C:\Windows\SysWOW64\ssText3d.scr
2011-07-02 02:44:19 ----A---- C:\Windows\SysWOW64\slwga.dll
2011-07-02 02:44:19 ----A---- C:\Windows\SysWOW64\shdocvw.dll
2011-07-02 02:44:19 ----A---- C:\Windows\SysWOW64\setupugc.exe
2011-07-02 02:44:19 ----A---- C:\Windows\SysWOW64\qcap.dll
2011-07-02 02:44:19 ----A---- C:\Windows\SysWOW64\qasf.dll
2011-07-02 02:44:19 ----A---- C:\Windows\SysWOW64\occache.dll
2011-07-02 02:44:19 ----A---- C:\Windows\SysWOW64\msvfw32.dll
2011-07-02 02:44:19 ----A---- C:\Windows\SysWOW64\mstask.dll
2011-07-02 02:44:19 ----A---- C:\Windows\SysWOW64\msrating.dll
2011-07-02 02:44:19 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2011-07-02 02:44:18 ----A---- C:\Windows\SysWOW64\WPDShServiceObj.dll
2011-07-02 02:44:18 ----A---- C:\Windows\SysWOW64\wmdrmsdk.dll
2011-07-02 02:44:18 ----A---- C:\Windows\SysWOW64\rpcrt4.dll
2011-07-02 02:44:18 ----A---- C:\Windows\SysWOW64\nslookup.exe
2011-07-02 02:44:18 ----A---- C:\Windows\SysWOW64\msscp.dll
2011-07-02 02:44:18 ----A---- C:\Windows\SysWOW64\mciavi32.dll
2011-07-02 02:44:18 ----A---- C:\Windows\SysWOW64\imgutil.dll
2011-07-02 02:44:18 ----A---- C:\Windows\SysWOW64\DevicePairingFolder.dll
2011-07-02 02:44:18 ----A---- C:\Windows\SysWOW64\clusapi.dll
2011-07-02 02:44:18 ----A---- C:\Windows\SysWOW64\audiodev.dll
2011-07-02 02:44:17 ----A---- C:\Windows\SysWOW64\wimserv.exe
2011-07-02 02:44:17 ----A---- C:\Windows\SysWOW64\UserAccountControlSettings.dll
2011-07-02 02:44:17 ----A---- C:\Windows\SysWOW64\TSpkg.dll
2011-07-02 02:44:17 ----A---- C:\Windows\SysWOW64\remotepg.dll
2011-07-02 02:44:17 ----A---- C:\Windows\SysWOW64\rdpencom.dll
2011-07-02 02:44:17 ----A---- C:\Windows\SysWOW64\raschap.dll
2011-07-02 02:44:17 ----A---- C:\Windows\SysWOW64\QUTIL.DLL
2011-07-02 02:44:17 ----A---- C:\Windows\SysWOW64\perfmon.exe
2011-07-02 02:44:17 ----A---- C:\Windows\SysWOW64\olepro32.dll
2011-07-02 02:44:17 ----A---- C:\Windows\SysWOW64\odbccp32.dll
2011-07-02 02:44:17 ----A---- C:\Windows\SysWOW64\ocsetapi.dll
2011-07-02 02:44:17 ----A---- C:\Windows\SysWOW64\networkexplorer.dll
2011-07-02 02:44:17 ----A---- C:\Windows\SysWOW64\NAPCRYPT.DLL
2011-07-02 02:44:17 ----A---- C:\Windows\SysWOW64\input.dll
2011-07-02 02:44:17 ----A---- C:\Windows\SysWOW64\drmmgrtn.dll
2011-07-02 02:44:17 ----A---- C:\Windows\SysWOW64\diskraid.exe
2011-07-02 02:44:17 ----A---- C:\Windows\SysWOW64\acppage.dll
2011-07-02 02:44:17 ----A---- C:\Windows\bfsvc.exe
2011-07-02 02:44:16 ----A---- C:\Windows\SysWOW64\wpdwcn.dll
2011-07-02 02:44:16 ----A---- C:\Windows\SysWOW64\wmpdxm.dll
2011-07-02 02:44:16 ----A---- C:\Windows\SysWOW64\vpnikeapi.dll
2011-07-02 02:44:16 ----A---- C:\Windows\SysWOW64\vdsbas.dll
2011-07-02 02:44:16 ----A---- C:\Windows\SysWOW64\runonce.exe
2011-07-02 02:44:16 ----A---- C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2011-07-02 02:44:16 ----A---- C:\Windows\SysWOW64\onexui.dll
2011-07-02 02:44:16 ----A---- C:\Windows\SysWOW64\logagent.exe
2011-07-02 02:44:16 ----A---- C:\Windows\SysWOW64\iTVData.dll
2011-07-02 02:44:16 ----A---- C:\Windows\SysWOW64\inseng.dll
2011-07-02 02:44:16 ----A---- C:\Windows\SysWOW64\dxdiagn.dll
2011-07-02 02:44:15 ----A---- C:\Windows\SysWOW64\wudriver.dll
2011-07-02 02:44:15 ----A---- C:\Windows\SysWOW64\wmpshell.dll
2011-07-02 02:44:15 ----A---- C:\Windows\SysWOW64\wmdrmdev.dll
2011-07-02 02:44:15 ----A---- C:\Windows\SysWOW64\unimdmat.dll
2011-07-02 02:44:15 ----A---- C:\Windows\SysWOW64\sqlcese30.dll
2011-07-02 02:44:15 ----A---- C:\Windows\SysWOW64\shacct.dll
2011-07-02 02:44:15 ----A---- C:\Windows\SysWOW64\rdpd3d.dll
2011-07-02 02:44:15 ----A---- C:\Windows\SysWOW64\msvidc32.dll
2011-07-02 02:44:15 ----A---- C:\Windows\SysWOW64\msiexec.exe
2011-07-02 02:44:15 ----A---- C:\Windows\SysWOW64\mprapi.dll
2011-07-02 02:44:15 ----A---- C:\Windows\SysWOW64\MFPlay.dll
2011-07-02 02:44:15 ----A---- C:\Windows\SysWOW64\lsmproxy.dll
2011-07-02 02:44:15 ----A---- C:\Windows\SysWOW64\iscsium.dll
2011-07-02 02:44:15 ----A---- C:\Windows\SysWOW64\eapp3hst.dll
2011-07-02 02:44:15 ----A---- C:\Windows\SysWOW64\d3d10level9.dll
2011-07-02 02:44:15 ----A---- C:\Windows\SysWOW64\Bubbles.scr
2011-07-02 02:44:15 ----A---- C:\Windows\SysWOW64\bitsadmin.exe
2011-07-02 02:44:14 ----A---- C:\Windows\SysWOW64\PortableDeviceSyncProvider.dll
2011-07-02 02:44:14 ----A---- C:\Windows\SysWOW64\pdh.dll
2011-07-02 02:44:14 ----A---- C:\Windows\SysWOW64\OpcServices.dll
2011-07-02 02:44:14 ----A---- C:\Windows\SysWOW64\logman.exe
2011-07-02 02:44:14 ----A---- C:\Windows\SysWOW64\cscapi.dll
2011-07-02 02:44:13 ----A---- C:\Windows\SysWOW64\WPDSp.dll
2011-07-02 02:44:13 ----A---- C:\Windows\SysWOW64\WMVSDECD.DLL
2011-07-02 02:44:13 ----A---- C:\Windows\SysWOW64\WMPhoto.dll
2011-07-02 02:44:13 ----A---- C:\Windows\SysWOW64\WMADMOD.DLL
2011-07-02 02:44:13 ----A---- C:\Windows\SysWOW64\wiavideo.dll
2011-07-02 02:44:13 ----A---- C:\Windows\SysWOW64\utildll.dll
2011-07-02 02:44:13 ----A---- C:\Windows\SysWOW64\tsgqec.dll
2011-07-02 02:44:13 ----A---- C:\Windows\SysWOW64\takeown.exe
2011-07-02 02:44:13 ----A---- C:\Windows\SysWOW64\srvcli.dll
2011-07-02 02:44:13 ----A---- C:\Windows\SysWOW64\sqmapi.dll
2011-07-02 02:44:13 ----A---- C:\Windows\SysWOW64\Ribbons.scr
2011-07-02 02:44:13 ----A---- C:\Windows\SysWOW64\QSVRMGMT.DLL
2011-07-02 02:44:13 ----A---- C:\Windows\SysWOW64\PortableDeviceStatus.dll
2011-07-02 02:44:13 ----A---- C:\Windows\SysWOW64\olethk32.dll
2011-07-02 02:44:13 ----A---- C:\Windows\SysWOW64\odbctrac.dll
2011-07-02 02:44:13 ----A---- C:\Windows\SysWOW64\ncryptui.dll
2011-07-02 02:44:13 ----A---- C:\Windows\SysWOW64\Mystify.scr
2011-07-02 02:44:13 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2011-07-02 02:44:13 ----A---- C:\Windows\SysWOW64\mapistub.dll
2011-07-02 02:44:13 ----A---- C:\Windows\SysWOW64\mapi32.dll
2011-07-02 02:44:13 ----A---- C:\Windows\SysWOW64\iyuv_32.dll
2011-07-02 02:44:13 ----A---- C:\Windows\SysWOW64\fphc.dll
2011-07-02 02:44:13 ----A---- C:\Windows\SysWOW64\dot3msm.dll
2011-07-02 02:44:13 ----A---- C:\Windows\SysWOW64\avifil32.dll
2011-07-02 02:44:12 ----A---- C:\Windows\SysWOW64\wsnmp32.dll
2011-07-02 02:44:12 ----A---- C:\Windows\SysWOW64\WMSPDMOD.DLL
2011-07-02 02:44:12 ----A---- C:\Windows\SysWOW64\wmdrmnet.dll
2011-07-02 02:44:12 ----A---- C:\Windows\SysWOW64\vfwwdm32.dll
2011-07-02 02:44:12 ----A---- C:\Windows\SysWOW64\sspicli.dll
2011-07-02 02:44:12 ----A---- C:\Windows\SysWOW64\sppinst.dll
2011-07-02 02:44:12 ----A---- C:\Windows\SysWOW64\qdv.dll
2011-07-02 02:44:12 ----A---- C:\Windows\SysWOW64\QCLIPROV.DLL
2011-07-02 02:44:12 ----A---- C:\Windows\SysWOW64\pdhui.dll
2011-07-02 02:44:12 ----A---- C:\Windows\SysWOW64\MuiUnattend.exe
2011-07-02 02:44:12 ----A---- C:\Windows\SysWOW64\msyuv.dll
2011-07-02 02:44:12 ----A---- C:\Windows\SysWOW64\msrle32.dll
2011-07-02 02:44:12 ----A---- C:\Windows\SysWOW64\msnetobj.dll
2011-07-02 02:44:12 ----A---- C:\Windows\SysWOW64\imagehlp.dll
2011-07-02 02:44:12 ----A---- C:\Windows\SysWOW64\EhStorAPI.dll
2011-07-02 02:44:12 ----A---- C:\Windows\SysWOW64\cmstp.exe
2011-07-02 02:44:12 ----A---- C:\Windows\SysWOW64\cca.dll
2011-07-02 02:44:11 ----A---- C:\Windows\SysWOW64\wmpps.dll
2011-07-02 02:44:11 ----A---- C:\Windows\SysWOW64\wkscli.dll
2011-07-02 02:44:11 ----A---- C:\Windows\SysWOW64\tsbyuv.dll
2011-07-02 02:44:11 ----A---- C:\Windows\SysWOW64\syssetup.dll
2011-07-02 02:44:11 ----A---- C:\Windows\SysWOW64\spbcd.dll
2011-07-02 02:44:11 ----A---- C:\Windows\SysWOW64\setupcln.dll
2011-07-02 02:44:11 ----A---- C:\Windows\SysWOW64\secproc_ssp_isv.dll
2011-07-02 02:44:11 ----A---- C:\Windows\SysWOW64\secproc_ssp.dll
2011-07-02 02:44:11 ----A---- C:\Windows\SysWOW64\resutils.dll
2011-07-02 02:44:11 ----A---- C:\Windows\SysWOW64\relog.exe
2011-07-02 02:44:11 ----A---- C:\Windows\SysWOW64\rastapi.dll
2011-07-02 02:44:11 ----A---- C:\Windows\SysWOW64\netiougc.exe
2011-07-02 02:44:11 ----A---- C:\Windows\SysWOW64\netbtugc.exe
2011-07-02 02:44:11 ----A---- C:\Windows\SysWOW64\mydocs.dll
2011-07-02 02:44:11 ----A---- C:\Windows\SysWOW64\msorcl32.dll
2011-07-02 02:44:11 ----A---- C:\Windows\SysWOW64\itircl.dll
2011-07-02 02:44:11 ----A---- C:\Windows\SysWOW64\iscsicli.exe
2011-07-02 02:44:11 ----A---- C:\Windows\SysWOW64\iasrecst.dll
2011-07-02 02:44:11 ----A---- C:\Windows\SysWOW64\diskpart.exe
2011-07-02 02:44:11 ----A---- C:\Windows\SysWOW64\CertPolEng.dll
2011-07-02 02:44:11 ----A---- C:\Windows\SysWOW64\AzSqlExt.dll
2011-07-02 02:44:11 ----A---- C:\Windows\SysWOW64\amstream.dll
2011-07-02 02:44:10 ----A---- C:\Windows\SysWOW64\wuapp.exe
2011-07-02 02:44:10 ----A---- C:\Windows\SysWOW64\WerFaultSecure.exe
2011-07-02 02:44:10 ----A---- C:\Windows\SysWOW64\tlscsp.dll
2011-07-02 02:44:10 ----A---- C:\Windows\SysWOW64\sppc.dll
2011-07-02 02:44:10 ----A---- C:\Windows\SysWOW64\secur32.dll
2011-07-02 02:44:10 ----A---- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2011-07-02 02:44:10 ----A---- C:\Windows\SysWOW64\RMActivate_ssp.exe
2011-07-02 02:44:10 ----A---- C:\Windows\SysWOW64\ReAgentc.exe
2011-07-02 02:44:10 ----A---- C:\Windows\SysWOW64\netutils.dll
2011-07-02 02:44:10 ----A---- C:\Windows\SysWOW64\netapi32.dll
2011-07-02 02:44:10 ----A---- C:\Windows\SysWOW64\muifontsetup.dll
2011-07-02 02:44:10 ----A---- C:\Windows\SysWOW64\mobsync.exe
2011-07-02 02:44:10 ----A---- C:\Windows\SysWOW64\mciqtz32.dll
2011-07-02 02:44:10 ----A---- C:\Windows\SysWOW64\iccvid.dll
2011-07-02 02:44:10 ----A---- C:\Windows\SysWOW64\findstr.exe
2011-07-02 02:44:10 ----A---- C:\Windows\SysWOW64\eappgnui.dll
2011-07-02 02:44:10 ----A---- C:\Windows\SysWOW64\cabinet.dll
2011-07-02 02:44:09 ----A---- C:\Windows\SysWOW64\wups.dll
2011-07-02 02:44:09 ----A---- C:\Windows\SysWOW64\unlodctr.exe
2011-07-02 02:44:09 ----A---- C:\Windows\SysWOW64\UIRibbonRes.dll
2011-07-02 02:44:09 ----A---- C:\Windows\SysWOW64\spopk.dll
2011-07-02 02:44:09 ----A---- C:\Windows\SysWOW64\shimgvw.dll
2011-07-02 02:44:09 ----A---- C:\Windows\SysWOW64\rdprefdrvapi.dll
2011-07-02 02:44:09 ----A---- C:\Windows\SysWOW64\perfts.dll
2011-07-02 02:44:09 ----A---- C:\Windows\SysWOW64\odbcconf.dll
2011-07-02 02:44:09 ----A---- C:\Windows\SysWOW64\msdmo.dll
2011-07-02 02:44:09 ----A---- C:\Windows\SysWOW64\luainstall.dll
2011-07-02 02:44:09 ----A---- C:\Windows\SysWOW64\inetmib1.dll
2011-07-02 02:44:09 ----A---- C:\Windows\SysWOW64\browcli.dll
2011-07-02 02:44:08 ----A---- C:\Windows\SysWOW64\imm32.dll
2011-07-02 02:44:07 ----A---- C:\Windows\SysWOW64\TRAPI.dll
2011-07-02 02:44:07 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2011-07-02 02:44:07 ----A---- C:\Windows\SysWOW64\elsTrans.dll
2011-07-02 02:44:06 ----A---- C:\Windows\SysWOW64\bitsperf.dll
2011-07-02 02:44:05 ----A---- C:\Windows\SysWOW64\wshbth.dll
2011-07-02 02:44:05 ----A---- C:\Windows\SysWOW64\schedcli.dll
2011-07-02 02:44:05 ----A---- C:\Windows\SysWOW64\napdsnap.dll
2011-07-02 02:44:05 ----A---- C:\Windows\SysWOW64\dsauth.dll
2011-07-02 02:44:05 ----A---- C:\Windows\SysWOW64\cscdll.dll
2011-07-02 02:44:03 ----A---- C:\Windows\SysWOW64\wsdchngr.dll
2011-07-02 02:44:03 ----A---- C:\Windows\SysWOW64\sscore.dll
2011-07-02 02:44:03 ----A---- C:\Windows\SysWOW64\shgina.dll
2011-07-02 02:44:03 ----A---- C:\Windows\SysWOW64\riched32.dll
2011-07-02 02:44:01 ----A---- C:\Windows\SysWOW64\wshirda.dll
2011-07-02 02:44:01 ----A---- C:\Windows\SysWOW64\spwmp.dll
2011-07-02 02:44:01 ----A---- C:\Windows\SysWOW64\browseui.dll
2011-07-02 02:44:00 ----A---- C:\Windows\SysWOW64\shunimpl.dll
2011-07-02 02:44:00 ----A---- C:\Windows\SysWOW64\dxmasf.dll
2011-07-02 02:44:00 ----A---- C:\Windows\SysWOW64\C_ISCII.DLL
2011-07-02 02:43:59 ----A---- C:\Windows\SysWOW64\wmploc.DLL
2011-07-02 02:43:59 ----A---- C:\Windows\SysWOW64\KBDUS.DLL
2011-07-02 02:43:59 ----A---- C:\Windows\SysWOW64\KBDTURME.DLL
2011-07-02 02:43:59 ----A---- C:\Windows\SysWOW64\KBDTUQ.DLL
2011-07-02 02:43:59 ----A---- C:\Windows\SysWOW64\KBDTUF.DLL
2011-07-02 02:43:59 ----A---- C:\Windows\SysWOW64\KBDTAJIK.DLL
2011-07-02 02:43:59 ----A---- C:\Windows\SysWOW64\KBDSG.DLL
2011-07-02 02:43:59 ----A---- C:\Windows\SysWOW64\KBDMON.DLL
2011-07-02 02:43:59 ----A---- C:\Windows\SysWOW64\kbdlk41a.dll
2011-07-02 02:43:59 ----A---- C:\Windows\SysWOW64\KBDINTEL.DLL
2011-07-02 02:43:59 ----A---- C:\Windows\SysWOW64\KBDINHIN.DLL
2011-07-02 02:43:59 ----A---- C:\Windows\SysWOW64\KBDGR1.DLL
2011-07-02 02:43:59 ----A---- C:\Windows\SysWOW64\KBDGKL.DLL
2011-07-02 02:43:59 ----A---- C:\Windows\SysWOW64\KBDGEO.DLL
2011-07-02 02:43:59 ----A---- C:\Windows\SysWOW64\KBDCZ1.DLL
2011-07-02 02:43:59 ----A---- C:\Windows\SysWOW64\KBDBLR.DLL
2011-07-02 02:43:58 ----A---- C:\Windows\SysWOW64\tzres.dll
2011-07-02 02:43:58 ----A---- C:\Windows\SysWOW64\spwizres.dll
2011-07-02 02:43:58 ----A---- C:\Windows\SysWOW64\pifmgr.dll
2011-07-02 02:43:58 ----A---- C:\Windows\SysWOW64\nlsbres.dll
2011-07-02 02:43:58 ----A---- C:\Windows\SysWOW64\KBDUGHR1.DLL
2011-07-02 02:43:58 ----A---- C:\Windows\SysWOW64\KBDSF.DLL
2011-07-02 02:43:58 ----A---- C:\Windows\SysWOW64\KBDPO.DLL
2011-07-02 02:43:58 ----A---- C:\Windows\SysWOW64\KBDNEPR.DLL
2011-07-02 02:43:58 ----A---- C:\Windows\SysWOW64\KBDMAORI.DLL
2011-07-02 02:43:58 ----A---- C:\Windows\SysWOW64\KBDLT1.DLL
2011-07-02 02:43:58 ----A---- C:\Windows\SysWOW64\KBDINTAM.DLL
2011-07-02 02:43:58 ----A---- C:\Windows\SysWOW64\KBDINORI.DLL
2011-07-02 02:43:58 ----A---- C:\Windows\SysWOW64\KBDINMAR.DLL
2011-07-02 02:43:58 ----A---- C:\Windows\SysWOW64\KBDINKAN.DLL
2011-07-02 02:43:58 ----A---- C:\Windows\SysWOW64\KBDINBEN.DLL
2011-07-02 02:43:58 ----A---- C:\Windows\SysWOW64\KBDBULG.DLL
2011-07-02 02:43:58 ----A---- C:\Windows\SysWOW64\KBDBASH.DLL
2011-07-02 02:43:58 ----A---- C:\Windows\SysWOW64\dpnaddr.dll
2011-07-02 02:43:49 ----A---- C:\Windows\SysWOW64\wdscore.dll
2011-07-02 02:43:49 ----A---- C:\Windows\SysWOW64\PkgMgr.exe
2011-07-02 02:43:43 ----A---- C:\Windows\SysWOW64\drvstore.dll
2011-07-02 02:43:43 ----A---- C:\Windows\SysWOW64\dpx.dll
2011-07-02 02:43:41 ----A---- C:\Windows\SysWOW64\wbemcomn.dll
2011-06-30 18:23:52 ----D---- C:\Windows\en
2011-06-30 18:21:11 ----A---- C:\Windows\SysWOW64\XAudio2_5.dll
2011-06-30 18:21:11 ----A---- C:\Windows\SysWOW64\XAPOFX1_3.dll
2011-06-30 18:21:09 ----A---- C:\Windows\SysWOW64\d3dx10_42.dll
2011-06-29 19:50:34 ----D---- C:\ProgramData\AVAST Software
2011-06-29 19:14:35 ----A---- C:\Windows\SysWOW64\drvinst.exe
2011-06-29 19:14:35 ----A---- C:\Windows\SysWOW64\devrtl.dll
2011-06-29 19:14:35 ----A---- C:\Windows\SysWOW64\devobj.dll
2011-06-29 19:14:35 ----A---- C:\Windows\SysWOW64\cfgmgr32.dll
2011-06-29 19:14:29 ----A---- C:\Windows\SysWOW64\tquery.dll
2011-06-29 19:14:29 ----A---- C:\Windows\SysWOW64\mssrch.dll
2011-06-29 19:14:28 ----A---- C:\Windows\SysWOW64\SearchProtocolHost.exe
2011-06-29 19:14:28 ----A---- C:\Windows\SysWOW64\SearchIndexer.exe
2011-06-29 19:14:28 ----A---- C:\Windows\SysWOW64\SearchFilterHost.exe
2011-06-29 19:14:28 ----A---- C:\Windows\SysWOW64\mssvp.dll
2011-06-29 19:14:28 ----A---- C:\Windows\SysWOW64\mssphtb.dll
2011-06-29 19:14:28 ----A---- C:\Windows\SysWOW64\mssph.dll
2011-06-29 19:14:27 ----A---- C:\Windows\SysWOW64\msscntrs.dll
2011-06-29 18:43:01 ----D---- C:\48f0b1d1bef8a61d3a
2011-06-16 19:58:04 ----A---- C:\Windows\SysWOW64\iertutil.dll
2011-06-16 19:58:02 ----A---- C:\Windows\SysWOW64\mshtml.dll
2011-06-16 19:58:02 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2011-06-16 19:58:01 ----A---- C:\Windows\SysWOW64\ieframe.dll
2011-06-16 19:58:00 ----A---- C:\Windows\SysWOW64\urlmon.dll
2011-06-16 19:57:59 ----A---- C:\Windows\SysWOW64\wininet.dll
2011-06-16 19:57:59 ----A---- C:\Windows\SysWOW64\ieui.dll
2011-06-16 19:57:58 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2011-06-16 19:57:19 ----A---- C:\Windows\SysWOW64\d3d10_1core.dll
2011-06-16 19:57:19 ----A---- C:\Windows\SysWOW64\d3d10_1.dll
2011-06-16 19:57:10 ----A---- C:\Windows\SysWOW64\oleaut32.dll
2011-06-16 19:57:08 ----A---- C:\Windows\SysWOW64\inetcomm.dll
2011-06-13 22:42:57 ----D---- C:\ProgramData\Big Fish Games
======List of files/folders modified in the last 1 month======
2011-07-12 21:03:32 ----D---- C:\Windows\Prefetch
2011-07-12 21:03:25 ----D---- C:\Program Files (x86)
2011-07-12 20:59:31 ----D---- C:\Program Files (x86)\Dell DataSafe Local Backup
2011-07-12 20:52:18 ----D---- C:\Windows\System32
2011-07-12 20:52:17 ----D---- C:\Windows\inf
2011-07-12 20:44:16 ----SHD---- C:\System Volume Information
2011-07-12 20:30:50 ----D---- C:\Windows\winsxs
2011-07-12 20:29:06 ----D---- C:\Windows\SysWOW64
2011-07-12 20:29:03 ----D---- C:\Windows\AppPatch
2011-07-11 19:45:37 ----D---- C:\Windows\Downloaded Program Files
2011-07-10 14:56:07 ----SHD---- C:\Windows\Installer
2011-07-10 14:55:40 ----RD---- C:\Program Files
2011-07-10 14:49:00 ----D---- C:\Program Files (x86)\Common Files
2011-07-08 22:29:07 ----D---- C:\Windows\Tasks
2011-07-07 21:41:12 ----D---- C:\Windows
2011-07-07 21:29:49 ----D---- C:\Program Files (x86)\GamesBar
2011-07-07 21:26:03 ----D---- C:\Windows\SysWOW64\drivers
2011-07-07 21:25:38 ----SD---- C:\Users\Cathy\AppData\Roaming\Microsoft
2011-07-07 21:02:03 ----A---- C:\Windows\system.ini
2011-07-07 20:29:48 ----D---- C:\ProgramData
2011-07-06 22:18:55 ----D---- C:\Windows\Logs
2011-07-05 20:35:11 ----D---- C:\Windows\Minidump
2011-07-05 18:37:26 ----D---- C:\Windows\Microsoft.NET
2011-07-05 18:36:49 ----RSD---- C:\Windows\assembly
2011-07-04 21:20:24 ----D---- C:\Windows\registration
2011-07-04 14:29:24 ----AHD---- C:\ProgramData\TEMP
2011-07-04 00:32:30 ----D---- C:\Windows\rescache
2011-07-03 23:04:04 ----D---- C:\Windows\debug
2011-07-03 22:51:57 ----D---- C:\PerfLogs
2011-07-03 22:48:56 ----SD---- C:\ProgramData\Microsoft
2011-07-03 22:46:10 ----D---- C:\dell
2011-07-03 21:23:13 ----HD---- C:\Program Files (x86)\Windows Portable Devices
2011-07-03 21:23:13 ----D---- C:\Program Files (x86)\Windows Sidebar
2011-07-03 21:23:13 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2011-07-03 21:23:13 ----D---- C:\Program Files (x86)\Windows Media Player
2011-07-03 21:23:13 ----D---- C:\Program Files (x86)\Windows Mail
2011-07-03 21:23:13 ----D---- C:\Program Files (x86)\Internet Explorer
2011-07-03 21:23:07 ----D---- C:\Windows\servicing
2011-07-03 21:23:06 ----D---- C:\Windows\ehome
2011-07-03 21:23:03 ----D---- C:\Windows\SysWOW64\en-US
2011-07-03 21:23:03 ----D---- C:\Windows\SysWOW64\da-DK
2011-07-03 21:23:02 ----D---- C:\Windows\SysWOW64\wbem
2011-07-03 21:23:02 ----D---- C:\Windows\SysWOW64\sppui
2011-07-03 21:23:02 ----D---- C:\Windows\SysWOW64\Setup
2011-07-03 21:23:02 ----D---- C:\Windows\SysWOW64\oobe
2011-07-03 21:23:02 ----D---- C:\Windows\SysWOW64\migwiz
2011-07-03 21:23:02 ----D---- C:\Windows\SysWOW64\migration
2011-07-03 21:23:02 ----D---- C:\Windows\SysWOW64\manifeststore
2011-07-03 21:23:02 ----D---- C:\Windows\SysWOW64\es-ES
2011-07-03 21:23:02 ----D---- C:\Windows\SysWOW64\en
2011-07-03 21:23:02 ----D---- C:\Windows\SysWOW64\cs-CZ
2011-07-03 21:23:02 ----D---- C:\Windows\SysWOW64\AdvancedInstallers
2011-07-03 21:23:00 ----D---- C:\Windows\SysWOW64\Dism
2011-07-03 21:22:49 ----D---- C:\Windows\PolicyDefinitions
2011-07-03 21:22:34 ----RSD---- C:\Windows\Fonts
2011-07-03 19:34:37 ----A---- C:\Windows\SysWOW64\msclmd.dll
2011-07-03 15:21:06 ----D---- C:\ProgramData\Skype
2011-07-03 15:19:57 ----HD---- C:\ProgramData\Adobe
2011-07-03 11:26:08 ----A---- C:\Windows\ntbtlog.txt
2011-07-02 23:31:52 ----D---- C:\Windows\SoftwareDistribution
2011-07-01 21:56:34 ----D---- C:\Program Files (x86)\Windows Live
2011-06-30 18:22:05 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2011-06-29 23:48:18 ----D---- C:\ProgramData\McAfee
2011-06-29 21:14:37 ----D---- C:\Program Files (x86)\McAfee
2011-06-29 19:05:11 ----D---- C:\Program Files (x86)\Dell DataSafe Online
2011-06-29 19:04:14 ----D---- C:\Windows\AppCompat
2011-06-29 19:04:14 ----D---- C:\Users\Cathy\AppData\Roaming\Xerox
2011-06-29 19:04:14 ----D---- C:\Users\Cathy\AppData\Roaming\ToolkitCMA
2011-06-29 19:04:13 ----D---- C:\Users\Cathy\AppData\Roaming\Skype
2011-06-29 19:04:13 ----D---- C:\Users\Cathy\AppData\Roaming\Roxio
2011-06-29 19:04:13 ----D---- C:\Users\Cathy\AppData\Roaming\Oberon Media
2011-06-29 19:04:13 ----D---- C:\Users\Cathy\AppData\Roaming\Creative
2011-06-29 19:04:07 ----HDC---- C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}
2011-06-29 19:04:07 ----D---- C:\ProgramData\WildTangent
2011-06-29 19:04:06 ----D---- C:\ProgramData\Oberon Media
2011-06-29 19:04:05 ----D---- C:\ProgramData\Microsoft Help
2011-06-29 19:04:05 ----D---- C:\ProgramData\InstallShield
2011-06-29 19:04:05 ----D---- C:\ProgramData\Ezprint
2011-06-29 19:04:05 ----D---- C:\ProgramData\Dl_cats
2011-06-29 19:03:50 ----D---- C:\Program Files (x86)\WildTangent Games
2011-06-29 19:03:50 ----D---- C:\Program Files (x86)\Shockwave.com
2011-06-29 19:03:49 ----D---- C:\Program Files (x86)\Roxio
2011-06-29 19:03:48 ----D---- C:\Program Files (x86)\PopCap Games
2011-06-29 19:03:48 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-06-29 19:03:48 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-06-29 19:03:48 ----D---- C:\Program Files (x86)\Microsoft
2011-06-29 19:03:44 ----D---- C:\Program Files (x86)\Google
2011-06-29 19:03:44 ----D---- C:\Program Files (x86)\Fishdom H2O - Hidden Odyssey
2011-06-29 19:03:32 ----D---- C:\Program Files (x86)\Dell V310-V510 Series
2011-06-29 19:03:31 ----D---- C:\Program Files (x86)\Dell Toolbar
2011-06-29 19:03:28 ----D---- C:\Program Files (x86)\Creative Live! Cam
2011-06-29 19:03:28 ----D---- C:\Program Files (x86)\Creative
2011-06-29 19:03:28 ----D---- C:\Program Files (x86)\Cozi Express
2011-06-29 19:03:28 ----D---- C:\Program Files (x86)\Common Files\SureThing Shared
2011-06-29 19:03:28 ----D---- C:\Program Files (x86)\Common Files\supportsoft
2011-06-29 19:03:28 ----D---- C:\Program Files (x86)\Common Files\Sonic Shared
2011-06-29 19:03:28 ----D---- C:\Program Files (x86)\Common Files\Roxio Shared
2011-06-29 19:03:25 ----D---- C:\Program Files (x86)\Common Files\Reallusion
2011-06-29 19:03:25 ----D---- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-06-29 19:03:25 ----D---- C:\Program Files (x86)\Common Files\Oberon Media
2011-06-29 19:03:23 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2011-06-29 19:03:23 ----D---- C:\Program Files (x86)\Common Files\DESIGNER
2011-06-29 19:03:23 ----D---- C:\Program Files (x86)\Citrix
2011-06-29 19:03:23 ----D---- C:\Program Files (x86)\bfgclient
2011-06-29 19:03:22 ----D---- C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint
2011-06-29 19:03:21 ----D---- C:\Drivers
2011-06-29 19:02:02 ----D---- C:\Users\Cathy\AppData\Roaming\Adobe
2011-06-29 19:00:19 ----D---- C:\ProgramData\Uninstall
2011-06-29 19:00:19 ----D---- C:\ProgramData\SupportSoft
2011-06-29 19:00:17 ----D---- C:\ProgramData\Roxio
2011-06-29 19:00:08 ----D---- C:\ProgramData\Google
2011-06-29 19:00:07 ----D---- C:\ProgramData\Dell
2011-06-29 19:00:07 ----D---- C:\ProgramData\Cozi
2011-06-29 19:00:05 ----D---- C:\ProgramData\!SASCORE
2011-06-29 18:59:10 ----D---- C:\Program Files (x86)\Windows NT
2011-06-29 18:58:59 ----D---- C:\Program Files (x86)\Windows Defender
2011-06-29 18:58:49 ----D---- C:\Program Files (x86)\WildTangent
2011-06-29 18:58:47 ----D---- C:\Program Files (x86)\TelevisionFanatic
2011-06-29 18:58:35 ----D---- C:\Program Files (x86)\Reveal
2011-06-29 18:58:35 ----D---- C:\Program Files (x86)\Reference Assemblies
2011-06-29 18:58:35 ----D---- C:\Program Files (x86)\RealArcade
2011-06-29 18:58:33 ----D---- C:\Program Files (x86)\MSN Games
2011-06-29 18:58:33 ----D---- C:\Program Files (x86)\MSBuild
2011-06-29 18:58:32 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-06-29 18:58:10 ----D---- C:\Program Files (x86)\Microsoft Office
2011-06-29 18:58:09 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2011-06-29 18:57:57 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-06-29 18:57:57 ----D---- C:\Program Files (x86)\Intel
2011-06-29 18:57:51 ----D---- C:\Program Files (x86)\Dell
2011-06-29 18:57:49 ----D---- C:\Program Files (x86)\Dell Webcam
2011-06-29 18:57:34 ----D---- C:\Program Files (x86)\Dell Support Center
2011-06-29 18:57:09 ----D---- C:\Program Files (x86)\CyberLink
2011-06-29 18:57:05 ----D---- C:\Program Files (x86)\Common Files\Windows Live
2011-06-29 18:57:05 ----D---- C:\Program Files (x86)\Common Files\System
2011-06-29 18:57:04 ----D---- C:\Program Files (x86)\Common Files\SpeechEngines
2011-06-29 18:56:32 ----D---- C:\Program Files (x86)\Cisco
2011-06-29 18:56:22 ----D---- C:\Program Files (x86)\Absolute Software
2011-06-13 22:43:10 ----D---- C:\BigFishGamesCache
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 aswRdr;aswRdr; C:\Windows\SysWOW64\drivers\aswRdr.sys []
R1 aswSnx;aswSnx; C:\Windows\SysWOW64\drivers\aswSnx.sys []
R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows x64; C:\Windows\system32\DRIVERS\Apfiltr.sys []
R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys []
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys []
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys []
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys []
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys []
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys []
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys []
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys []
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S1 RxFilter;RxFilter; C:\Windows\system32\DRIVERS\RxFilter.sys [2009-06-26 65520]
S1 SABKUTIL;SABKUTIL; C:\Windows\SysWOW64\drivers\SABKUTIL.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []
S3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-02 89600]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 btwdins;Bluetooth Service; c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-01 864032]
R2 dlea_device;dlea_device; C:\Windows\system32\dleacoms.exe [2010-01-07 598696]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-04 354840]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 SftService;SoftThinks Agent Service; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe [2009-05-21 206064]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe [2010-02-25 244736]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [2009-07-16 33280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-01-07 33448]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-28 136176]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 GoToAssist;GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe [2010-07-17 16680]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-28 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-28 182768]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
S3 stllssvr;stllssvr; c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2009-04-30 74392]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
-----------------EOF-----------------
 
info.txt logfile of random's system information tool 1.09 2011-07-12 21:03:37
======Uninstall list======
-->"C:\Program Files (x86)\WildTangent\Dell Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\FATE Undiscovered Realms\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\FATE\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - main\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Jewel Quest Solitaire 2\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Monopoly\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Peggle\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Plants vs. Zombies\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Scrabble\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Virtual Families\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Virtual Villagers - The Secret City\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Yahtzee\Uninstall.exe"
-->C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x9 
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe -maintain activex
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Banctec Service Agreement-->MsiExec.exe /I{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}
Bejeweled 2 Deluxe-->C:\Program Files (x86)\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files (x86)\PopCap Games\Bejeweled 2 Deluxe\Install.log"
Bejeweled(R) 3-->"C:\Program Files (x86)\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files (x86)\RealArcade\Installer\installerMain.clf" "C:\Program Files (x86)\RealArcade\Installer\uninstall\am-bejeweledr3.rguninst" "AddRemove"
Bejeweled-->"C:\Program Files (x86)\MSN Games\Bejeweled\Uninstall.exe" "C:\Program Files (x86)\MSN Games\Bejeweled\install.log"
Big Fish Games: Game Manager-->C:\Program Files (x86)\bfgclient\Uninstall.exe
Cisco EAP-FAST Module-->MsiExec.exe /I{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}
Cisco LEAP Module-->MsiExec.exe /I{51C7AD07-C3F6-4635-8E8A-231306D810FE}
Cisco PEAP Module-->MsiExec.exe /I{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}
Cozi-->MsiExec.exe /X{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Definition update for Microsoft Office 2010 (KB982726)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{2FD3FD50-4D6B-433B-9AB8-83F04675DA44}" "1033" "0"
Dell DataSafe Local Backup - Support Software-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}\setup.exe" -l0x9 -removeonly
Dell DataSafe Local Backup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}\setup.exe" -l0x9 -removeonly
Dell DataSafe Online-->MsiExec.exe /X{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}
Dell Dock-->"C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe" REMOVE=TRUE MODIFY=FALSE
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Toolbar-->regsvr32.exe /s /u "C:\Program Files\Dell Printable Web\toolband.dll"
Dell Webcam Central-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x9 /remove
DirectXInstallService-->MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}
EMC 10 Content-->MsiExec.exe /X{FDB46DE7-9045-47BB-970A-3E4ED5369E03}
Fishdom H2O: Hidden Odyssey ™-->"C:\Program Files (x86)\Fishdom H2O - Hidden Odyssey\Uninstall.exe"
GamesBar 2.0.1.78-->C:\Program Files (x86)\GamesBar\uninst.exe
Gardenscapes™-->C:\PROGRA~2\SHOCKW~1.COM\GARDEN~1\UNWISE.EXE C:\PROGRA~2\SHOCKW~1.COM\GARDEN~1\INSTALL.LOG
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GoToAssist 8.0.0.514-->C:\Program Files (x86)\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Live! Cam Avatar Creator-->C:\Program Files (x86)\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
LoJack Factory Installer-->MsiExec.exe /X{40F4FF7A-B214-4453-B973-080B09CED019}
Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall SINGLEIMAGE /dll OSETUP.DLL
Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}
Microsoft Office Single Image 2010-->MsiExec.exe /X{90140000-003D-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Mozilla Firefox 5.0 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
PowerDVD DX-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x9 -cluninstall
Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Roxio BackOnTrack-->MsiExec.exe /I{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}
Roxio Burn-->MsiExec.exe /I{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}
Roxio Central Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Central Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Central Core-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Central Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Central Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Easy CD and DVD Burning-->C:\ProgramData\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe /x {537BF16E-7412-448C-95D8-846E85A1D817}
Roxio Easy CD and DVD Burning-->MsiExec.exe /I{612B5D2E-8084-4102-91DE-24281E4EFB2C}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft Excel 2010 (KB2523021)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{AA9E4C48-857D-4558-A4F4-343CA7680277}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2289078)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{1D1A4F08-2F17-475B-BA72-476CE5992FEE}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2289161)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{F134C2C6-30B3-4169-A325-58482B4CE6FC}" "1033" "0"
Security Update for Microsoft PowerPoint 2010 (KB2519975)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{45D7C5CD-B967-44AF-9DAB-E5C8545558AD}" "1033" "0"
Security Update for Microsoft Publisher 2010 (KB2409055)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{C3C277D5-36E3-4B1A-926A-175B2BC019CF}" "1033" "0"
Security Update for Microsoft Word 2010 (KB2345000)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{A6D422EE-1196-45EE-B9AE-6B5B64975E8B}" "1033" "0"
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
TelevisionFanatic-->rundll32 C:\PROGRA~2\TELEVI~2\bar\1.bin\64Bar.dll,O
TrueForms Online 4.6.0.23-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BB4A9F70-FF24-4523-9431-EC8C06BCF9DF}\Setup.exe" -l0x9 
TrueForms Online 4.6-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BFE13762-BD9B-450B-9098-384461C1202F}\Setup.exe" -l0x9 
Update for Microsoft Office 2010 (KB2202188)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{86B7A074-265D-420C-9E1E-7A920EF0ECA7}" "1033" "0"
Update for Microsoft Office 2010 (KB2413186)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{556146F7-74AE-4E0A-B64F-5B8B93469F61}" "1033" "0"
Update for Microsoft Office 2010 (KB2413186)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{B5516874-E926-4BFD-B412-D0E70112F244}" "1033" "0"
Update for Microsoft Office 2010 (KB2413186)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{D6CE7280-6EE3-419A-8F47-DB111C040B1B}" "1033" "0"
Update for Microsoft Office 2010 (KB2494150)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}" "1033" "0"
Update for Microsoft Office 2010 (KB2523113)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{C0FF04BF-A05E-408B-81CA-B7FACDA508A3}" "1033" "0"
Update for Microsoft Office 2010 (KB2523113)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{C0FF04BF-A05E-408B-81CA-B7FACDA508A3}" "1033" "0"
Update for Microsoft OneNote 2010 (KB2493983)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{309EEC22-83CE-4109-B019-BA9392FAA322}" "1033" "0"
Update for Microsoft Outlook Social Connector (KB2441641)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{10B78785-65AE-4FDB-B598-73A8EC8598B0}" "1033" "0"
Update for Microsoft Outlook Social Connector (KB2441641)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{A10DC2B7-6FDA-4C17-9DF0-6A834CAC4306}" "1033" "0"
Update Installer for WildTangent Games App-->"C:\Program Files (x86)\WildTangent Games\App\Uninstall.exe"
WildTangent Games App (Dell Games)-->"C:\Program Files (x86)\WildTangent Games\Touchpoints\dell\Uninstall.exe"
WildTangent Games-->"C:\Program Files (x86)\WildTangent\Dell Games\Uninstall.exe"
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
======Hosts File======
127.0.0.1 localhost
======System event log======
Computer Name: Cathy-PC
Event Code: 17
Message: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Record Number: 27711
Source Name: BTHUSB
Time Written: 20101212040728.198148-000
Event Type: Error
User: 
Computer Name: Cathy-PC
Event Code: 4321
Message: The name "MSHOME :1d" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.
Record Number: 27701
Source Name: NetBT
Time Written: 20101212035652.654100-000
Event Type: Error
User: 
Computer Name: Cathy-PC
Event Code: 4321
Message: The name "MSHOME :1d" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.
Record Number: 27700
Source Name: NetBT
Time Written: 20101212035142.641044-000
Event Type: Error
User: 
Computer Name: Cathy-PC
Event Code: 4321
Message: The name "MSHOME :1d" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.
Record Number: 27698
Source Name: NetBT
Time Written: 20101212034632.630053-000
Event Type: Error
User: 
Computer Name: Cathy-PC
Event Code: 1014
Message: Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.
Record Number: 27696
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20101212034617.029338-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE
=====Application event log=====
Computer Name: Cathy-PC
Event Code: 10010
Message: Application 'C:\Program Files (x86)\Microsoft Office\Options14\OOBESTUB.EXE' (pid 4872) cannot be restarted - Application SID does not match Conductor SID..
Record Number: 1199
Source Name: Microsoft-Windows-RestartManager
Time Written: 20100723000843.673146-000
Event Type: Warning
User: Cathy-PC\Cathy
Computer Name: Cathy-PC
Event Code: 10010
Message: Application 'C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE' (pid 5492) cannot be restarted - Application SID does not match Conductor SID..
Record Number: 1198
Source Name: Microsoft-Windows-RestartManager
Time Written: 20100723000843.673146-000
Event Type: Warning
User: Cathy-PC\Cathy
Computer Name: Cathy-PC
Event Code: 3036
Message: The content source <file:C:/Program Files (x86)/Microsoft Office/Office14/Visio Content/> cannot be accessed.
Context: Windows Application, SystemIndex Catalog
Details:
The object was not found. (HRESULT : 0x80041201) (0x80041201)
Record Number: 820
Source Name: Microsoft-Windows-Search
Time Written: 20100723000215.000000-000
Event Type: Warning
User: 
Computer Name: Cathy-PC
Event Code: 80
Message: Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Record Number: 748
Source Name: SideBySide
Time Written: 20100722234929.000000-000
Event Type: Error
User: 
Computer Name: Cathy-PC
Event Code: 80
Message: Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Record Number: 747
Source Name: SideBySide
Time Written: 20100722234929.000000-000
Event Type: Error
User: 
=====Security event log=====
Computer Name: Cathy-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x269f53
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: TRDESKTOP
Source Network Address: 192.168.1.3
Source Port: 1072
Detailed Authentication Information:
Logon Process: NtLmSsp 
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 21109
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110113103136.352465-000
Event Type: Audit Success
User: 
Computer Name: Cathy-PC
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x269f3f
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 21108
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110113103136.332465-000
Event Type: Audit Success
User: 
Computer Name: Cathy-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x269f3f
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: TRDESKTOP
Source Network Address: 192.168.1.3
Source Port: 1071
Detailed Authentication Information:
Logon Process: NtLmSsp 
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 21107
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110113103136.332465-000
Event Type: Audit Success
User: 
Computer Name: Cathy-PC
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x260423
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 21106
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110113102127.541613-000
Event Type: Audit Success
User: 
Computer Name: Cathy-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x260423
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: TRDESKTOP
Source Network Address: 192.168.1.3
Source Port: 1070
Detailed Authentication Information:
Logon Process: NtLmSsp 
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 21105
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110113102127.541613-000
Event Type: Audit Success
User: 
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Dell\Dell Wireless WLAN Card;c:\Program Files\WIDCOMM\Bluetooth Software;c:\Program Files\WIDCOMM\Bluetooth Software\syswow64;c:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared;c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared;C:\Program Files (x86)\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"RoxioCentral"=c:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\
"EMC_AUTOPLAY"=c:\Program Files (x86)\Common Files\Roxio Shared\
-----------------EOF-----------------

Jacee · 13 Jul 2011

Please download mbr.exe http://www2.gmer.net/mbr/mbr.exe and save it to your root directory, usually C:\ <- (Important!)
Go to Start > Run and type: cmd.exe
press Ok.
At the command prompt type: c:\mbr.exe >>"C:\mbr.log"
press Enter.
A "DOS" box will open and quickly disappear. That is normal.
A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
Copy and paste the results of the mbr.log in your next reply.

trie66 · 13 Jul 2011

Ran mbr as instructed. Included jpg of window.

I did not see a DOS window open and does not look like txt file provided much.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 6.1.7601
device: opened successfully
user: error reading MBR
error: Read The handle is invalid.
kernel: error reading MBR

Thanks

Jacee · 14 Jul 2011

Okay, let's do this a different way .... right click on the command prompt, choose to run as Administrator, then copy/paste c:\mbr.exe >>"C:\mbr.log"

trie66 · 14 Jul 2011

I don't get that option from the command prompt. See below. The title bar of the command window indicates Adminstrator.

thanks

Jacee · 15 Jul 2011

Click on the start orb .... then look at the menu. Do you see a 'command prompt' icon? If you do, right click and choose to run as Administrator.
This is what it should look like

trie66 · 18 Jul 2011

I'm back.

Ran as administrator, but with same result. mbr is on my C:\ drive.
Result:
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 6.1.7601
device: opened successfully
user: error reading MBR
error: Read The handle is invalid.
kernel: error reading MBR

I placed in the System32 directory and got same result.

Thanks,

Browser search links hijacked

ESET Results

More Info

mbr.exe results

MBR Log

mbr log