Browser search links hijacked

trie66 · Jul 4, 2011

1) IE 8 / Google search results, click on any and get redirected to another site.
IE 8 / Bing search results, click on any and get redirected to another site.
Google Chrome, complete a search, click on any and get redirected to another site.
Mozilla / Google search results, click on any and get redirected to another site.
Some times, Avast network shield will alert me to threat adn indicate a Malicious URL has been blocked.
If I enter a URL in the URL text box, I can get to the site.

2) While IE8 is not running, Avast network shield will display a Malicious URL is blocked. Object 64.111.211.158. I open task manager to find IE is not in the Applicaiton window, but is running as a process. I will end the process (2 of them), then approximately 10 minutes later the ieexplore process shows up again and I here the Avast network shield announce Malicious URL is blocked.

3) I have tried many recipes to cure this and have made zero progress. For example, Ran TDS Killer (if found nothing), then Flushed DNS cache, then ran TFC, then ran dds ( i have both files), then ESET (it found nothing).

Please help!

acuk · Jul 5, 2011

Hi i had exact same problem with Avast.
Seems like this is becoming more frequent.
I eventually got rid of this .
The Cure is here .
Malicious URL Blocked.. Annoying problem wont go away.
Hope this helps
acuk

Golden · Jul 5, 2011

Hi,

My suggestion is to follow these instructions posted in a recent security thread by Jacee, once of our Security Experts. In the meantime I'll drop a message to see if Jacee or Corinne (another Security Expert) can help you out with this:

Download DDS from one of these links:

Mirror 1 Mirror 2 Mirror 3

Disable any script blocking protection <LI sab="1806">Right click the dds icon to run the tool as Administrator
When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt <--- will be minimized in the task tray
Save both reports to your desktop.

Include the contents of both logs in your next post.

Regards,
Golden

***EDIT : I sent a message to Jacee and Corinne to have a look at this for you.

Jacee · Jul 5, 2011

The URL belongs to United States Isprime Inc
Do you recognize this ISP?
Are you file sharing? (P2P)

trie66 · Jul 5, 2011

Jacee, I don't recognize Isprime. No P2P file sharing.

Golden, Contents of both logs to follow.

Acuk, Checking your link next.

Thanks all.

Code:

DDS (Ver_2011-06-23.01) - NTFSAMD64 
Internet Explorer: 8.0.7601.17514
Run by Cathy at 18:02:56 on 2011-07-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6104.4328 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\dleacoms.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\splwow64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - Search Assistant BHO
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - Toolbar BHO
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: mlxchange.com\wpn
Trusted Zone: msn.com\dell
Trusted Zone: realtytools.com
Trusted Zone: Tabshttp://wpn.mlxchange.com/5.1.01.9506/Tools/ImageLink/ImageEditDlg.asp
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
Trusted Zone: trueforms.com\*
Trusted Zone: trueforms.com\www
Trusted Zone: trueformsonline.com\*
Trusted Zone: trueformsonline.com\www
DPF: {61BB6943-A0FF-4637-AA85-47290BDE178E} - hxxps://www.trueformsonline.com/Downloads/TFLauncher_2/tflauncher.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://wpn.mlxchange.com/5.1.01.9506/Control/IRCSharc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.northwood.com/_include/common/Aurigma/ImageUploader4.cab
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{129FBA54-28F2-4AF0-ABFC-66A7F9BF283A} : DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{129FBA54-28F2-4AF0-ABFC-66A7F9BF283A}\473757E616D696 : DhcpNameServer = 66.255.85.8 66.255.85.9
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
BHO-X64: {5d79f641-c168-40df-a32f-bacea7509e75} - Search Assistant BHO
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64:     Search Helper - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64:     URLRedirectionBHO - No File
BHO-X64: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - Toolbar BHO
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\wv4gzxua.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Cathy\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2010-5-31 89600]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-7-3 42184]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 dlea_device;dlea_device;C:\Windows\system32\dleacoms.exe -service --> C:\Windows\system32\dleacoms.exe -service [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-7-17 705856]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\dleaserv.exe [2010-7-25 33448]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-28 136176]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-28 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2011-07-05 17:08:18 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7CCDDD30-FFD8-472E-B62C-7A201BB20FA2}\mpengine.dll
2011-07-05 17:02:59 -------- d-----w- C:\Users\Cathy\AppData\Local\{B0998613-16B8-4964-B625-ACCA793D751F}
2011-07-05 02:33:52 -------- d-----w- C:\Users\Cathy\AppData\Local\{7C4C6A61-2D59-4C51-A9C3-8314B8C886C4}
2011-07-04 18:38:39 -------- d-----w- C:\Program Files (x86)\ESET
2011-07-04 17:22:41 864032 -c----w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_3c2ba3fc9a7a702965c7eeb981442ae190e690dc_cab_12c16fc2\btwdins.exe
2011-07-04 17:15:03 13824 ----a-w- C:\Windows\System32\ffnd.exe
2011-07-04 16:53:36 -------- d-----w- C:\Users\Cathy\AppData\Roaming\FreeFixer
2011-07-04 16:53:36 -------- d-----w- C:\Users\Cathy\AppData\Local\FreeFixer
2011-07-04 16:53:29 -------- d-----w- C:\Program Files\FreeFixer
2011-07-04 14:33:18 -------- d-----w- C:\Users\Cathy\AppData\Local\{4E98D70A-10F1-4BF1-B004-6F0D9612EFE2}
2011-07-04 03:23:04 -------- d-----w- C:\MGtools
2011-07-04 01:42:51 77312 ----a-w- C:\Windows\SysWow64\ztvunace26.dll
2011-07-04 01:42:51 162304 ----a-w- C:\Windows\SysWow64\ztvunrar36.dll
2011-07-04 01:42:50 75264 ----a-w- C:\Windows\SysWow64\unacev2.dll
2011-07-04 01:42:50 69632 ----a-w- C:\Windows\SysWow64\ztvcabinet.dll
2011-07-04 01:42:50 153088 ----a-w- C:\Windows\SysWow64\UNRAR3.dll
2011-07-04 01:42:49 -------- d-----w- C:\Users\Cathy\AppData\Roaming\Simply Super Software
2011-07-04 01:42:49 -------- d-----w- C:\ProgramData\Simply Super Software
2011-07-04 01:42:49 -------- d-----w- C:\Program Files (x86)\Trojan Remover
2011-07-03 23:25:15 -------- d-----w- C:\Windows\System32\SPReview
2011-07-03 23:24:29 -------- d-----w- C:\Windows\System32\EventProviders
2011-07-03 23:09:49 -------- d-sh--w- C:\$RECYCLE.BIN
2011-07-03 23:08:14 -------- d-----w- C:\ProgramData\RegCure
2011-07-03 22:10:20 -------- d-----w- C:\cComboFix22287c
2011-07-03 22:05:47 -------- d-----w- C:\Users\Cathy\AppData\Roaming\FixCleaner
2011-07-03 22:05:37 -------- d-----w- C:\Program Files (x86)\FixCleaner
2011-07-03 19:35:57 -------- d-----w- C:\Users\Cathy\AppData\Roaming\SUPERAntiSpyware.com
2011-07-03 18:04:43 98816 ----a-w- C:\Windows\sed.exe
2011-07-03 18:04:43 518144 ----a-w- C:\Windows\SWREG.exe
2011-07-03 18:04:43 256000 ----a-w- C:\Windows\PEV.exe
2011-07-03 18:04:43 208896 ----a-w- C:\Windows\MBR.exe
2011-07-03 18:03:30 -------- d-----w- C:\cComboFix
2011-07-03 17:59:57 -------- d-----w- C:\Users\Cathy\AppData\Local\{DB7B3E9F-A9C2-4D30-B421-2D49B1D0FFDE}
2011-07-03 16:51:54 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-07-03 16:51:53 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-07-03 16:51:38 40112 ----a-w- C:\Windows\avastSS.scr
2011-07-03 04:07:39 388096 ----a-r- C:\Users\Cathy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-03 04:07:38 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-07-03 03:42:49 -------- d-----w- C:\Users\Cathy\AppData\Local\{1C1E32E1-B27D-4C30-87D3-D5BE7EE0996A}
2011-07-03 03:37:22 -------- d-----w- C:\587fdcd6432f26a1a7
2011-07-03 03:36:22 -------- d-----w- C:\Users\Cathy\AppData\Local\{6F22307F-1E91-48CA-978A-F94E157AD1FC}
2011-07-03 03:25:28 -------- d-----w- C:\Users\Cathy\AppData\Local\{7E674969-9B23-4E56-BF88-C6C7D494314F}
2011-07-02 19:39:58 -------- d-----w- C:\Users\Cathy\AppData\Roaming\Windows Live Writer
2011-07-02 19:39:58 -------- d-----w- C:\Users\Cathy\AppData\Local\Windows Live Writer
2011-07-02 18:30:43 -------- d-----w- C:\Users\Cathy\AppData\Roaming\Malwarebytes
2011-07-02 18:30:34 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-02 11:47:52 -------- d-----w- C:\Users\Cathy\AppData\Local\{F5BDBC52-89CF-4F86-A914-688D38CA0AF0}
2011-07-02 06:44:59 933888 ----a-w- C:\Windows\System32\sqlsrv32.dll
2011-07-02 06:43:59 8192 ----a-w- C:\Windows\System32\KBDTUQ.DLL
2011-07-02 06:42:54 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-07-02 06:42:54 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-07-02 06:42:54 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-07-02 06:42:49 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-07-02 06:42:46 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-07-02 06:42:33 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-07-02 06:42:33 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-07-01 12:19:19 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-07-01 02:00:53 -------- d-----w- C:\Users\Cathy\AppData\Local\Deployment
2011-07-01 02:00:53 -------- d-----w- C:\Users\Cathy\AppData\Local\Apps
2011-06-30 22:23:52 -------- d-----w- C:\Windows\en
2011-06-30 22:21:11 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-06-30 22:21:11 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-06-30 22:21:09 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-06-30 22:21:09 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-06-30 22:20:37 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ee46193f1cc37730c\InstallManager_WLE_WLE.exe
2011-06-30 22:20:29 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea9bfb351cc37730a\DSETUP.dll
2011-06-30 22:20:29 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea9bfb351cc37730a\DXSETUP.exe
2011-06-30 22:20:29 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ea9bfb351cc37730a\dsetup32.dll
2011-06-30 22:20:28 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e91ad9391cc377309\DSETUP.dll
2011-06-30 22:20:28 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e91ad9391cc377309\DXSETUP.exe
2011-06-30 22:20:28 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e91ad9391cc377309\dsetup32.dll
2011-06-30 22:20:06 -------- d-----w- C:\Users\Cathy\AppData\Local\Windows Live
2011-06-30 01:27:25 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-06-29 23:50:34 -------- d-----w- C:\ProgramData\AVAST Software
2011-06-29 23:50:34 -------- d-----w- C:\Program Files\AVAST Software
2011-06-29 22:43:01 -------- d-----w- C:\48f0b1d1bef8a61d3a
2011-06-16 23:57:59 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-06-16 02:09:34 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-14 02:44:33 -------- d--h--w- C:\Users\Cathy\AppData\Local\Midnight Synergy
2011-06-14 02:42:57 -------- d-----w- C:\ProgramData\Big Fish Games
.
==================== Find3M  ====================
.
2011-07-03 23:34:37 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-07-03 23:34:37 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:06:58 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-22 22:08:29 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
.
============= FINISH: 18:11:40.26 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 7/22/2010 7:21:02 PM
System Uptime: 7/5/2011 5:52:13 PM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0G848F
Processor: Pentium(R) Dual-Core CPU       T4500  @ 2.30GHz | Microprocessor | 2300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 241.036 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP92: 7/3/2011 7:25:04 PM - Windows 7 Service Pack 1
RP93: 7/4/2011 3:00:11 AM - Windows Update
RP94: 7/4/2011 1:15:39 PM - Windows Update
RP95: 7/4/2011 1:58:05 PM - Windows Update
RP96: 7/5/2011 1:06:22 PM - Windows Update
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Advanced Audio FX Engine
avast! Free Antivirus
Banctec Service Agreement
Bejeweled
Bejeweled 2 Deluxe
Bejeweled(R) 3
Big Fish Games: Game Manager
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cozi
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Toolbar
Dell Webcam Central
DirectXInstallService
EMC 10 Content
ESET Online Scanner v3
Fishdom H2O: Hidden Odyssey ™
FreeFixer
GamesBar 2.0.1.78
Gardenscapes™
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
HiJackThis
Java Auto Updater
Java(TM) 6 Update 21
Junk Mail filter update
Live! Cam Avatar Creator
LoJack Factory Installer
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PowerDVD DX
RegCure
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Excel 2010 (KB2523021)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Sonic CinePlayer Decoder Pack
TelevisionFanatic
ToolkitCMA
Trojan Remover 6.8.2
TrueForms Online 4.6
TrueForms Online 4.6.0.23
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Update Installer for WildTangent Games App
WildTangent Games
WildTangent Games App (Dell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
7/5/2011 5:54:08 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/5/2011 5:53:14 PM, Error: VDS Basic Provider [1]  - Unexpected failure. Error code: [EMAIL="D@01010004"]D@01010004[/EMAIL]
7/5/2011 5:53:09 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  RxFilter SABKUTIL
7/5/2011 5:53:00 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService service to connect.
7/5/2011 5:53:00 PM, Error: Service Control Manager [7000]  - The dleaCATSCustConnectService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/5/2011 5:49:34 PM, Error: BTHUSB [17]  - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
7/4/2011 3:01:00 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070308: Update for Windows 7 for x64-based Systems (KB2547666).
7/4/2011 2:19:53 PM, Error: Service Control Manager [7034]  - The Dock Login Service service terminated unexpectedly.  It has done this 1 time(s).
7/4/2011 1:22:41 PM, Error: Service Control Manager [7031]  - The Windows Defender service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/3/2011 9:31:40 PM, Error: Microsoft-Windows-WMPNSS-Service [14353]  - A media delivery engine with ID '0' was not initialized due to error '0x80070005' when adding the URL 'http://+:10243/WMPNSSv4/2481121921/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
7/3/2011 9:31:40 PM, Error: Microsoft-Windows-WMPNSS-Service [14353]  - A media delivery engine with ID '0' was not initialized due to error '0x80070005' when adding the URL 'http://+:10243/WMPNSSv4/2066051128/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
7/3/2011 9:31:40 PM, Error: Microsoft-Windows-WMPNSS-Service [14349]  - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
7/3/2011 6:47:54 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
7/3/2011 6:45:17 PM, Error: Application Popup [1060]  - \??\C:\cComboFix22287c\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/3/2011 6:04:16 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR2.
7/3/2011 2:42:33 PM, Error: Application Popup [1060]  - \??\C:\cComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/3/2011 11:34:00 AM, Error: Microsoft Antimalware [3002]  - 
7/3/2011 11:30:36 AM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
7/3/2011 11:30:36 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
7/3/2011 11:30:36 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/3/2011 11:30:35 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/3/2011 11:30:33 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/3/2011 11:30:26 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/3/2011 11:27:47 AM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
7/3/2011 11:26:08 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
7/3/2011 11:25:47 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache MpFilter RxFilter SABKUTIL spldr Wanarpv6
7/3/2011 11:19:04 AM, Error: Service Control Manager [7038]  - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/3/2011 11:19:04 AM, Error: Service Control Manager [7038]  - The vds service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/3/2011 11:19:04 AM, Error: Service Control Manager [7038]  - The NisSrv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/3/2011 11:19:04 AM, Error: Service Control Manager [7000]  - The Virtual Disk service failed to start due to the following error:  The service did not start due to a logon failure.
7/3/2011 11:19:04 AM, Error: Service Control Manager [7000]  - The Microsoft Network Inspection service failed to start due to the following error:  The service did not start due to a logon failure.
7/3/2011 11:19:04 AM, Error: Service Control Manager [7000]  - The Diagnostic Service Host service failed to start due to the following error:  The service did not start due to a logon failure.
7/3/2011 11:19:04 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1069" attempting to start the service vds with arguments "" in order to run the server: {7D1933CB-86F6-4A98-8628-01BE94C9A575}
7/3/2011 11:18:07 AM, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  The service has not been started.
7/3/2011 11:18:07 AM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  A system shutdown is in progress.
7/2/2011 9:57:44 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswSnx aswSP aswTdi discache RxFilter SABKUTIL SASDIFSV SASKUTIL spldr Wanarpv6
7/2/2011 5:35:10 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
7/2/2011 2:34:21 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache RxFilter SABKUTIL spldr Wanarpv6
7/2/2011 2:26:42 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswSnx aswSP aswTdi discache RxFilter SABKUTIL spldr Wanarpv6
7/2/2011 11:54:33 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswSnx aswSP aswTdi discache MpFilter RxFilter SABKUTIL spldr Wanarpv6
7/2/2011 11:53:26 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.
7/2/2011 11:53:26 PM, Error: Service Control Manager [7000]  - The IPsec Policy Agent service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/2/2011 11:52:56 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Network Inspection service to connect.
7/2/2011 11:52:56 PM, Error: Service Control Manager [7000]  - The Microsoft Network Inspection service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/1/2011 9:55:51 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
7/1/2011 9:43:49 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
7/1/2011 8:19:51 AM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
7/1/2011 10:48:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7 for x64-based Systems.
6/30/2011 8:03:32 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2478661).
6/30/2011 6:36:54 PM, Error: NetBT [4321]  - The name "MSHOME         :1d" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 192.168.1.5 did not allow the name to be claimed by this computer.
6/29/2011 9:13:20 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
6/29/2011 7:06:43 PM, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
6/29/2011 7:05:19 PM, Error: Service Control Manager [7024]  - The Windows Firewall service terminated with service-specific error Access is denied..
6/29/2011 6:53:04 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/29/2011 6:49:05 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
6/29/2011 6:45:01 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache RxFilter SABKUTIL SASDIFSV SASKUTIL spldr Wanarpv6
.
==== End Of File ===========================

Jacee · Jul 6, 2011

First flush the DNS cache and restore MS's Hosts file:

Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop. Right click to run as Administrator. Your computer will reboot itself.

Next, unhide 'hidden files and folders'. From the control panel click on Folder Options, then the "View" tab. Tick 'show hidden objects' and uncheck 'hide extentions for known file types', press "apply" and "okay"

Now, navigate to
C:\Users\Cathy\AppData\Local\{4E98D70A-10F1-4BF1-B004-6F0D9612EFE2}
upload the data to Jotti's and have it scanned. Save the report and post it back here.
Jotti's malware scan

trie66 · Jul 6, 2011

Ran Flush, No file in directory

Ran Flush.bat, no problem.

There was not a file in the directory you specified.

I attached a .jpg of the settings page and the empty folder.

Thanks,

Jacee · Jul 6, 2011

Tell me if you're still getting re-directed with a Bing Search or a Google search

trie66 · Jul 7, 2011

Links still redirected

Still getting redirected with Bing and Google search.

Jacee · Jul 7, 2011

Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Right click (to run as Administrator) combofix.exe and follow the prompts.
When finished, it will produce a log for you. Post that log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
ComboFix.txt

trie66 · Jul 7, 2011

Combofix.txt

Here you go, thanks

ComboFix 11-07-05.03 - Cathy 07/07/2011 20:31:09.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6104.4402 [GMT -4:00]
Running from: c:\users\Cathy\Desktop\cComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-08 to 2011-07-08 )))))))))))))))))))))))))))))))
.
.
2011-07-08 01:00 . 2011-07-08 01:00 -------- d-----w- c:\users\Tim\AppData\Local\temp
2011-07-08 01:00 . 2011-07-08 01:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-08 00:22 . 2011-07-08 00:22 -------- d-----w- c:\users\Cathy\AppData\Local\{9C2D6791-BD13-4EE6-A3F8-73E50855F916}
2011-07-08 00:17 . 2011-07-08 00:18 -------- d-----w- c:\users\Cathy\AppData\Local\{2FCE3EF1-C33B-44F8-ABD6-7BD2C859D123}
2011-07-08 00:17 . 2011-07-08 00:17 -------- d-----w- c:\users\Cathy\AppData\Local\{0EC43B72-FAC5-4BDD-95F4-FAD9B422C51F}
2011-07-06 23:07 . 2011-07-06 23:07 -------- d-----w- c:\users\Tim\AppData\Roaming\Xerox
2011-07-06 23:04 . 2011-07-06 23:04 -------- d-----w- c:\users\Tim\AppData\Local\DataSafeOnline
2011-07-06 22:41 . 2011-07-06 22:41 -------- d-----w- c:\users\Cathy\AppData\Local\{A2EEB8D2-B4FB-402B-A4AD-68A09135CE3E}
2011-07-06 10:40 . 2011-07-06 10:40 -------- d-----w- c:\users\Cathy\AppData\Local\{09B1B58C-F592-41E3-B1DA-D0AF88055620}
2011-07-06 02:38 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 02:38 . 2011-07-06 02:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-06 00:42 . 2011-07-07 02:04 -------- d-----w- C:\## aswSnx private storage
2011-07-05 17:08 . 2011-06-20 12:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CCDDD30-FFD8-472E-B62C-7A201BB20FA2}\mpengine.dll
2011-07-05 17:02 . 2011-07-05 17:03 -------- d-----w- c:\users\Cathy\AppData\Local\{B0998613-16B8-4964-B625-ACCA793D751F}
2011-07-05 02:33 . 2011-07-05 02:34 -------- d-----w- c:\users\Cathy\AppData\Local\{7C4C6A61-2D59-4C51-A9C3-8314B8C886C4}
2011-07-04 18:38 . 2011-07-04 18:38 -------- d-----w- c:\program files (x86)\ESET
2011-07-04 17:22 . 2009-07-01 23:54 864032 -c----w- c:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_3c2ba3fc9a7a702965c7eeb981442ae190e690dc_cab_12c16fc2\btwdins.exe
2011-07-04 17:15 . 2010-03-08 10:10 13824 ----a-w- c:\windows\system32\ffnd.exe
2011-07-04 16:53 . 2011-07-04 17:15 -------- d-----w- c:\users\Cathy\AppData\Roaming\FreeFixer
2011-07-04 16:53 . 2011-07-04 16:53 -------- d-----w- c:\users\Cathy\AppData\Local\FreeFixer
2011-07-04 16:53 . 2011-07-07 02:02 -------- d-----w- c:\program files\FreeFixer
2011-07-04 15:20 . 2011-07-04 15:20 -------- d-----w- c:\users\Cathy\AppData\Local\Mozilla
2011-07-04 14:33 . 2011-07-04 14:33 -------- d-----w- c:\users\Cathy\AppData\Local\{4E98D70A-10F1-4BF1-B004-6F0D9612EFE2}
2011-07-04 03:23 . 2011-07-04 15:11 -------- d-----w- C:\MGtools
2011-07-03 23:25 . 2011-07-03 23:25 -------- d-----w- c:\windows\system32\SPReview
2011-07-03 23:24 . 2011-07-03 23:24 -------- d-----w- c:\windows\system32\EventProviders
2011-07-03 23:08 . 2011-07-03 23:11 -------- d-----w- c:\programdata\RegCure
2011-07-03 23:08 . 2011-07-03 23:10 -------- d-----w- c:\program files (x86)\RegCure
2011-07-03 22:05 . 2011-07-03 23:16 -------- d-----w- c:\users\Cathy\AppData\Roaming\FixCleaner
2011-07-03 22:05 . 2011-07-03 23:18 -------- d-----w- c:\program files (x86)\FixCleaner
2011-07-03 18:03 . 2011-07-03 19:07 -------- d-----w- C:\cComboFix
2011-07-03 17:59 . 2011-07-03 18:00 -------- d-----w- c:\users\Cathy\AppData\Local\{DB7B3E9F-A9C2-4D30-B421-2D49B1D0FFDE}
2011-07-03 04:07 . 2011-07-03 04:07 388096 ----a-r- c:\users\Cathy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-03 04:07 . 2011-07-03 04:07 -------- d-----w- c:\program files (x86)\Trend Micro
2011-07-03 03:42 . 2011-07-03 03:43 -------- d-----w- c:\users\Cathy\AppData\Local\{1C1E32E1-B27D-4C30-87D3-D5BE7EE0996A}
2011-07-03 03:37 . 2011-07-03 03:37 -------- d-----w- C:\587fdcd6432f26a1a7
2011-07-03 03:36 . 2011-07-03 03:36 -------- d-----w- c:\users\Cathy\AppData\Local\{6F22307F-1E91-48CA-978A-F94E157AD1FC}
2011-07-03 03:25 . 2011-07-03 03:25 -------- d-----w- c:\users\Cathy\AppData\Local\{7E674969-9B23-4E56-BF88-C6C7D494314F}
2011-07-02 19:39 . 2011-07-04 15:31 -------- d-----w- c:\users\Cathy\AppData\Local\Windows Live Writer
2011-07-02 19:39 . 2011-07-02 19:39 -------- d-----w- c:\users\Cathy\AppData\Roaming\Windows Live Writer
2011-07-02 18:30 . 2011-07-02 18:30 -------- d-----w- c:\users\Cathy\AppData\Roaming\Malwarebytes
2011-07-02 18:30 . 2011-07-02 18:30 -------- d-----w- c:\programdata\Malwarebytes
2011-07-02 11:47 . 2011-07-02 11:48 -------- d-----w- c:\users\Cathy\AppData\Local\{F5BDBC52-89CF-4F86-A914-688D38CA0AF0}
2011-07-02 06:44 . 2010-11-20 13:34 295808 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-07-02 06:43 . 2010-11-20 13:16 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2011-07-02 06:42 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-07-02 06:42 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-07-02 06:42 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-07-02 06:42 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-07-02 06:42 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-07-02 06:42 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-07-02 06:42 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-07-01 02:00 . 2011-07-01 02:01 -------- d-----w- c:\users\Cathy\AppData\Local\Deployment
2011-07-01 02:00 . 2011-07-01 02:00 -------- d-----w- c:\users\Cathy\AppData\Local\Apps
2011-06-30 22:23 . 2011-06-30 22:23 -------- d-----w- c:\windows\en
2011-06-30 22:22 . 2011-06-30 22:22 -------- d-----w- c:\program files\Windows Live
2011-06-30 22:21 . 2009-09-04 21:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-06-30 22:21 . 2009-09-04 21:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-06-30 22:21 . 2009-09-04 21:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-06-30 22:21 . 2009-09-04 21:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-06-30 22:20 . 2011-06-30 22:20 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ee46193f1cc37730c\InstallManager_WLE_WLE.exe
2011-06-30 22:20 . 2011-06-30 22:20 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ea9bfb351cc37730a\DSETUP.dll
2011-06-30 22:20 . 2011-06-30 22:20 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ea9bfb351cc37730a\DXSETUP.exe
2011-06-30 22:20 . 2011-06-30 22:20 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ea9bfb351cc37730a\dsetup32.dll
2011-06-30 22:20 . 2011-06-30 22:20 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e91ad9391cc377309\DSETUP.dll
2011-06-30 22:20 . 2011-06-30 22:20 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e91ad9391cc377309\DXSETUP.exe
2011-06-30 22:20 . 2011-06-30 22:20 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e91ad9391cc377309\dsetup32.dll
2011-06-30 22:20 . 2011-07-08 00:17 -------- d-----w- c:\users\Cathy\AppData\Local\Windows Live
2011-06-30 01:27 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-06-29 23:50 . 2011-05-10 12:10 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-29 23:50 . 2011-07-08 00:20 -------- d-----w- c:\programdata\AVAST Software
2011-06-29 23:50 . 2011-06-29 23:50 -------- d-----w- c:\program files\AVAST Software
2011-06-29 22:43 . 2011-06-29 23:03 -------- d-----w- C:\48f0b1d1bef8a61d3a
2011-06-16 23:57 . 2011-04-29 04:57 189952 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2011-06-16 02:09 . 2011-06-16 02:09 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-14 02:44 . 2011-06-14 02:44 -------- d--h--w- c:\users\Cathy\AppData\Local\Midnight Synergy
2011-06-14 02:42 . 2011-06-29 23:00 -------- d-----w- c:\programdata\Big Fish Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 15:11 . 2011-07-04 14:56 131887 ----a-w- C:\MGlogs.zip
2011-07-03 23:34 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-03 23:34 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-30 22:22 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-22 22:15 . 2011-05-25 13:48 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 07:02 . 2011-05-11 11:27 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:58 . 2011-05-25 13:48 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:02 . 2011-05-11 11:27 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 11:27 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-25 13:48 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-06_01.51.49 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-07-06 00:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-07-08 00:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-06 00:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-08 00:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-06 00:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-08 00:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-17 22:40 . 2011-07-08 00:23 45040 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-08 00:23 40262 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-24 03:18 . 2011-07-08 00:23 10936 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1004034769-3964568363-3058316472-1000_UserData.bin
+ 2010-07-22 16:01 . 2011-07-07 13:49 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-22 16:01 . 2011-07-05 20:55 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-22 16:01 . 2011-07-05 20:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-22 16:01 . 2011-07-07 13:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-05 20:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-07 13:49 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-22 23:40 . 2011-07-06 00:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-22 23:40 . 2011-07-08 00:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-29 16:30 . 2011-07-06 00:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-29 16:30 . 2011-07-08 00:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-29 16:30 . 2011-07-08 00:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-06-29 16:30 . 2011-07-06 00:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-06-29 16:30 . 2011-07-08 00:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2011-06-29 16:30 . 2011-07-06 00:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2010-07-22 23:40 . 2011-07-08 00:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-07-22 23:40 . 2011-07-06 00:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-07-22 23:40 . 2011-07-06 00:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-22 23:40 . 2011-07-08 00:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-22 23:50 . 2011-07-06 01:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-22 23:50 . 2011-07-08 00:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-22 23:50 . 2011-07-06 01:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-22 23:50 . 2011-07-08 00:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-17 22:27 . 2011-07-08 00:21 1792 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2010-07-17 22:27 . 2011-07-06 00:38 1792 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2011-07-08 00:21 . 2011-07-08 00:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-06 00:38 . 2011-07-06 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-08 00:21 . 2011-07-08 00:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-06 00:38 . 2011-07-06 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-07-23 12:36 . 2011-07-08 00:01 272864 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-07-08 00:27 624178 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-07-06 00:43 624178 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-07-06 00:43 106522 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-07-08 00:27 106522 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-07-06 00:38 352636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-08 00:21 352636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-07 01:55 . 2011-07-07 01:55 353404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1004034769-3964568363-3058316472-1003-12288.dat
+ 2011-07-04 17:16 . 2011-07-08 00:21 523568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1004034769-3964568363-3058316472-1000-12288.dat
- 2010-12-22 22:25 . 2011-07-04 14:53 3431532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1004034769-3964568363-3058316472-1000-8192.dat
+ 2010-12-22 22:25 . 2011-07-06 22:35 3431532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1004034769-3964568363-3058316472-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-01 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-10-02 560128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1033 /heur:80 /RA:ask /pup /archives /IA:0 /KBD:3 /wow /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 SABKUTIL;SABKUTIL; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-01-07 33448]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-01 136176]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-01 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-02 89600]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-01-07 1052328]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-01 03:12]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-01 03:12]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004034769-3964568363-3058316472-1000Core.job
- c:\users\Cathy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02 19:10]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004034769-3964568363-3058316472-1000UA.job
- c:\users\Cathy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02 19:10]
.
2011-07-07 c:\windows\Tasks\RegCure Program Check.job
- c:\program files (x86)\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-07-07 c:\windows\Tasks\RegCure.job
- c:\program files (x86)\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-06 384296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-25 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-21 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-21 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-21 365592]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2010-01-18 770728]
"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2010-01-18 139944]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: mlxchange.com\wpn
Trusted Zone: msn.com\dell
Trusted Zone: realtytools.com
Trusted Zone: Tabshttp://wpn.mlxchange.com/5.1.01.9506/Tools/ImageLink/ImageEditDlg.asp
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
Trusted Zone: trueforms.com\*
Trusted Zone: trueforms.com\www
Trusted Zone: trueformsonline.com\*
Trusted Zone: trueformsonline.com\www
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
DPF: {61BB6943-A0FF-4637-AA85-47290BDE178E} - hxxps://www.trueformsonline.com/Downloads/TFLauncher_2/tflauncher.dll
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://wpn.mlxchange.com/5.1.01.9506/Control/IRCSharc.cab
FF - ProfilePath - c:\users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\wv4gzxua.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{5d79f641-c168-40df-a32f-bacea7509e75} - (no file)
BHO-{cb41fc95-f1b3-4797-8bb6-1012ff62abba} - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-07 21:19:14
ComboFix-quarantined-files.txt 2011-07-08 01:19
.
Pre-Run: 254,562,541,568 bytes free
Post-Run: 254,204,764,160 bytes free
.
- - End Of File - - 907867846FE075AAB39352ECB4A7C5A5

Jacee · Jul 8, 2011

What was the reason you installed RegCure? Please uninstall this program.
Next, boot into safe mode and delete the folder. Reboot normally.

Give me a bit more time to look this over ... not a whole lot is showing here, and certainly not for a re-direct

Jacee · Jul 8, 2011

I see you are posting here too, and Gringo is helping you.

Please post in only one forum, as we can all get terribly confused when you follow two helpers on two different forums.

IE8 and Google Chrome Redirect

trie66 · Jul 8, 2011

I apologize for the Confusion

My apologies, I posted there first and had not heard anything so I went searching for others to help. I gave up checking that forum when this dialog began. I will apologize to Gringo and would like to hear what else you have to say.

I plan to stick with this forum.

Jacee · Jul 9, 2011

Download OTS to your Desktop and double-click on it to run it

Make sure you close all other programs and don't use the PC while the scan runs.
Select All Users
Under additional scans select the following

Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
When the scan is complete Notepad will open with the report file loaded in it.
Please attach the log in your next post.

trie66 · Jul 9, 2011

OTS Log

OTS Log is attached, thanks
I was connected to the internet if it matters, will run again, not connected if it makes a difference.

Jacee · Jul 9, 2011

Please disconnect from the Internet and also disconnect from your modem.. I'm having a problem reviewing the .txt log
Run the scan again.

Vgolfmaster · Jul 10, 2011

Here is the .txt log that was posted, it opened fine for me.

-------------------------------------------

Code:

OTS logfile created on: 7/9/2011 9:04:03 PM - Run 1
OTS by OldTimer - Version 3.1.44.0     Folder = C:\Users\Cathy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 72.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 234.43 Gb Free Space | 82.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.87 Gb Total Space | 0.78 Gb Free Space | 41.57% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CATHY-PC
Current User Name: Cathy
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\Cathy\Desktop\OTS.exe -> [2011/07/09 20:57:24 | 000,645,120 | ---- | M] (OldTimer Tools)
avastui.exe -> C:\Program Files\AVAST Software\Avast\AvastUI.exe -> [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software)
avastsvc.exe -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software)
dsupd.exe -> C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe -> [2011/01/13 15:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell)
toaster.exe -> C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe -> [2011/01/13 15:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell)
stservice.exe -> C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe -> [2011/01/13 15:39:32 | 000,783,680 | ---- | M] ()
sftservice.exe -> C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -> [2011/01/13 15:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS)
datasafeonline.exe -> C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe -> [2010/02/09 14:34:00 | 001,807,680 | ---- | M] ()
ezprint.exe -> C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe -> [2010/01/18 13:13:32 | 000,139,944 | ---- | M] ()
dleamon.exe -> C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe -> [2010/01/18 13:13:28 | 000,770,728 | ---- | M] ()
pdvddxsrv.exe -> C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe -> [2009/12/29 17:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.)
roxioburnlauncher.exe -> C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe -> [2009/06/18 22:46:24 | 000,494,064 | ---- | M] ()
docklogin.exe -> C:\Program Files\Dell\DellDock\DockLogin.exe -> [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation)
iaanotif.exe -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation)
iaantmon.exe -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation)
sprtsvc.exe -> C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -> [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.)
sprtcmd.exe -> C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe -> [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.)
 
[Modules - Safe List]
ots.exe -> C:\Users\Cathy\Desktop\OTS.exe -> [2011/07/09 20:57:24 | 000,645,120 | ---- | M] (OldTimer Tools)
snxhk.dll -> C:\Program Files\AVAST Software\Avast\snxhk.dll -> [2011/07/04 07:43:51 | 000,199,792 | ---- | M] (AVAST Software)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll -> [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
64bit-(avast! Antivirus)  [Auto | Running] -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software)
64bit-(!SASCORE)  [Auto | Running] -> C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -> [2011/05/04 13:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com)
64bit-(STacSV)  [Auto | Running] -> C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\stacsv64.exe -> [2010/02/25 14:03:00 | 000,244,736 | ---- | M] (IDT, Inc.)
64bit-(dlea_device)  [Auto | Running] -> C:\Windows\SysNative\dleacoms.exe -> [2010/01/07 17:09:38 | 001,052,328 | ---- | M] ( )
64bit-(dleaCATSCustConnectService)  [Auto | Stopped] -> C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleaserv.exe -> [2010/01/07 17:09:33 | 000,033,448 | ---- | M] ()
64bit-(wltrysvc)  [Auto | Running] -> C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -> [2009/07/16 21:06:22 | 000,033,280 | ---- | M] ()
64bit-(WinDefend)  [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
64bit-(btwdins)  [Auto | Running] -> c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -> [2009/07/01 19:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.)
64bit-(DockLoginService)  [Auto | Running] -> C:\Program Files\Dell\DellDock\DockLogin.exe -> [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation)
64bit-(AESTFilters)  [Auto | Running] -> C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe -> [2009/03/02 14:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation)
(SftService) SoftThinks Agent Service [Auto | Running] -> C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -> [2011/01/13 15:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS)
(GamesAppService) GamesAppService [On_Demand | Stopped] -> C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -> [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.)
(GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -> [2010/07/17 18:16:04 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(dlea_device) dlea_device [Auto | Running] -> C:\Windows\SysWow64\dleacoms.exe -> [2010/01/07 17:09:23 | 000,598,696 | ---- | M] ( )
(RoxMediaDB10) RoxMediaDB10 [On_Demand | Stopped] -> c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -> [2009/06/26 12:19:12 | 001,124,848 | ---- | M] (Sonic Solutions)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
(IAANTMON) Intel(R) Matrix Storage Event Monitor [Auto | Running] -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation)
(sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) [Auto | Running] -> C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -> [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.)
 
[Driver Services - Safe List]
64bit-(aswMonFlt) aswMonFlt [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2011/07/04 07:32:24 | 000,064,856 | ---- | M] (AVAST Software)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company)
64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation)
64bit-(ApfiltrService) Alps Touch Pad Filter Driver for Windows x64 [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Apfiltr.sys -> [2010/04/15 17:40:10 | 000,301,688 | ---- | M] (Alps Electric Co., Ltd.)
64bit-(STHDA) IDT High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\stwrt64.sys -> [2010/02/25 14:03:00 | 000,505,856 | ---- | M] (IDT, Inc.)
64bit-(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -> [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
64bit-(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\saskutil64.sys -> [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2009/11/06 11:05:32 | 007,370,304 | ---- | M] (Intel Corporation)
64bit-(btwrchid) btwrchid [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btwrchid.sys -> [2009/08/04 20:28:36 | 000,021,160 | ---- | M] (Broadcom Corporation.)
64bit-(btwavdt) Bluetooth AVDT [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btwavdt.sys -> [2009/08/04 20:28:32 | 000,132,648 | ---- | M] (Broadcom Corporation.)
64bit-(btwaudio) Bluetooth Audio Device Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btwaudio.sys -> [2009/08/04 20:28:32 | 000,098,344 | ---- | M] (Broadcom Corporation.)
64bit-(btwl2cap) Bluetooth L2CAP Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btwl2cap.sys -> [2009/08/04 20:28:32 | 000,035,104 | ---- | M] (Broadcom Corporation.)
64bit-(BCM42RLY) BCM42RLY [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\bcm42rly.sys -> [2009/07/16 21:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation)
64bit-(BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\BCMWL664.SYS -> [2009/07/16 21:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(WSDPrintDevice) WSD Print Support via UMB [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\WSDPrint.sys -> [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation)
64bit-(PxHlpa64) PxHlpa64 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\PxHlpa64.sys -> [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions)
64bit-(CtClsFlt) Creative Camera Class Upper Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CtClsFlt.sys -> [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.)
64bit-(Ntfs) Ntfs [File_System | On_Demand | Running] -> C:\Windows\SysNative\wbem\ntfs.mof -> [2009/06/10 16:38:56 | 000,000,308 | ---- | M] ()
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation)
64bit-(yukonw7) NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\yk62x64.sys -> [2009/05/19 23:10:00 | 000,393,728 | ---- | M] (Marvell)
64bit-(RSUSBSTOR) RtsUStor.Sys Realtek USB Card Reader [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\RtsUStor.sys -> [2009/05/08 04:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.)
64bit-(WimFltr) WimFltr [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\WimFltr.sys -> [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation)
(RxFilter) RxFilter [File_System | System | Stopped] -> C:\Windows\SysWOW64\drivers\RxFilter.sys -> [2009/06/26 11:27:28 | 000,065,520 | ---- | M] (Sonic Solutions)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000\] > -> -> 
HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000\: Main\\"Start Page" -> about:blank -> 
HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Users\Cathy\AppData\Roaming\Mozilla\FireFox\Profiles\wv4gzxua.default\prefs.js -> 
network.proxy.type -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files (x86)\TelevisionFanatic\bar\1.bin [C:\PROGRAM FILES (X86)\TELEVISIONFANATIC\BAR\1.BIN] -> [2011/07/01 23:55:42 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\AVAST Software\Avast\WebRep\FF [C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF] -> [2011/07/07 21:41:13 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 5.0\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2011/07/04 11:20:14 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\Cathy\AppData\Roaming\Mozilla\Extensions -> [2011/07/04 11:20:30 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2011/07/04 11:20:14 | 000,000,000 | ---D | M]
No name found ->  -> File not found
TelevisionFanatic -> C:\PROGRAM FILES (X86)\TELEVISIONFANATIC\BAR\1.BIN -> [2011/07/01 23:55:42 | 000,000,000 | ---D | M]
< HOSTS File > ([2011/07/06 21:54:59 | 000,000,021 | RHS- | M] - 1 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
127.0.0.1 localhost
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [avast! WebRep] -> [2011/07/04 07:43:43 | 000,978,496 | ---- | M] (AVAST Software)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll [Google Toolbar Notifier BHO] -> [2011/04/26 19:37:11 | 000,341,048 | ---- | M] (Google Inc.)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{09B71986-2AC5-482d-B6CB-42EA34F4F85B} [HKLM] -> C:\Program Files\Dell Printable Web\toolband.dll [Dell Toolbar] -> [2008/12/10 05:10:06 | 000,253,952 | ---- | M] ()
{5d79f641-c168-40df-a32f-bacea7509e75} [HKLM] -> Reg Error: Key error. [Search Assistant BHO] -> File not found
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/07/04 07:43:50 | 000,820,864 | ---- | M] (AVAST Software)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [Google Toolbar Notifier BHO] -> [2011/04/26 19:37:11 | 001,007,160 | ---- | M] (Google Inc.)
{cb41fc95-f1b3-4797-8bb6-1012ff62abba} [HKLM] -> Reg Error: Key error. [Toolbar BHO] -> File not found
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [avast! WebRep] -> [2011/07/04 07:43:43 | 000,978,496 | ---- | M] (AVAST Software)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" [HKLM] -> C:\Program Files\Dell Printable Web\toolband.dll [Dell Toolbar] -> [2008/12/10 05:10:06 | 000,253,952 | ---- | M] ()
"{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/07/04 07:43:50 | 000,820,864 | ---- | M] (AVAST Software)
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Apoint" -> C:\Program Files\DellTPad\Apoint.exe [C:\Program Files\DellTPad\Apoint.exe] -> [2010/04/05 20:46:28 | 000,384,296 | ---- | M] (Alps Electric Co., Ltd.)
"Broadcom Wireless Manager UI" -> C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe] -> [2009/07/16 21:06:22 | 004,968,960 | ---- | M] (Dell Inc.)
"dleamon.exe" -> C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ["C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe"] -> [2010/01/18 13:13:28 | 000,770,728 | ---- | M] ()
"EzPrint" -> C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ["C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe"] -> [2010/01/18 13:13:32 | 000,139,944 | ---- | M] ()
"HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2010/02/21 18:35:20 | 000,387,608 | ---- | M] (Intel Corporation)
"IAAnotif" -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe] -> [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2010/02/21 18:35:30 | 000,165,912 | ---- | M] (Intel Corporation)
"Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2010/02/21 18:35:26 | 000,365,592 | ---- | M] (Intel Corporation)
"SysTrayApp" -> C:\Program Files\IDT\WDM\sttray64.exe [C:\Program Files\IDT\WDM\sttray64.exe] -> [2010/02/25 14:03:00 | 000,487,424 | ---- | M] (IDT, Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"avast" -> C:\Program Files\AVAST Software\Avast\avastUI.exe ["C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui] -> [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software)
"Dell DataSafe Online" -> C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ["C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m] -> [2010/02/09 14:34:00 | 001,807,680 | ---- | M] ()
"Dell Webcam Central" -> C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe ["C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2] -> [2009/06/24 17:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd)
"DellSupportCenter" -> C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.)
"Desktop Disc Tool" -> c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ["c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"] -> [2009/06/18 22:46:24 | 000,494,064 | ---- | M] ()
"PDVDDXSrv" -> C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe ["C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"] -> [2009/12/29 17:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.)
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
""C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"" -> C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] -> [2010/10/01 21:15:07 | 000,560,128 | ---- | M] (Dell)
< Run [HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000\] > -> HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2011/06/30 09:50:13 | 002,988,928 | ---- | M] (SUPERAntiSpyware.com)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000] > -> HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000\Software\Policies\Microsoft\Internet Explorer\Recovery
\Recovery\\"NoReopenLastSession" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoBandCustomize" ->  [0] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [0] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
\\"EnableLUA" ->  [0] -> File not found
\\"PromptOnSecureDesktop" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000] > -> HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoBandCustomize" ->  [0] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000] > -> HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000\] > -> HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Send image to &Bluetooth Device... -> c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm] -> [2008/12/10 12:36:32 | 000,001,430 | -H-- | M] ()
Send page to &Bluetooth Device... -> c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm] -> [2008/12/10 12:36:32 | 000,003,989 | -H-- | M] ()
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000\] > -> HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Send image to &Bluetooth Device... -> c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm] -> [2008/12/10 12:36:32 | 000,001,430 | -H-- | M] ()
Send page to &Bluetooth Device... -> c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm] -> [2008/12/10 12:36:32 | 000,003,989 | -H-- | M] ()
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{CCA281CA-C863-46ef-9331-5C8D4460577F}:c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [HKLM] -> c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015] -> [2008/12/10 12:36:32 | 000,003,989 | -H-- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}:c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [HKLM] -> c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [Menu: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650] -> [2008/12/10 12:36:32 | 000,003,989 | -H-- | M] ()
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{CCA281CA-C863-46ef-9331-5C8D4460577F}:c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [HKLM] -> c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [Button: Send To Bluetooth] -> [2008/12/10 12:36:32 | 000,003,989 | -H-- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}:c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [HKLM] -> c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [Menu: Send to &Bluetooth Device...] -> [2008/12/10 12:36:32 | 000,003,989 | -H-- | M] ()
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000\] > -> HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000\Software\Microsoft\Internet Explorer\Extensions\ -> 
64bit-CmdMapping\\"{CCA281CA-C863-46ef-9331-5C8D4460577F}" [HKLM] ->  [@c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015;Send To Bluetooth] -> File not found
CmdMapping\\"{CCA281CA-C863-46ef-9331-5C8D4460577F}" [HKLM] -> @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 [Send To Bluetooth;@c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015;Send To Bluetooth] -> File not found
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000\] > -> HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 8 domain(s) found. -> 
wpn_mlxchange.com [http] -> Trusted sites -> 
dell_msn.com [http] -> Trusted sites -> 
realtytools.com .[http] -> Trusted sites -> 
Tabshttp://wpn.mlxchange.com/5.1.01.9506/Tools/ImageLink/ImageEditDlg.asp .[about] -> Trusted sites -> 
toolkitcma.com .[http] -> Trusted sites -> 
toolkitcma2.com .[http] -> Trusted sites -> 
*_trueforms.com [http] -> Trusted sites -> 
*_trueforms.com [https] -> Trusted sites -> 
www_trueforms.com [http] -> Trusted sites -> 
www_trueforms.com [https] -> Trusted sites -> 
*_trueformsonline.com [https] -> Trusted sites -> 
www_trueformsonline.com [http] -> Trusted sites -> 
www_trueformsonline.com [https] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000\] > -> HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1004034769-3964568363-3058316472-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< 64bit-Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] -> 
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{61BB6943-A0FF-4637-AA85-47290BDE178E} [HKLM] -> https://www.trueformsonline.com/Downloads/TFLauncher_2/tflauncher.dll [TFLauncherCtrl Class] -> 
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [Reg Error: Key error.] -> 
{83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} [HKLM] -> http://wpn.mlxchange.com/5.1.01.9506/Control/IRCSharc.cab [GeacRevw Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> 
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [get_atlcom Class] -> 
{EDFCB7CB-942C-4822-AF14-F0B687409848} [HKLM] -> http://www.northwood.com/_include/common/Aurigma/ImageUploader4.cab [Image Uploader Control] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.1 71.252.0.12 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{129FBA54-28F2-4AF0-ABFC-66A7F9BF283A}\\DhcpNameServer -> 192.168.1.1 71.252.0.12   (Dell Wireless 1397 WLAN Mini-Card) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 21:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
GoToAssist ->  -> File not found
igfxcui -> C:\Windows\SysNative\igfxdev.dll -> [2009/11/06 09:52:20 | 000,259,584 | ---- | M] (Intel Corporation)
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{007B26D5-2A87-4A4D-8FCC-FE83A1D9FC83} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | 
{0540014C-464B-4485-9EA5-378C1D90498D} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | 
{0F3E0E27-6593-408B-BE5A-AF34B5E00A0F} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{0FCFBDFE-AAAC-4FFB-96C5-5E1262CC6979} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31277 | app=system | 
{138E4BBE-9353-4CAD-B01C-0FC0D963F55A} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{158E5F18-D0C3-4494-8581-AA6FEE85F17D} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28523 | app=system | 
{1E8484A9-C57A-4EA1-B092-DD9E5883CF58} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28527 | app=system | 
{378F159B-71CB-4F76-8955-A866371F37B7} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{3E8C2841-1136-4A5A-9795-0CE5AE8FB129} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28507 | app=system | 
{445C78FF-D98F-4ACF-A303-D007420809EB} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31285 | app=system | 
{449A38C1-9DD8-472A-A868-032217691628} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28515 | app=system | 
{4E7F0589-6630-41AF-BC61-9DF5BA033254} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{58764322-1CC1-401B-B05D-7B2494380AD8} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{7083F585-BF9E-455C-A392-8DE1663A4C69} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{89BFF1BA-E551-47BC-B574-079136D13587} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{94B478ED-C060-403B-A53E-F4806882F3EB} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28519 | app=system | 
{9E461BC0-3101-4BD0-85ED-F3E98D25CF9C} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{A3A98D5E-5C57-4B9A-BDF7-7085C7D777C0} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28511 | app=system | 
{A9A25722-E2E6-4B36-9B78-FE9F4F1FDC85} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | 
{CBE19E5E-1BA9-43A6-9C29-60A7C59AE721} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28539 | svc=rpcss | 
{D867CD78-54C4-430C-98A3-CC130FC5FAEF} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{E57F186C-E9F0-40E3-9300-053EEE5F5D78} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | 
{F0B45D52-807A-460C-BA14-DFA118C84F97} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
{F0D30CA0-5712-41BA-82DF-5628837ADE7B} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31289 | app=system | 
{FD849492-99FC-48ED-A1EC-D8A200C94B40} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28531 | app=system | 
{FF38A0B3-AD20-46B3-927D-B4370AE07281} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28503 | app=system | 
{FFC05DB0-0F43-4DC6-966E-4A18F93BFE6E} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{17CF7CA1-550D-42B6-ABC1-14ECE298B8BD} -> profile=private | protocol=1 | dir=in | action=allow | [email protected],-28543 | 
{1EA6DB91-414D-437A-AB9E-A9DA5286306D} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
{2139F981-7FB3-4798-BE31-2A5CD215864D} -> dir=in | action=allow | name=lexmark communications system | app=c:\windows\system32\dleacoms.exe | 
{2B825995-B4FF-429B-9BA2-1A96CF449645} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{3F7E7931-AE34-4582-BF7F-E27CF9553C0B} -> profile=public | protocol=17 | dir=in | action=allow | name=mcafee shared service host | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
{57A05AD6-13B2-4E89-8CDE-63547D3A8FF0} -> profile=private | protocol=17 | dir=in | action=allow | name=mcafee shared service host | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
{57C2DB23-199E-41A6-AFF0-1781266D3EE4} -> profile=private | protocol=6 | dir=in | action=allow | name=mcafee shared service host | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
{68BA4534-61D5-4FA8-B836-88F339C6EFD6} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31281 | app=system | 
{73591D45-D613-4BE5-AA61-D1D35521223D} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{770E2CC5-42CE-4C3A-A681-A261E4580E86} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31293 | app=%programfiles%\windows media player\wmplayer.exe | 
{780C92F0-16E5-4B94-8AAE-0F5634A7EAD3} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31007 | app=%programfiles%\windows media player\wmplayer.exe | 
{7AD264BB-1D39-47DF-9676-0DC0B1EC9B3C} -> dir=in | action=allow | name=lexmark communications system | app=c:\windows\system32\dleacoms.exe | 
{8327935D-39E3-4DE3-A83A-3685CC781462} -> profile=private | protocol=17 | dir=in | action=allow | name=abbyy finereader | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
{8A053324-9424-4AD4-897A-BB0CBCC366C8} -> profile=private | protocol=1 | dir=out | action=allow | [email protected],-28544 | 
{93210550-B834-4174-86A2-B56B25908DBE} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31301 | app=%programfiles%\windows media player\wmplayer.exe | 
{963672B6-EDE8-477F-BE8A-AB261E500BA0} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{96E57D93-1764-4506-8081-4ADB8902FA59} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
{98C284A3-E366-4B01-852A-250D72F25FEC} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31003 | app=%programfiles%\windows media player\wmplayer.exe | 
{9B7675E5-6B0F-4C54-A9FE-0245CDCB732B} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31011 | app=%programfiles%\windows media player\wmplayer.exe | 
{9D35DD58-AF2A-4D90-AD79-B11FA58382A8} -> dir=in | action=allow | name=cyberlink powerdvd dx resident program | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe | 
{A169F9B9-8C8A-41D3-803E-8C75AABC91AB} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
{A18F3259-4FF7-4379-84AC-A3EE7A5103E8} -> profile=private | protocol=58 | dir=out | action=allow | [email protected],-28546 | 
{AACEB44A-F9A3-4ACF-928F-444043173D62} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{AC15B4CB-65B0-4FF9-B6FD-E5AF5AFB1E2E} -> dir=in | action=allow | name=cyberlink powerdvd dx | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe | 
{B58DEBC2-D683-433B-806F-0B52135BBB16} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
{B733449C-3EE6-4131-BA81-ED2FF7699698} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{B7A2B0E2-474C-4FEB-B840-2DB00A284874} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
{BBE40933-9C6B-48CD-AAEF-3AC0715C6C40} -> profile=private | protocol=6 | dir=in | action=allow | [email protected],-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{C1593DCF-164C-49D7-A1D5-606DA9F07F35} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{C26BA90B-667E-48B8-8A61-C2F0B8D6AA06} -> dir=in | action=allow | name=v310-v510 series server | app=c:\windows\system32\dleacoms.exe | 
{C2C148B5-D3FA-405F-BA2C-D235C6A5A686} -> dir=in | action=allow | name=lexmark communications system | app=c:\windows\system32\dleacoms.exe | 
{CB7D5128-0588-47BB-961B-26F55DDB0C75} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31297 | app=%programfiles%\windows media player\wmplayer.exe | 
{CECAA23B-D819-40B2-A36A-651F47794623} -> profile=private | protocol=58 | dir=in | action=allow | [email protected],-28545 | 
{E09A0C87-EA0C-41EB-A791-890353ABE151} -> profile=private | protocol=6 | dir=in | action=allow | name=abbyy finereader | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
{E6BAAC6E-08F2-4A27-8936-65C7FA613100} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{E819124A-277D-4E38-9A6E-8530DBE6B435} -> profile=public | protocol=6 | dir=in | action=allow | name=mcafee shared service host | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [\SystemRoot\system32\drivers\cdrom.sys] -> File not found
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< 64bit-Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> 
"msacm.l3acm" -> C:\Windows\SysNative\l3codeca.acm [C:\Windows\System32\l3codeca.acm] -> [2009/07/13 21:38:53 | 000,081,408 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> 
"msacm.l3acm" -> C:\Windows\SysWOW64\l3codeca.acm [C:\Windows\SysWOW64\l3codeca.acm] -> [2009/07/13 21:14:10 | 000,064,000 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
"vidc.cvid" -> C:\Windows\SysWow64\iccvid.dll [iccvid.dll] -> [2010/11/20 08:19:17 | 000,082,944 | ---- | M] (Radius Inc.)
< 64bit-SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> 
!SASCORE -> C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -> [2011/05/04 13:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com)
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
{D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices
AppMgmt -> 32bit -> File not found
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
HelpSvc -> Service
MCODS -> Reg Error: Value error.
NTDS -> 32bit -> File not found
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
sacsvr -> Service
SCSI Class -> Driver Group
System Bus Extender -> Driver Group
TrustedInstaller -> 32bit -> File not found
vmms -> Service
WinDefend -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> 
!SASCORE -> 64bit -> File not found
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
{D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices
AppInfo -> 64bit -> File not found
AppMgmt -> 64bit -> File not found
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
DcomLaunch -> 64bit -> File not found
EFS -> 64bit -> File not found
EventLog -> 64bit -> File not found
File system -> Driver Group
Filter -> Driver Group
HelpSvc -> Service
KeyIso -> 64bit -> File not found
MCODS -> Reg Error: Value error.
Netlogon -> 64bit -> File not found
NTDS -> 64bit -> File not found
PCI Configuration -> Driver Group
PlugPlay -> 64bit -> File not found
PNP Filter -> Driver Group
Power -> 64bit -> File not found
Primary disk -> Driver Group
ProfSvc -> 64bit -> File not found
RpcEptMapper -> 64bit -> File not found
RpcSs -> 64bit -> File not found
sacsvr -> Service
SCSI Class -> Driver Group
sermouse.sys -> 64bit -> File not found
SWPRV -> 64bit -> File not found
System Bus Extender -> Driver Group
TabletInputService -> 64bit -> File not found
TBS -> 64bit -> File not found
VDS -> 64bit -> File not found
vga.sys -> 64bit -> File not found
vgasave.sys -> 64bit -> File not found
vmms -> Service
volmgr.sys -> 64bit -> File not found
volmgrx.sys -> 64bit -> File not found
Wdf01000.sys -> 64bit -> File not found
WinDefend -> 64bit -> File not found
WinMgmt -> 64bit -> File not found
WudfPf -> 64bit -> File not found
WudfRd -> 64bit -> File not found
WudfSvc -> 64bit -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-batfile [open] -> "%1" %* -> File not found
64bit-cmdfile [open] -> "%1" %* -> File not found
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
64bit-htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" -> [2009/07/13 21:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation)
64bit-https [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" -nohome -> [2010/11/20 09:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation)
64bit-inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> [2009/07/13 21:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation)
64bit-InternetShortcut [open] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l -> [2009/07/13 21:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation)
64bit-InternetShortcut [print] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" -> [2009/07/13 21:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation)
64bit-piffile [open] -> "%1" %* -> File not found
64bit-scrfile [config] -> "%1" -> File not found
64bit-scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> File not found
64bit-scrfile [open] -> "%1" /S -> File not found
64bit-Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> File not found
64bit-Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2010/11/20 09:24:33 | 000,345,088 | ---- | M] (Microsoft Corporation)
64bit-Directory [find] -> %SystemRoot%\Explorer.exe -> [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
64bit-Folder [open] -> %SystemRoot%\Explorer.exe -> [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
64bit-Drive [find] -> %SystemRoot%\Explorer.exe -> [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
batfile [open] -> "%1" %* -> 
cmdfile [open] -> "%1" %* -> 
comfile [open] -> "%1" %* -> 
cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2009/07/13 21:14:15 | 000,113,152 | ---- | M] (Microsoft Corporation)
exefile [open] -> "%1" %* -> 
https [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" -nohome -> [2010/11/20 09:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation)
piffile [open] -> "%1" %* -> 
scrfile [config] -> "%1" -> 
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> 
scrfile [open] -> "%1" /S -> 
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> 
Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2010/11/20 08:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation)
Directory [find] -> %SystemRoot%\Explorer.exe -> [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
Folder [open] -> %SystemRoot%\Explorer.exe -> [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 7/4/2011 11:31:15 AM Computer Name = Cathy-PC | Source = SideBySide | ID = 16842832 -> Description = Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line .  A component version required by the application conflicts with another component version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.  Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Application [ Error ] 7/4/2011 12:53:31 PM Computer Name = Cathy-PC | Source = SideBySide | ID = 16842832 -> Description = Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line .  A component version required by the application conflicts with another component version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.  Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Application [ Error ] 7/4/2011 12:53:31 PM Computer Name = Cathy-PC | Source = SideBySide | ID = 16842832 -> Description = Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line .  A component version required by the application conflicts with another component version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.  Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Application [ Error ] 7/4/2011 1:22:38 PM Computer Name = Cathy-PC | Source = Application Error | ID = 1000 -> Description = Faulting application name: svchost.exe_WinDefend, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1  Faulting module name: mpengine.dll, version: 1.1.7000.0, time stamp: 0x4dee5a06  Exception code: 0xc0000005  Fault offset: 0x00000000000ec36b  Faulting process id: 0x1530  Faulting application start time: 0x01cc3a6e8b34d76c  Faulting application path: C:\Windows\System32\svchost.exe  Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{447285C4-946F-4052-A70F-FB6CBA4EC8C4}\mpengine.dll  Report Id: 36d31f16-a662-11e0-ba95-f04da27a936b
Application [ Error ] 7/4/2011 1:56:01 PM Computer Name = Cathy-PC | Source = DataSafe.exe | ID = 0 -> Description = ReadConfigFile
Application [ Error ] 7/4/2011 1:56:01 PM Computer Name = Cathy-PC | Source = DataSafe.exe | ID = 0 -> Description = Config file content invalid
Application [ Error ] 7/4/2011 1:56:15 PM Computer Name = Cathy-PC | Source = DataSafe.exe | ID = 0 -> Description = ReadConfigFile
Application [ Error ] 7/4/2011 1:56:15 PM Computer Name = Cathy-PC | Source = DataSafe.exe | ID = 0 -> Description = Config file content invalid
Application [ Error ] 7/5/2011 5:54:54 PM Computer Name = Cathy-PC | Source = SideBySide | ID = 16842832 -> Description = Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line .  A component version required by the application conflicts with another component version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.  Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Application [ Error ] 7/5/2011 5:54:54 PM Computer Name = Cathy-PC | Source = SideBySide | ID = 16842832 -> Description = Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line .  A component version required by the application conflicts with another component version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.  Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Dell [ Error ] 11/15/2010 10:29:54 PM Computer Name = Cathy-PC | Source = DataSafe | ID = 17 -> Description = The process was interrupted before completion.
Dell [ Error ] 11/15/2010 10:29:54 PM Computer Name = Cathy-PC | Source = DataSafe | ID = 17 -> Description = The process was interrupted before completion.
Dell [ Error ] 3/2/2011 4:09:16 PM Computer Name = Cathy-PC | Source = DataSafe | ID = 17 -> Description = The process was interrupted before completion.
Dell [ Error ] 3/2/2011 4:09:16 PM Computer Name = Cathy-PC | Source = DataSafe | ID = 17 -> Description = The process was interrupted before completion.
Dell [ Error ] 3/25/2011 6:07:16 PM Computer Name = Cathy-PC | Source = DataSafe | ID = 17 -> Description = The process was interrupted before completion.
System [ Error ] 4/27/2011 9:42:29 PM Computer Name = Cathy-PC | Source = BTHUSB | ID = 327697 -> Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System [ Error ] 4/28/2011 7:42:38 AM Computer Name = Cathy-PC | Source = BTHUSB | ID = 327697 -> Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System [ Error ] 4/28/2011 8:19:30 AM Computer Name = Cathy-PC | Source = BTHUSB | ID = 327697 -> Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System [ Error ] 4/28/2011 9:45:46 AM Computer Name = Cathy-PC | Source = BTHUSB | ID = 327697 -> Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System [ Error ] 4/28/2011 9:54:32 AM Computer Name = Cathy-PC | Source = BTHUSB | ID = 327697 -> Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System [ Error ] 4/28/2011 11:09:55 AM Computer Name = Cathy-PC | Source = BTHUSB | ID = 327697 -> Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System [ Error ] 4/28/2011 1:40:04 PM Computer Name = Cathy-PC | Source = BTHUSB | ID = 327697 -> Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System [ Error ] 4/28/2011 4:56:00 PM Computer Name = Cathy-PC | Source = BTHUSB | ID = 327697 -> Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System [ Error ] 4/28/2011 5:06:17 PM Computer Name = Cathy-PC | Source = BTHUSB | ID = 327697 -> Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System [ Error ] 4/28/2011 5:16:25 PM Computer Name = Cathy-PC | Source = BTHUSB | ID = 327697 -> Description = The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Users\Cathy\Desktop\OTS.exe -> [2011/07/09 20:58:52 | 000,645,120 | ---- | C] (OldTimer Tools)
 {43D360BE-D5DB-471D-A622-8B3602E6E245} -> C:\Users\Cathy\AppData\Local\{43D360BE-D5DB-471D-A622-8B3602E6E245} -> [2011/07/09 12:28:56 | 000,000,000 | ---D | C]
 {B8E5CD98-E617-41DB-A5FB-805D81D69428} -> C:\Users\Cathy\AppData\Local\{B8E5CD98-E617-41DB-A5FB-805D81D69428} -> [2011/07/08 21:42:43 | 000,000,000 | ---D | C]
 SUPERAntiSpyware.com -> C:\Users\Cathy\AppData\Roaming\SUPERAntiSpyware.com -> [2011/07/07 21:50:43 | 000,000,000 | ---D | C]
 {4FEA2A0F-BE9B-4161-A871-6819C424F0F9} -> C:\Users\Cathy\AppData\Local\{4FEA2A0F-BE9B-4161-A871-6819C424F0F9} -> [2011/07/07 21:38:59 | 000,000,000 | ---D | C]
 aswFsBlk.sys -> C:\Windows\SysNative\drivers\aswFsBlk.sys -> [2011/07/07 21:34:15 | 000,022,360 | ---- | C] (AVAST Software)
 avast! Free Antivirus -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus -> [2011/07/07 21:34:15 | 000,000,000 | ---D | C]
 aswSP.sys -> C:\Windows\SysNative\drivers\aswSP.sys -> [2011/07/07 21:34:13 | 000,288,088 | ---- | C] (AVAST Software)
 aswTdi.sys -> C:\Windows\SysNative\drivers\aswTdi.sys -> [2011/07/07 21:34:06 | 000,045,400 | ---- | C] (AVAST Software)
 aswRdr.sys -> C:\Windows\SysNative\drivers\aswRdr.sys -> [2011/07/07 21:34:06 | 000,031,064 | ---- | C] (AVAST Software)
 aswSnx.sys -> C:\Windows\SysNative\drivers\aswSnx.sys -> [2011/07/07 21:34:05 | 000,600,920 | ---- | C] (AVAST Software)
 aswMonFlt.sys -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2011/07/07 21:34:04 | 000,064,856 | ---- | C] (AVAST Software)
 aswBoot.exe -> C:\Windows\SysWow64\aswBoot.exe -> [2011/07/07 21:33:50 | 000,199,304 | ---- | C] (AVAST Software)
 avastSS.scr -> C:\Windows\avastSS.scr -> [2011/07/07 21:33:50 | 000,040,112 | ---- | C] (AVAST Software)
 temp -> C:\Windows\temp -> [2011/07/07 21:19:51 | 000,000,000 | ---D | C]
 $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2011/07/07 21:18:20 | 000,000,000 | -HSD | C]
 cComboFix4855c -> C:\cComboFix4855c -> [2011/07/07 20:24:53 | 000,000,000 | ---D | C]
 {9C2D6791-BD13-4EE6-A3F8-73E50855F916} -> C:\Users\Cathy\AppData\Local\{9C2D6791-BD13-4EE6-A3F8-73E50855F916} -> [2011/07/07 20:22:41 | 000,000,000 | ---D | C]
 {2FCE3EF1-C33B-44F8-ABD6-7BD2C859D123} -> C:\Users\Cathy\AppData\Local\{2FCE3EF1-C33B-44F8-ABD6-7BD2C859D123} -> [2011/07/07 20:17:30 | 000,000,000 | ---D | C]
 {0EC43B72-FAC5-4BDD-95F4-FAD9B422C51F} -> C:\Users\Cathy\AppData\Local\{0EC43B72-FAC5-4BDD-95F4-FAD9B422C51F} -> [2011/07/07 20:17:29 | 000,000,000 | ---D | C]
 {A2EEB8D2-B4FB-402B-A4AD-68A09135CE3E} -> C:\Users\Cathy\AppData\Local\{A2EEB8D2-B4FB-402B-A4AD-68A09135CE3E} -> [2011/07/06 18:41:06 | 000,000,000 | ---D | C]
 {09B1B58C-F592-41E3-B1DA-D0AF88055620} -> C:\Users\Cathy\AppData\Local\{09B1B58C-F592-41E3-B1DA-D0AF88055620} -> [2011/07/06 06:40:31 | 000,000,000 | ---D | C]
 Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2011/07/05 22:38:05 | 000,000,000 | ---D | C]
 SWREG.exe -> C:\Windows\SWREG.exe -> [2011/07/05 21:11:26 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\Windows\SWSC.exe -> [2011/07/05 21:11:26 | 000,406,528 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2011/07/05 21:11:26 | 000,060,416 | ---- | C] (NirSoft)
 cComboFix2785c -> C:\cComboFix2785c -> [2011/07/05 21:10:17 | 000,000,000 | ---D | C]
 cComboFix16726c -> C:\cComboFix16726c -> [2011/07/05 21:07:23 | 000,000,000 | ---D | C]
 Qoobox -> C:\Qoobox -> [2011/07/05 21:05:03 | 000,000,000 | ---D | C]
 {B0998613-16B8-4964-B625-ACCA793D751F} -> C:\Users\Cathy\AppData\Local\{B0998613-16B8-4964-B625-ACCA793D751F} -> [2011/07/05 13:02:59 | 000,000,000 | ---D | C]
 {7C4C6A61-2D59-4C51-A9C3-8314B8C886C4} -> C:\Users\Cathy\AppData\Local\{7C4C6A61-2D59-4C51-A9C3-8314B8C886C4} -> [2011/07/04 22:33:52 | 000,000,000 | ---D | C]
 ffnd.exe -> C:\Windows\SysNative\ffnd.exe -> [2011/07/04 13:15:03 | 000,013,824 | ---- | C] (Kephyr)
 FreeFixer -> C:\Users\Cathy\AppData\Roaming\FreeFixer -> [2011/07/04 12:53:36 | 000,000,000 | ---D | C]
 FreeFixer -> C:\Users\Cathy\AppData\Local\FreeFixer -> [2011/07/04 12:53:36 | 000,000,000 | ---D | C]
 FreeFixer -> C:\Program Files\FreeFixer -> [2011/07/04 12:53:29 | 000,000,000 | ---D | C]
 My Weblog Posts -> C:\Users\Cathy\Documents\My Weblog Posts -> [2011/07/04 11:31:54 | 000,000,000 | ---D | C]
 Mozilla -> C:\Users\Cathy\AppData\Roaming\Mozilla -> [2011/07/04 11:20:20 | 000,000,000 | ---D | C]
 Mozilla -> C:\Users\Cathy\AppData\Local\Mozilla -> [2011/07/04 11:20:20 | 000,000,000 | ---D | C]
 Mozilla Firefox -> C:\Program Files (x86)\Mozilla Firefox -> [2011/07/04 11:20:12 | 000,000,000 | ---D | C]
 {4E98D70A-10F1-4BF1-B004-6F0D9612EFE2} -> C:\Users\Cathy\AppData\Local\{4E98D70A-10F1-4BF1-B004-6F0D9612EFE2} -> [2011/07/04 10:33:18 | 000,000,000 | ---D | C]
 MGtools -> C:\MGtools -> [2011/07/03 23:23:04 | 000,000,000 | ---D | C]
 SPReview -> C:\Windows\SysNative\SPReview -> [2011/07/03 19:25:15 | 000,000,000 | ---D | C]
 EventProviders -> C:\Windows\SysNative\EventProviders -> [2011/07/03 19:24:29 | 000,000,000 | ---D | C]
 RegCure -> C:\ProgramData\RegCure -> [2011/07/03 19:08:14 | 000,000,000 | ---D | C]
 cComboFix22287c -> C:\cComboFix22287c -> [2011/07/03 18:10:20 | 000,000,000 | ---D | C]
 FixCleaner -> C:\Users\Cathy\AppData\Roaming\FixCleaner -> [2011/07/03 18:05:47 | 000,000,000 | ---D | C]
 FixCleaner -> C:\Program Files (x86)\FixCleaner -> [2011/07/03 18:05:37 | 000,000,000 | ---D | C]
 ERDNT -> C:\Windows\ERDNT -> [2011/07/03 14:03:39 | 000,000,000 | ---D | C]
 cComboFix -> C:\cComboFix -> [2011/07/03 14:03:30 | 000,000,000 | ---D | C]
 {DB7B3E9F-A9C2-4D30-B421-2D49B1D0FFDE} -> C:\Users\Cathy\AppData\Local\{DB7B3E9F-A9C2-4D30-B421-2D49B1D0FFDE} -> [2011/07/03 13:59:57 | 000,000,000 | ---D | C]
 cComboFix.exe -> C:\Users\Cathy\Desktop\cComboFix.exe -> [2011/07/03 13:33:35 | 004,131,692 | R--- | C] (Swearware)
 {1C1E32E1-B27D-4C30-87D3-D5BE7EE0996A} -> C:\Users\Cathy\AppData\Local\{1C1E32E1-B27D-4C30-87D3-D5BE7EE0996A} -> [2011/07/02 23:42:49 | 000,000,000 | ---D | C]
 587fdcd6432f26a1a7 -> C:\587fdcd6432f26a1a7 -> [2011/07/02 23:37:22 | 000,000,000 | ---D | C]
 {6F22307F-1E91-48CA-978A-F94E157AD1FC} -> C:\Users\Cathy\AppData\Local\{6F22307F-1E91-48CA-978A-F94E157AD1FC} -> [2011/07/02 23:36:22 | 000,000,000 | ---D | C]
 {7E674969-9B23-4E56-BF88-C6C7D494314F} -> C:\Users\Cathy\AppData\Local\{7E674969-9B23-4E56-BF88-C6C7D494314F} -> [2011/07/02 23:25:28 | 000,000,000 | ---D | C]
 Windows Live Writer -> C:\Users\Cathy\AppData\Roaming\Windows Live Writer -> [2011/07/02 15:39:58 | 000,000,000 | ---D | C]
 Windows Live Writer -> C:\Users\Cathy\AppData\Local\Windows Live Writer -> [2011/07/02 15:39:58 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\Users\Cathy\AppData\Roaming\Malwarebytes -> [2011/07/02 14:30:43 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\ProgramData\Malwarebytes -> [2011/07/02 14:30:34 | 000,000,000 | ---D | C]
 {F5BDBC52-89CF-4F86-A914-688D38CA0AF0} -> C:\Users\Cathy\AppData\Local\{F5BDBC52-89CF-4F86-A914-688D38CA0AF0} -> [2011/07/02 07:47:52 | 000,000,000 | ---D | C]
 dfshim.dll -> C:\Windows\SysNative\dfshim.dll -> [2011/07/02 02:45:55 | 001,942,856 | ---- | C] (Microsoft Corporation)
 netfxperf.dll -> C:\Windows\SysNative\netfxperf.dll -> [2011/07/02 02:45:55 | 000,048,976 | ---- | C] (Microsoft Corporation)
 dfshim.dll -> C:\Windows\SysWow64\dfshim.dll -> [2011/07/02 02:45:48 | 001,130,824 | ---- | C] (Microsoft Corporation)
 TsUsbFlt.sys -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2011/07/02 02:45:44 | 000,059,392 | ---- | C] (Microsoft Corporation)
 TsUsbRedirectionGroupPolicyExtension.dll -> C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll -> [2011/07/02 02:45:44 | 000,012,288 | ---- | C] (Microsoft Corporation)
 mstscax.dll -> C:\Windows\SysNative\mstscax.dll -> [2011/07/02 02:45:43 | 003,715,584 | ---- | C] (Microsoft Corporation)
 d3d10warp.dll -> C:\Windows\SysNative\d3d10warp.dll -> [2011/07/02 02:45:43 | 001,838,080 | ---- | C] (Microsoft Corporation)
 mstscax.dll -> C:\Windows\SysWow64\mstscax.dll -> [2011/07/02 02:45:41 | 003,215,872 | ---- | C] (Microsoft Corporation)
 d3d10warp.dll -> C:\Windows\SysWow64\d3d10warp.dll -> [2011/07/02 02:45:39 | 001,171,456 | ---- | C] (Microsoft Corporation)
 mfc40.dll -> C:\Windows\SysWow64\mfc40.dll -> [2011/07/02 02:45:38 | 000,954,752 | ---- | C] (Microsoft Corporation)
 mfc40u.dll -> C:\Windows\SysWow64\mfc40u.dll -> [2011/07/02 02:45:38 | 000,954,288 | ---- | C] (Microsoft Corporation)
 wmp.dll -> C:\Windows\SysNative\wmp.dll -> [2011/07/02 02:45:35 | 014,633,472 | ---- | C] (Microsoft Corporation)
 mf.dll -> C:\Windows\SysNative\mf.dll -> [2011/07/02 02:45:33 | 004,120,064 | ---- | C] (Microsoft Corporation)
 mmcndmgr.dll -> C:\Windows\SysNative\mmcndmgr.dll -> [2011/07/02 02:45:33 | 003,205,120 | ---- | C] (Microsoft Corporation)
 ntdll.dll -> C:\Windows\SysNative\ntdll.dll -> [2011/07/02 02:45:33 | 001,731,936 | ---- | C] (Microsoft Corporation)
 secproc_isv.dll -> C:\Windows\SysNative\secproc_isv.dll -> [2011/07/02 02:45:33 | 000,485,888 | ---- | C] (Microsoft Corporation)
 RMActivate_isv.exe -> C:\Windows\SysNative\RMActivate_isv.exe -> [2011/07/02 02:45:32 | 000,362,496 | ---- | C] (Microsoft Corporation)
 xpsservices.dll -> C:\Windows\SysNative\xpsservices.dll -> [2011/07/02 02:45:31 | 003,008,000 | ---- | C] (Microsoft Corporation)
 secproc.dll -> C:\Windows\SysNative\secproc.dll -> [2011/07/02 02:45:31 | 000,488,448 | ---- | C] (Microsoft Corporation)
 secproc_isv.dll -> C:\Windows\SysWow64\secproc_isv.dll -> [2011/07/02 02:45:31 | 000,423,936 | ---- | C] (Microsoft Corporation)
 RMActivate.exe -> C:\Windows\SysNative\RMActivate.exe -> [2011/07/02 02:45:31 | 000,359,424 | ---- | C] (Microsoft Corporation)
 rpcrt4.dll -> C:\Windows\SysNative\rpcrt4.dll -> [2011/07/02 02:45:30 | 001,219,584 | ---- | C] (Microsoft Corporation)
 secproc.dll -> C:\Windows\SysWow64\secproc.dll -> [2011/07/02 02:45:30 | 000,428,032 | ---- | C] (Microsoft Corporation)
 RMActivate_isv.exe -> C:\Windows\SysWow64\RMActivate_isv.exe -> [2011/07/02 02:45:30 | 000,327,168 | ---- | C] (Microsoft Corporation)
 ole32.dll -> C:\Windows\SysNative\ole32.dll -> [2011/07/02 02:45:29 | 002,086,912 | ---- | C] (Microsoft Corporation)
 RMActivate.exe -> C:\Windows\SysWow64\RMActivate.exe -> [2011/07/02 02:45:29 | 000,322,048 | ---- | C] (Microsoft Corporation)
 spwizui.dll -> C:\Windows\SysNative\spwizui.dll -> [2011/07/02 02:45:28 | 000,263,168 | ---- | C] (Microsoft Corporation)
 RacEngn.dll -> C:\Windows\SysNative\RacEngn.dll -> [2011/07/02 02:45:27 | 001,556,992 | ---- | C] (Microsoft Corporation)
 diagperf.dll -> C:\Windows\SysNative\diagperf.dll -> [2011/07/02 02:45:27 | 001,340,416 | ---- | C] (Microsoft Corporation)
 taskschd.dll -> C:\Windows\SysNative\taskschd.dll -> [2011/07/02 02:45:27 | 001,197,056 | ---- | C] (Microsoft Corporation)
 mf.dll -> C:\Windows\SysWow64\mf.dll -> [2011/07/02 02:45:26 | 003,207,680 | ---- | C] (Microsoft Corporation)
 ExplorerFrame.dll -> C:\Windows\SysNative\ExplorerFrame.dll -> [2011/07/02 02:45:26 | 001,866,240 | ---- | C] (Microsoft Corporation)
 vssapi.dll -> C:\Windows\SysNative\vssapi.dll -> [2011/07/02 02:45:26 | 001,753,088 | ---- | C] (Microsoft Corporation)
 UIRibbon.dll -> C:\Windows\SysNative\UIRibbon.dll -> [2011/07/02 02:45:25 | 003,860,992 | ---- | C] (Microsoft Corporation)
 CertEnroll.dll -> C:\Windows\SysWow64\CertEnroll.dll -> [2011/07/02 02:45:25 | 001,334,272 | ---- | C] (Microsoft Corporation)
 NaturalLanguage6.dll -> C:\Windows\SysNative\NaturalLanguage6.dll -> [2011/07/02 02:45:25 | 001,326,080 | ---- | C] (Microsoft Corporation)
 mcupdate_GenuineIntel.dll -> C:\Windows\SysNative\mcupdate_GenuineIntel.dll -> [2011/07/02 02:45:25 | 000,299,392 | ---- | C] (Microsoft Corporation)
 wmp.dll -> C:\Windows\SysWow64\wmp.dll -> [2011/07/02 02:45:24 | 011,410,432 | ---- | C] (Microsoft Corporation)
 WMVCORE.DLL -> C:\Windows\SysNative\WMVCORE.DLL -> [2011/07/02 02:45:23 | 003,027,968 | ---- | C] (Microsoft Corporation)
 PresentationHost.exe -> C:\Windows\SysNative\PresentationHost.exe -> [2011/07/02 02:45:23 | 000,320,352 | ---- | C] (Microsoft Corporation)
 PresentationHost.exe -> C:\Windows\SysWow64\PresentationHost.exe -> [2011/07/02 02:45:23 | 000,295,264 | ---- | C] (Microsoft Corporation)
 PresentationHostProxy.dll -> C:\Windows\SysNative\PresentationHostProxy.dll -> [2011/07/02 02:45:23 | 000,109,928 | ---- | C] (Microsoft Corporation)
 PresentationHostProxy.dll -> C:\Windows\SysWow64\PresentationHostProxy.dll -> [2011/07/02 02:45:23 | 000,099,176 | ---- | C] (Microsoft Corporation)
 CertEnroll.dll -> C:\Windows\SysNative\CertEnroll.dll -> [2011/07/02 02:45:22 | 001,975,296 | ---- | C] (Microsoft Corporation)
 spinstall.exe -> C:\Windows\SysNative\spinstall.exe -> [2011/07/02 02:45:22 | 000,598,016 | ---- | C] (Microsoft Corporation)
 spreview.exe -> C:\Windows\SysNative\spreview.exe -> [2011/07/02 02:45:22 | 000,301,568 | ---- | C] (Microsoft Corporation)
 rdpdd.dll -> C:\Windows\SysNative\rdpdd.dll -> [2011/07/02 02:45:22 | 000,274,944 | ---- | C] (Microsoft Corporation)
 WinSAT.exe -> C:\Windows\SysNative\WinSAT.exe -> [2011/07/02 02:45:21 | 003,957,760 | ---- | C] (Microsoft Corporation)
 d3d9.dll -> C:\Windows\SysNative\d3d9.dll -> [2011/07/02 02:45:21 | 002,067,456 | ---- | C] (Microsoft Corporation)
 WMVDECOD.DLL -> C:\Windows\SysNative\WMVDECOD.DLL -> [2011/07/02 02:45:21 | 001,888,256 | ---- | C] (Microsoft Corporation)
 RacEngn.dll -> C:\Windows\SysWow64\RacEngn.dll -> [2011/07/02 02:45:20 | 001,115,136 | ---- | C] (Microsoft Corporation)
 SearchFolder.dll -> C:\Windows\SysNative\SearchFolder.dll -> [2011/07/02 02:45:20 | 000,867,840 | ---- | C] (Microsoft Corporation)
 AuthFWSnapin.dll -> C:\Windows\SysWow64\AuthFWSnapin.dll -> [2011/07/02 02:45:19 | 005,066,752 | ---- | C] (Microsoft Corporation)
 AuthFWSnapin.dll -> C:\Windows\SysNative\AuthFWSnapin.dll -> [2011/07/02 02:45:19 | 005,066,752 | ---- | C] (Microsoft Corporation)
 dbgeng.dll -> C:\Windows\SysNative\dbgeng.dll -> [2011/07/02 02:45:19 | 003,391,488 | ---- | C] (Microsoft Corporation)
 dwmcore.dll -> C:\Windows\SysNative\dwmcore.dll -> [2011/07/02 02:45:19 | 001,632,256 | ---- | C] (Microsoft Corporation)
 kernel32.dll -> C:\Windows\SysNative\kernel32.dll -> [2011/07/02 02:45:19 | 001,161,216 | ---- | C] (Microsoft Corporation)
 crypt32.dll -> C:\Windows\SysNative\crypt32.dll -> [2011/07/02 02:45:17 | 001,456,128 | ---- | C] (Microsoft Corporation)
 ExplorerFrame.dll -> C:\Windows\SysWow64\ExplorerFrame.dll -> [2011/07/02 02:45:16 | 001,493,504 | ---- | C] (Microsoft Corporation)
 actxprxy.dll -> C:\Windows\SysNative\actxprxy.dll -> [2011/07/02 02:45:16 | 000,958,464 | ---- | C] (Microsoft Corporation)
 lsasrv.dll -> C:\Windows\SysNative\lsasrv.dll -> [2011/07/02 02:45:15 | 001,447,936 | ---- | C] (Microsoft Corporation)
 TSWorkspace.dll -> C:\Windows\SysNative\TSWorkspace.dll -> [2011/07/02 02:45:15 | 000,750,080 | ---- | C] (Microsoft Corporation)
 KernelBase.dll -> C:\Windows\SysNative\KernelBase.dll -> [2011/07/02 02:45:15 | 000,419,840 | ---- | C] (Microsoft Corporation)
 mstsc.exe -> C:\Windows\SysNative\mstsc.exe -> [2011/07/02 02:45:14 | 001,116,672 | ---- | C] (Microsoft Corporation)
 sqmapi.dll -> C:\Windows\SysNative\sqmapi.dll -> [2011/07/02 02:45:14 | 000,244,736 | ---- | C] (Microsoft Corporation)
 d3d9.dll -> C:\Windows\SysWow64\d3d9.dll -> [2011/07/02 02:45:13 | 001,828,352 | ---- | C] (Microsoft Corporation)
 imapi2fs.dll -> C:\Windows\SysNative\imapi2fs.dll -> [2011/07/02 02:45:13 | 001,244,160 | ---- | C] (Microsoft Corporation)
 propsys.dll -> C:\Windows\SysNative\propsys.dll -> [2011/07/02 02:45:13 | 001,212,416 | ---- | C] (Microsoft Corporation)
 d3d11.dll -> C:\Windows\SysNative\d3d11.dll -> [2011/07/02 02:45:13 | 000,787,968 | ---- | C] (Microsoft Corporation)
 netlogon.dll -> C:\Windows\SysNative\netlogon.dll -> [2011/07/02 02:45:13 | 000,695,808 | ---- | C] (Microsoft Corporation)
 setupapi.dll -> C:\Windows\SysNative\setupapi.dll -> [2011/07/02 02:45:12 | 001,900,544 | ---- | C] (Microsoft Corporation)
 taskschd.dll -> C:\Windows\SysWow64\taskschd.dll -> [2011/07/02 02:45:12 | 000,505,856 | ---- | C] (Microsoft Corporation)
 authui.dll -> C:\Windows\SysNative\authui.dll -> [2011/07/02 02:45:11 | 001,927,680 | ---- | C] (Microsoft Corporation)
 werconcpl.dll -> C:\Windows\SysNative\werconcpl.dll -> [2011/07/02 02:45:11 | 001,281,024 | ---- | C] (Microsoft Corporation)
 mstsc.exe -> C:\Windows\SysWow64\mstsc.exe -> [2011/07/02 02:45:11 | 001,049,600 | ---- | C] (Microsoft Corporation)
 user32.dll -> C:\Windows\SysNative\user32.dll -> [2011/07/02 02:45:11 | 001,008,128 | ---- | C] (Microsoft Corporation)
 odbc32.dll -> C:\Windows\SysNative\odbc32.dll -> [2011/07/02 02:45:11 | 000,720,896 | ---- | C] (Microsoft Corporation)
 taskeng.exe -> C:\Windows\SysNative\taskeng.exe -> [2011/07/02 02:45:11 | 000,464,384 | ---- | C] (Microsoft Corporation)
 certmgr.dll -> C:\Windows\SysNative\certmgr.dll -> [2011/07/02 02:45:10 | 001,796,096 | ---- | C] (Microsoft Corporation)
 netio.sys -> C:\Windows\SysNative\drivers\netio.sys -> [2011/07/02 02:45:10 | 000,376,192 | ---- | C] (Microsoft Corporation)
 localspl.dll -> C:\Windows\SysNative\localspl.dll -> [2011/07/02 02:45:09 | 000,955,904 | ---- | C] (Microsoft Corporation)
 PortableDeviceApi.dll -> C:\Windows\SysNative\PortableDeviceApi.dll -> [2011/07/02 02:45:09 | 000,758,272 | ---- | C] (Microsoft Corporation)
 webio.dll -> C:\Windows\SysNative\webio.dll -> [2011/07/02 02:45:09 | 000,395,776 | ---- | C] (Microsoft Corporation)
 wer.dll -> C:\Windows\SysWow64\wer.dll -> [2011/07/02 02:45:09 | 000,381,440 | ---- | C] (Microsoft Corporation)
 certcli.dll -> C:\Windows\SysWow64\certcli.dll -> [2011/07/02 02:45:09 | 000,342,016 | ---- | C] (Microsoft Corporation)
 tsmf.dll -> C:\Windows\SysNative\tsmf.dll -> [2011/07/02 02:45:09 | 000,299,520 | ---- | C] (Microsoft Corporation)
 ncsi.dll -> C:\Windows\SysNative\ncsi.dll -> [2011/07/02 02:45:09 | 000,210,944 | ---- | C] (Microsoft Corporation)
 scavengeui.dll -> C:\Windows\SysNative\scavengeui.dll -> [2011/07/02 02:45:09 | 000,146,944 | ---- | C] (Microsoft Corporation)
 netshell.dll -> C:\Windows\SysNative\netshell.dll -> [2011/07/02 02:45:08 | 002,652,160 | ---- | C] (Microsoft Corporation)
 msdtctm.dll -> C:\Windows\SysNative\msdtctm.dll -> [2011/07/02 02:45:08 | 001,509,888 | ---- | C] (Microsoft Corporation)
 dwmcore.dll -> C:\Windows\SysWow64\dwmcore.dll -> [2011/07/02 02:45:08 | 001,371,136 | ---- | C] (Microsoft Corporation)
 msdrm.dll -> C:\Windows\SysNative\msdrm.dll -> [2011/07/02 02:45:08 | 000,457,216 | ---- | C] (Microsoft Corporation)
 shlwapi.dll -> C:\Windows\SysNative\shlwapi.dll -> [2011/07/02 02:45:08 | 000,448,512 | ---- | C] (Microsoft Corporation)
 framedynos.dll -> C:\Windows\SysNative\framedynos.dll -> [2011/07/02 02:45:08 | 000,295,936 | ---- | C] (Microsoft Corporation)
 quartz.dll -> C:\Windows\SysNative\quartz.dll -> [2011/07/02 02:45:07 | 001,572,352 | ---- | C] (Microsoft Corporation)
 usp10.dll -> C:\Windows\SysNative\usp10.dll -> [2011/07/02 02:45:07 | 000,800,256 | ---- | C] (Microsoft Corporation)
 dxgi.dll -> C:\Windows\SysNative\dxgi.dll -> [2011/07/02 02:45:07 | 000,658,944 | ---- | C] (Microsoft Corporation)
 comdlg32.dll -> C:\Windows\SysNative\comdlg32.dll -> [2011/07/02 02:45:07 | 000,594,432 | ---- | C] (Microsoft Corporation)
 odbc32.dll -> C:\Windows\SysWow64\odbc32.dll -> [2011/07/02 02:45:07 | 000,573,440 | ---- | C] (Microsoft Corporation)
 netcfgx.dll -> C:\Windows\SysNative\netcfgx.dll -> [2011/07/02 02:45:07 | 000,519,680 | ---- | C] (Microsoft Corporation)
 winlogon.exe -> C:\Windows\SysNative\winlogon.exe -> [2011/07/02 02:45:07 | 000,390,656 | ---- | C] (Microsoft Corporation)
 lsm.exe -> C:\Windows\SysNative\lsm.exe -> [2011/07/02 02:45:07 | 000,343,040 | ---- | C] (Microsoft Corporation)
 ws2_32.dll -> C:\Windows\SysNative\ws2_32.dll -> [2011/07/02 02:45:07 | 000,297,984 | ---- | C] (Microsoft Corporation)
 tcpmonui.dll -> C:\Windows\SysWow64\tcpmonui.dll -> [2011/07/02 02:45:07 | 000,061,440 | ---- | C] (Microsoft Corporation)
 Query.dll -> C:\Windows\SysNative\Query.dll -> [2011/07/02 02:45:06 | 002,055,680 | ---- | C] (Microsoft Corporation)
 quartz.dll -> C:\Windows\SysWow64\quartz.dll -> [2011/07/02 02:45:06 | 001,328,128 | ---- | C] (Microsoft Corporation)
 TSWorkspace.dll -> C:\Windows\SysWow64\TSWorkspace.dll -> [2011/07/02 02:45:06 | 000,597,504 | ---- | C] (Microsoft Corporation)
 wmpps.dll -> C:\Windows\SysNative\wmpps.dll -> [2011/07/02 02:45:06 | 000,481,280 | ---- | C] (Microsoft Corporation)
 apphelp.dll -> C:\Windows\SysNative\apphelp.dll -> [2011/07/02 02:45:06 | 000,342,016 | ---- | C] (Microsoft Corporation)
 dot3api.dll -> C:\Windows\SysWow64\dot3api.dll -> [2011/07/02 02:45:06 | 000,091,136 | ---- | C] (Microsoft Corporation)
 wpdshext.dll -> C:\Windows\SysNative\wpdshext.dll -> [2011/07/02 02:45:05 | 002,543,616 | ---- | C] (Microsoft Corporation)
 Vault.dll -> C:\Windows\SysNative\Vault.dll -> [2011/07/02 02:45:05 | 001,098,240 | ---- | C] (Microsoft Corporation)
 azroles.dll -> C:\Windows\SysNative\azroles.dll -> [2011/07/02 02:45:05 | 000,897,536 | ---- | C] (Microsoft Corporation)
 samsrv.dll -> C:\Windows\SysNative\samsrv.dll -> [2011/07/02 02:45:05 | 000,758,784 | ---- | C] (Microsoft Corporation)
 cmd.exe -> C:\Windows\SysNative\cmd.exe -> [2011/07/02 02:45:05 | 000,345,088 | ---- | C] (Microsoft Corporation)
 tsmf.dll -> C:\Windows\SysWow64\tsmf.dll -> [2011/07/02 02:45:05 | 000,270,848 | ---- | C] (Microsoft Corporation)
 QAGENT.DLL -> C:\Windows\SysNative\QAGENT.DLL -> [2011/07/02 02:45:05 | 000,266,240 | ---- | C] (Microsoft Corporation)
 dbgeng.dll -> C:\Windows\SysWow64\dbgeng.dll -> [2011/07/02 02:45:04 | 002,522,624 | ---- | C] (Microsoft Corporation)
 lpksetup.exe -> C:\Windows\SysNative\lpksetup.exe -> [2011/07/02 02:45:04 | 000,653,312 | ---- | C] (Microsoft Corporation)
 DShowRdpFilter.dll -> C:\Windows\SysNative\DShowRdpFilter.dll -> [2011/07/02 02:45:04 | 000,281,600 | ---- | C] (Microsoft)
 win32spl.dll -> C:\Windows\SysNative\win32spl.dll -> [2011/07/02 02:45:03 | 000,751,104 | ---- | C] (Microsoft Corporation)
 d3d11.dll -> C:\Windows\SysWow64\d3d11.dll -> [2011/07/02 02:45:03 | 000,522,752 | ---- | C] (Microsoft Corporation)
 netcfgx.dll -> C:\Windows\SysWow64\netcfgx.dll -> [2011/07/02 02:45:03 | 000,406,528 | ---- | C] (Microsoft Corporation)
 WMVDECOD.DLL -> C:\Windows\SysWow64\WMVDECOD.DLL -> [2011/07/02 02:45:02 | 001,619,456 | ---- | C] (Microsoft Corporation)
 WindowsCodecs.dll -> C:\Windows\SysNative\WindowsCodecs.dll -> [2011/07/02 02:45:02 | 001,190,400 | ---- | C] (Microsoft Corporation)
 webio.dll -> C:\Windows\SysWow64\webio.dll -> [2011/07/02 02:45:02 | 000,314,880 | ---- | C] (Microsoft Corporation)
 mmcndmgr.dll -> C:\Windows\SysWow64\mmcndmgr.dll -> [2011/07/02 02:45:01 | 002,151,936 | ---- | C] (Microsoft Corporation)
 pnidui.dll -> C:\Windows\SysNative\pnidui.dll -> [2011/07/02 02:45:01 | 001,808,384 | ---- | C] (Microsoft Corporation)
 Query.dll -> C:\Windows\SysWow64\Query.dll -> [2011/07/02 02:45:01 | 001,363,456 | ---- | C] (Microsoft Corporation)
 ipsmsnap.dll -> C:\Windows\SysNative\ipsmsnap.dll -> [2011/07/02 02:45:01 | 000,584,192 | ---- | C] (Microsoft Corporation)
 sxs.dll -> C:\Windows\SysNative\sxs.dll -> [2011/07/02 02:45:01 | 000,582,656 | ---- | C] (Microsoft Corporation)
 taskcomp.dll -> C:\Windows\SysNative\taskcomp.dll -> [2011/07/02 02:45:01 | 000,473,600 | ---- | C] (Microsoft Corporation)
 mfds.dll -> C:\Windows\SysNative\mfds.dll -> [2011/07/02 02:45:01 | 000,381,440 | ---- | C] (Microsoft Corporation)
 Wldap32.dll -> C:\Windows\SysNative\Wldap32.dll -> [2011/07/02 02:45:01 | 000,312,832 | ---- | C] (Microsoft Corporation)
 mcbuilder.exe -> C:\Windows\SysNative\mcbuilder.exe -> [2011/07/02 02:45:01 | 000,272,896 | ---- | C] (Microsoft Corporation)
 DShowRdpFilter.dll -> C:\Windows\SysWow64\DShowRdpFilter.dll -> [2011/07/02 02:45:01 | 000,252,928 | ---- | C] (Microsoft)
 hgprint.dll -> C:\Windows\SysNative\hgprint.dll -> [2011/07/02 02:45:01 | 000,235,008 | ---- | C] (Microsoft Corporation)
 upnp.dll -> C:\Windows\SysWow64\upnp.dll -> [2011/07/02 02:45:01 | 000,206,848 | ---- | C] (Microsoft Corporation)
 webservices.dll -> C:\Windows\SysNative\webservices.dll -> [2011/07/02 02:45:00 | 001,158,656 | ---- | C] (Microsoft Corporation)
 imapi2fs.dll -> C:\Windows\SysWow64\imapi2fs.dll -> [2011/07/02 02:45:00 | 000,732,160 | ---- | C] (Microsoft Corporation)
 netfxperf.dll -> C:\Windows\SysWow64\netfxperf.dll -> [2011/07/02 02:45:00 | 000,049,488 | ---- | C] (Microsoft Corporation)
 authui.dll -> C:\Windows\SysWow64\authui.dll -> [2011/07/02 02:44:59 | 001,792,000 | ---- | C] (Microsoft Corporation)
 sqlsrv32.dll -> C:\Windows\SysNative\sqlsrv32.dll -> [2011/07/02 02:44:59 | 000,933,888 | ---- | C] (Microsoft Corporation)
 PortableDeviceApi.dll -> C:\Windows\SysWow64\PortableDeviceApi.dll -> [2011/07/02 02:44:59 | 000,547,840 | ---- | C] (Microsoft Corporation)
 gdi32.dll -> C:\Windows\SysNative\gdi32.dll -> [2011/07/02 02:44:59 | 000,403,968 | ---- | C] (Microsoft Corporation)
 fveapi.dll -> C:\Windows\SysNative\fveapi.dll -> [2011/07/02 02:44:59 | 000,345,600 | ---- | C] (Microsoft Corporation)
 msdrm.dll -> C:\Windows\SysWow64\msdrm.dll -> [2011/07/02 02:44:59 | 000,341,504 | ---- | C] (Microsoft Corporation)
 iepeers.dll -> C:\Windows\SysNative\iepeers.dll -> [2011/07/02 02:44:59 | 000,252,928 | ---- | C] (Microsoft Corporation)
 winsta.dll -> C:\Windows\SysNative\winsta.dll -> [2011/07/02 02:44:59 | 000,235,008 | ---- | C] (Microsoft Corporation)
 dot3api.dll -> C:\Windows\SysNative\dot3api.dll -> [2011/07/02 02:44:59 | 000,084,992 | ---- | C] (Microsoft Corporation)
 certmgr.dll -> C:\Windows\SysWow64\certmgr.dll -> [2011/07/02 02:44:58 | 001,555,456 | ---- | C] (Microsoft Corporation)
 WMNetMgr.dll -> C:\Windows\SysNative\WMNetMgr.dll -> [2011/07/02 02:44:58 | 001,243,136 | ---- | C] (Microsoft Corporation)
 mcmde.dll -> C:\Windows\SysNative\mcmde.dll -> [2011/07/02 02:44:58 | 001,009,152 | ---- | C] (Microsoft Corporation)
 MSNP.ax -> C:\Windows\SysNative\MSNP.ax -> [2011/07/02 02:44:58 | 000,288,256 | ---- | C] (Microsoft Corporation)
 schtasks.exe -> C:\Windows\SysNative\schtasks.exe -> [2011/07/02 02:44:58 | 000,285,696 | ---- | C] (Microsoft Corporation)
 mcbuilder.exe -> C:\Windows\SysWow64\mcbuilder.exe -> [2011/07/02 02:44:58 | 000,220,672 | ---- | C] (Microsoft Corporation)
 prncache.dll -> C:\Windows\SysNative\prncache.dll -> [2011/07/02 02:44:58 | 000,183,808 | ---- | C] (Microsoft Corporation)
 xpsservices.dll -> C:\Windows\SysWow64\xpsservices.dll -> [2011/07/02 02:44:57 | 001,712,640 | ---- | C] (Microsoft Corporation)
 wlanpref.dll -> C:\Windows\SysNative\wlanpref.dll -> [2011/07/02 02:44:57 | 001,441,280 | ---- | C] (Microsoft Corporation)
 wuapi.dll -> C:\Windows\SysNative\wuapi.dll -> [2011/07/02 02:44:57 | 000,695,808 | ---- | C] (Microsoft Corporation)
 evr.dll -> C:\Windows\SysNative\evr.dll -> [2011/07/02 02:44:57 | 000,630,272 | ---- | C] (Microsoft Corporation)
 photowiz.dll -> C:\Windows\SysNative\photowiz.dll -> [2011/07/02 02:44:57 | 000,409,600 | ---- | C] (Microsoft Corporation)
 vpnike.dll -> C:\Windows\SysNative\vpnike.dll -> [2011/07/02 02:44:57 | 000,263,168 | ---- | C] (Microsoft Corporation)
 wintrust.dll -> C:\Windows\SysNative\wintrust.dll -> [2011/07/02 02:44:57 | 000,220,672 | ---- | C] (Microsoft Corporation)
 userenv.dll -> C:\Windows\SysNative\userenv.dll -> [2011/07/02 02:44:57 | 000,109,056 | ---- | C] (Microsoft Corporation)
 SyncCenter.dll -> C:\Windows\SysNative\SyncCenter.dll -> [2011/07/02 02:44:56 | 002,262,528 | ---- | C] (Microsoft Corporation)
 sppobjs.dll -> C:\Windows\SysNative\sppobjs.dll -> [2011/07/02 02:44:56 | 001,082,880 | ---- | C] (Microsoft Corporation)
 wmpmde.dll -> C:\Windows\SysNative\wmpmde.dll -> [2011/07/02 02:44:56 | 001,024,512 | ---- | C] (Microsoft Corporation)
 aepdu.dll -> C:\Windows\SysNative\aepdu.dll -> [2011/07/02 02:44:56 | 000,412,160 | ---- | C] (Microsoft Corporation)
 cmd.exe -> C:\Windows\SysWow64\cmd.exe -> [2011/07/02 02:44:56 | 000,302,592 | ---- | C] (Microsoft Corporation)
 AudioSes.dll -> C:\Windows\SysNative\AudioSes.dll -> [2011/07/02 02:44:56 | 000,296,448 | ---- | C] (Microsoft Corporation)
 framedyn.dll -> C:\Windows\SysNative\framedyn.dll -> [2011/07/02 02:44:56 | 000,279,040 | ---- | C] (Microsoft Corporation)
 WMPEncEn.dll -> C:\Windows\SysNative\WMPEncEn.dll -> [2011/07/02 02:44:55 | 002,072,576 | ---- | C] (Microsoft Corporation)
 wmpeffects.dll -> C:\Windows\SysNative\wmpeffects.dll -> [2011/07/02 02:44:55 | 000,605,696 | ---- | C] (Microsoft Corporation)
 win32spl.dll -> C:\Windows\SysWow64\win32spl.dll -> [2011/07/02 02:44:55 | 000,492,032 | ---- | C] (Microsoft Corporation)
 aeinv.dll -> C:\Windows\SysNative\aeinv.dll -> [2011/07/02 02:44:55 | 000,424,448 | ---- | C] (Microsoft Corporation)
 mfreadwrite.dll -> C:\Windows\SysNative\mfreadwrite.dll -> [2011/07/02 02:44:55 | 000,257,024 | ---- | C] (Microsoft Corporation)
 framedynos.dll -> C:\Windows\SysWow64\framedynos.dll -> [2011/07/02 02:44:55 | 000,206,336 | ---- | C] (Microsoft Corporation)
 fde.dll -> C:\Windows\SysNative\fde.dll -> [2011/07/02 02:44:55 | 000,171,520 | ---- | C] (Microsoft Corporation)
 localsec.dll -> C:\Windows\SysNative\localsec.dll -> [2011/07/02 02:44:54 | 000,551,936 | ---- | C] (Microsoft Corporation)
 imapi2.dll -> C:\Windows\SysNative\imapi2.dll -> [2011/07/02 02:44:54 | 000,503,296 | ---- | C] (Microsoft Corporation)
 WinSATAPI.dll -> C:\Windows\SysNative\WinSATAPI.dll -> [2011/07/02 02:44:54 | 000,501,248 | ---- | C] (Microsoft Corporation)
 netdiagfx.dll -> C:\Windows\SysNative\netdiagfx.dll -> [2011/07/02 02:44:54 | 000,324,096 | ---- | C] (Microsoft Corporation)
 bcryptprimitives.dll -> C:\Windows\SysNative\bcryptprimitives.dll -> [2011/07/02 02:44:54 | 000,298,104 | ---- | C] (Microsoft Corporation)
 mfds.dll -> C:\Windows\SysWow64\mfds.dll -> [2011/07/02 02:44:54 | 000,296,448 | ---- | C] (Microsoft Corporation)
 stobject.dll -> C:\Windows\SysNative\stobject.dll -> [2011/07/02 02:44:54 | 000,257,024 | ---- | C] (Microsoft Corporation)
 credui.dll -> C:\Windows\SysNative\credui.dll -> [2011/07/02 02:44:54 | 000,197,120 | ---- | C] (Microsoft Corporation)
 cdd.dll -> C:\Windows\SysNative\cdd.dll -> [2011/07/02 02:44:54 | 000,144,384 | ---- | C] (Microsoft Corporation)
 gameux.dll -> C:\Windows\SysNative\gameux.dll -> [2011/07/02 02:44:53 | 002,746,880 | ---- | C] (Microsoft Corporation)
 azroles.dll -> C:\Windows\SysWow64\azroles.dll -> [2011/07/02 02:44:53 | 000,762,880 | ---- | C] (Microsoft Corporation)
 biocpl.dll -> C:\Windows\SysNative\biocpl.dll -> [2011/07/02 02:44:53 | 000,504,320 | ---- | C] (Microsoft Corporation)
 msinfo32.exe -> C:\Windows\SysNative\msinfo32.exe -> [2011/07/02 02:44:53 | 000,378,880 | ---- | C] (Microsoft Corporation)
 tcpipcfg.dll -> C:\Windows\SysNative\tcpipcfg.dll -> [2011/07/02 02:44:53 | 000,253,440 | ---- | C] (Microsoft Corporation)
 spp.dll -> C:\Windows\SysNative\spp.dll -> [2011/07/02 02:44:53 | 000,244,224 | ---- | C] (Microsoft Corporation)
 QSHVHOST.DLL -> C:\Windows\SysNative\QSHVHOST.DLL -> [2011/07/02 02:44:53 | 000,223,232 | ---- | C] (Microsoft Corporation)
 inetpp.dll -> C:\Windows\SysNative\inetpp.dll -> [2011/07/02 02:44:53 | 000,166,912 | ---- | C] (Microsoft Corporation)
 netid.dll -> C:\Windows\SysNative\netid.dll -> [2011/07/02 02:44:53 | 000,165,376 | ---- | C] (Microsoft Corporation)
 ncsi.dll -> C:\Windows\SysWow64\ncsi.dll -> [2011/07/02 02:44:53 | 000,152,064 | ---- | C] (Microsoft Corporation)
 davclnt.dll -> C:\Windows\SysNative\davclnt.dll -> [2011/07/02 02:44:53 | 000,100,864 | ---- | C] (Microsoft Corporation)
 themeui.dll -> C:\Windows\SysWow64\themeui.dll -> [2011/07/02 02:44:52 | 002,755,072 | ---- | C] (Microsoft Corporation)
 printui.dll -> C:\Windows\SysNative\printui.dll -> [2011/07/02 02:44:52 | 001,050,624 | ---- | C] (Microsoft Corporation)
 mspbda.dll -> C:\Windows\SysNative\mspbda.dll -> [2011/07/02 02:44:52 | 000,571,904 | ---- | C] (Microsoft Corporation)
 conhost.exe -> C:\Windows\SysNative\conhost.exe -> [2011/07/02 02:44:52 | 000,337,920 | ---- | C] (Microsoft Corporation)
 scansetting.dll -> C:\Windows\SysNative\scansetting.dll -> [2011/07/02 02:44:52 | 000,303,616 | ---- | C] (Microsoft Corporation)
 credui.dll -> C:\Windows\SysWow64\credui.dll -> [2011/07/02 02:44:52 | 000,168,960 | ---- | C] (Microsoft Corporation)
 splwow64.exe -> C:\Windows\splwow64.exe -> [2011/07/02 02:44:52 | 000,067,072 | ---- | C] (Microsoft Corporation)
 dbghelp.dll -> C:\Windows\SysWow64\dbghelp.dll -> [2011/07/02 02:44:51 | 000,854,016 | ---- | C] (Microsoft Corporation)
 mscms.dll -> C:\Windows\SysNative\mscms.dll -> [2011/07/02 02:44:51 | 000,625,664 | ---- | C] (Microsoft Corporation)
 msdri.dll -> C:\Windows\SysNative\msdri.dll -> [2011/07/02 02:44:51 | 000,552,960 | ---- | C] (Microsoft Corporation)
 dxgi.dll -> C:\Windows\SysWow64\dxgi.dll -> [2011/07/02 02:44:51 | 000,508,416 | ---- | C] (Microsoft Corporation)
 PhotoScreensaver.scr -> C:\Windows\SysNative\PhotoScreensaver.scr -> [2011/07/02 02:44:51 | 000,477,696 | ---- | C] (Microsoft Corporation)
 wusa.exe -> C:\Windows\SysNative\wusa.exe -> [2011/07/02 02:44:51 | 000,307,200 | ---- | C] (Microsoft Corporation)
 mfreadwrite.dll -> C:\Windows\SysWow64\mfreadwrite.dll -> [2011/07/02 02:44:51 | 000,196,608 | ---- | C] (Microsoft Corporation)
 rpchttp.dll -> C:\Windows\SysNative\rpchttp.dll -> [2011/07/02 02:44:51 | 000,187,904 | ---- | C] (Microsoft Corporation)
 wintrust.dll -> C:\Windows\SysWow64\wintrust.dll -> [2011/07/02 02:44:51 | 000,172,032 | ---- | C] (Microsoft Corporation)
 IPHLPAPI.DLL -> C:\Windows\SysNative\IPHLPAPI.DLL -> [2011/07/02 02:44:51 | 000,145,920 | ---- | C] (Microsoft Corporation)
 basecsp.dll -> C:\Windows\SysWow64\basecsp.dll -> [2011/07/02 02:44:51 | 000,144,768 | ---- | C] (Microsoft Corporation)
 aitagent.exe -> C:\Windows\SysNative\aitagent.exe -> [2011/07/02 02:44:51 | 000,122,880 | ---- | C] (Microsoft Corporation)
 msi.dll -> C:\Windows\SysNative\msi.dll -> [2011/07/02 02:44:50 | 003,211,776 | ---- | C] (Microsoft Corporation)
 FirewallControlPanel.dll -> C:\Windows\SysNative\FirewallControlPanel.dll -> [2011/07/02 02:44:50 | 000,934,912 | ---- | C] (Microsoft Corporation)
 evr.dll -> C:\Windows\SysWow64\evr.dll -> [2011/07/02 02:44:50 | 000,488,448 | ---- | C] (Microsoft Corporation)
 winspool.drv -> C:\Windows\SysNative\winspool.drv -> [2011/07/02 02:44:50 | 000,442,368 | ---- | C] (Microsoft Corporation)
 wisptis.exe -> C:\Windows\SysNative\wisptis.exe -> [2011/07/02 02:44:50 | 000,405,504 | ---- | C] (Microsoft Corporation)
 taskcomp.dll -> C:\Windows\SysWow64\taskcomp.dll -> [2011/07/02 02:44:50 | 000,305,152 | ---- | C] (Microsoft Corporation)
 XpsRasterService.dll -> C:\Windows\SysNative\XpsRasterService.dll -> [2011/07/02 02:44:50 | 000,229,888 | ---- | C] (Microsoft Corporation)
 ocsetup.exe -> C:\Windows\SysNative\ocsetup.exe -> [2011/07/02 02:44:50 | 000,186,368 | ---- | C] (Microsoft Corporation)
 rdpcore.dll -> C:\Windows\SysNative\rdpcore.dll -> [2011/07/02 02:44:49 | 001,031,680 | ---- | C] (Microsoft Corporation)
 ci.dll -> C:\Windows\SysNative\ci.dll -> [2011/07/02 02:44:49 | 000,780,008 | ---- | C] (Microsoft Corporation)
 sqlsrv32.dll -> C:\Windows\SysWow64\sqlsrv32.dll -> [2011/07/02 02:44:49 | 000,778,240 | ---- | C] (Microsoft Corporation)
 calc.exe -> C:\Windows\SysWow64\calc.exe -> [2011/07/02 02:44:49 | 000,776,192 | ---- | C] (Microsoft Corporation)
 ntshrui.dll -> C:\Windows\SysNative\ntshrui.dll -> [2011/07/02 02:44:49 | 000,509,952 | ---- | C] (Microsoft Corporation)
 DXP.dll -> C:\Windows\SysNative\DXP.dll -> [2011/07/02 02:44:49 | 000,459,776 | ---- | C] (Microsoft Corporation)
 sppwinob.dll -> C:\Windows\SysNative\sppwinob.dll -> [2011/07/02 02:44:49 | 000,418,816 | ---- | C] (Microsoft Corporation)
 eapp3hst.dll -> C:\Windows\SysNative\eapp3hst.dll -> [2011/07/02 02:44:49 | 000,348,160 | ---- | C] (Microsoft Corporation)
 WinSATAPI.dll -> C:\Windows\SysWow64\WinSATAPI.dll -> [2011/07/02 02:44:49 | 000,335,872 | ---- | C] (Microsoft Corporation)
 mprapi.dll -> C:\Windows\SysNative\mprapi.dll -> [2011/07/02 02:44:49 | 000,221,184 | ---- | C] (Microsoft Corporation)
 ocsetapi.dll -> C:\Windows\SysNative\ocsetapi.dll -> [2011/07/02 02:44:49 | 000,161,792 | ---- | C] (Microsoft Corporation)
 eapphost.dll -> C:\Windows\SysNative\eapphost.dll -> [2011/07/02 02:44:48 | 000,303,616 | ---- | C] (Microsoft Corporation)
 upnp.dll -> C:\Windows\SysNative\upnp.dll -> [2011/07/02 02:44:48 | 000,264,192 | ---- | C] (Microsoft Corporation)
 Robocopy.exe -> C:\Windows\SysNative\Robocopy.exe -> [2011/07/02 02:44:48 | 000,128,000 | ---- | C] (Microsoft)
 UIRibbon.dll -> C:\Windows\SysWow64\UIRibbon.dll -> [2011/07/02 02:44:47 | 002,983,424 | ---- | C] (Microsoft Corporation)
 netshell.dll -> C:\Windows\SysWow64\netshell.dll -> [2011/07/02 02:44:47 | 002,494,464 | ---- | C] (Microsoft Corporation)
 DxpTaskSync.dll -> C:\Windows\SysNative\DxpTaskSync.dll -> [2011/07/02 02:44:47 | 001,457,664 | ---- | C] (Microsoft Corporation)
 MSMPEG2ENC.DLL -> C:\Windows\SysNative\MSMPEG2ENC.DLL -> [2011/07/02 02:44:47 | 001,160,192 | ---- | C] (Microsoft Corporation)
 mmsys.cpl -> C:\Windows\SysNative\mmsys.cpl -> [2011/07/02 02:44:47 | 000,850,944 | ---- | C] (Microsoft Corporation)
 PerfCenterCPL.dll -> C:\Windows\SysNative\PerfCenterCPL.dll -> [2011/07/02 02:44:47 | 000,658,432 | ---- | C] (Microsoft Corporation)
 hal.dll -> C:\Windows\SysNative\hal.dll -> [2011/07/02 02:44:47 | 000,263,040 | ---- | C] (Microsoft Corporation)
 scecli.dll -> C:\Windows\SysNative\scecli.dll -> [2011/07/02 02:44:47 | 000,232,960 | ---- | C] (Microsoft Corporation)
 ie4uinit.exe -> C:\Windows\SysWow64\ie4uinit.exe -> [2011/07/02 02:44:47 | 000,176,128 | ---- | C] (Microsoft Corporation)
 t2embed.dll -> C:\Windows\SysNative\t2embed.dll -> [2011/07/02 02:44:47 | 000,148,992 | ---- | C] (Microsoft Corporation)
 dwmredir.dll -> C:\Windows\SysNative\dwmredir.dll -> [2011/07/02 02:44:47 | 000,128,512 | ---- | C] (Microsoft Corporation)
 thumbcache.dll -> C:\Windows\SysNative\thumbcache.dll -> [2011/07/02 02:44:47 | 000,112,640 | ---- | C] (Microsoft Corporation)
 HpSAMD.sys -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2011/07/02 02:44:47 | 000,078,720 | ---- | C] (Hewlett-Packard Company)
 themeui.dll -> C:\Windows\SysNative\themeui.dll -> [2011/07/02 02:44:46 | 002,851,840 | ---- | C] (Microsoft Corporation)
 puiobj.dll -> C:\Windows\SysNative\puiobj.dll -> [2011/07/02 02:44:46 | 000,429,568 | ---- | C] (Microsoft Corporation)
 onex.dll -> C:\Windows\SysNative\onex.dll -> [2011/07/02 02:44:46 | 000,235,520 | ---- | C] (Microsoft Corporation)
 Classpnp.sys -> C:\Windows\SysNative\drivers\Classpnp.sys -> [2011/07/02 02:44:46 | 000,179,072 | ---- | C] (Microsoft Corporation)
 sspicli.dll -> C:\Windows\SysNative\sspicli.dll -> [2011/07/02 02:44:46 | 000,136,192 | ---- | C] (Microsoft Corporation)
 prncache.dll -> C:\Windows\SysWow64\prncache.dll -> [2011/07/02 02:44:46 | 000,116,736 | ---- | C] (Microsoft Corporation)
 msasn1.dll -> C:\Windows\SysNative\msasn1.dll -> [2011/07/02 02:44:46 | 000,046,592 | ---- | C] (Microsoft Corporation)
 msi.dll -> C:\Windows\SysWow64\msi.dll -> [2011/07/02 02:44:45 | 002,341,376 | ---- | C] (Microsoft Corporation)
 wdc.dll -> C:\Windows\SysNative\wdc.dll -> [2011/07/02 02:44:45 | 001,363,968 | ---- | C] (Microsoft Corporation)
 printui.dll -> C:\Windows\SysWow64\printui.dll -> [2011/07/02 02:44:45 | 000,932,352 | ---- | C] (Microsoft Corporation)
 DXPTaskRingtone.dll -> C:\Windows\SysNative\DXPTaskRingtone.dll -> [2011/07/02 02:44:45 | 000,675,328 | ---- | C] (Microsoft Corporation)
 wmpeffects.dll -> C:\Windows\SysWow64\wmpeffects.dll -> [2011/07/02 02:44:45 | 000,352,256 | ---- | C] (Microsoft Corporation)
 wow64.dll -> C:\Windows\SysNative\wow64.dll -> [2011/07/02 02:44:45 | 000,243,200 | ---- | C] (Microsoft Corporation)
 aaclient.dll -> C:\Windows\SysNative\aaclient.dll -> [2011/07/02 02:44:45 | 000,158,720 | ---- | C] (Microsoft Corporation)
 net1.exe -> C:\Windows\SysWow64\net1.exe -> [2011/07/02 02:44:45 | 000,142,336 | ---- | C] (Microsoft Corporation)
 rpchttp.dll -> C:\Windows\SysWow64\rpchttp.dll -> [2011/07/02 02:44:45 | 000,139,264 | ---- | C] (Microsoft Corporation)
 netcenter.dll -> C:\Windows\SysNative\netcenter.dll -> [2011/07/02 02:44:44 | 001,689,600 | ---- | C] (Microsoft Corporation)
 sdengin2.dll -> C:\Windows\SysNative\sdengin2.dll -> [2011/07/02 02:44:44 | 001,120,768 | ---- | C] (Microsoft Corporation)
 msftedit.dll -> C:\Windows\SysNative\msftedit.dll -> [2011/07/02 02:44:44 | 000,799,744 | ---- | C] (Microsoft Corporation)
 VAN.dll -> C:\Windows\SysNative\VAN.dll -> [2011/07/02 02:44:44 | 000,691,200 | ---- | C] (Microsoft Corporation)
 StructuredQuery.dll -> C:\Windows\SysNative\StructuredQuery.dll -> [2011/07/02 02:44:44 | 000,483,840 | ---- | C] (Microsoft Corporation)
 wlangpui.dll -> C:\Windows\SysNative\wlangpui.dll -> [2011/07/02 02:44:44 | 000,475,136 | ---- | C] (Microsoft Corporation)
 wiadefui.dll -> C:\Windows\SysNative\wiadefui.dll -> [2011/07/02 02:44:44 | 000,462,336 | ---- | C] (Microsoft Corporation)
 scesrv.dll -> C:\Windows\SysNative\scesrv.dll -> [2011/07/02 02:44:44 | 000,406,016 | ---- | C] (Microsoft Corporation)
 scansetting.dll -> C:\Windows\SysWow64\scansetting.dll -> [2011/07/02 02:44:44 | 000,246,272 | ---- | C] (Microsoft Corporation)
 dskquoui.dll -> C:\Windows\SysNative\dskquoui.dll -> [2011/07/02 02:44:44 | 000,239,616 | ---- | C] (Microsoft Corporation)
 wucltux.dll -> C:\Windows\SysNative\wucltux.dll -> [2011/07/02 02:44:43 | 002,621,952 | ---- | C] (Microsoft Corporation)
 WMVCORE.DLL -> C:\Windows\SysWow64\WMVCORE.DLL -> [2011/07/02 02:44:43 | 002,504,192 | ---- | C] (Microsoft Corporation)
 wpdshext.dll -> C:\Windows\SysWow64\wpdshext.dll -> [2011/07/02 02:44:43 | 002,311,168 | ---- | C] (Microsoft Corporation)
 pnidui.dll -> C:\Windows\SysWow64\pnidui.dll -> [2011/07/02 02:44:43 | 001,750,528 | ---- | C] (Microsoft Corporation)
 webservices.dll -> C:\Windows\SysWow64\webservices.dll -> [2011/07/02 02:44:43 | 000,782,336 | ---- | C] (Microsoft Corporation)
 timedate.cpl -> C:\Windows\SysNative\timedate.cpl -> [2011/07/02 02:44:43 | 000,515,584 | ---- | C] (Microsoft Corporation)
 wlangpui.dll -> C:\Windows\SysWow64\wlangpui.dll -> [2011/07/02 02:44:43 | 000,411,648 | ---- | C] (Microsoft Corporation)
 srchadmin.dll -> C:\Windows\SysNative\srchadmin.dll -> [2011/07/02 02:44:43 | 000,340,992 | ---- | C] (Microsoft Corporation)
 SndVol.exe -> C:\Windows\SysNative\SndVol.exe -> [2011/07/02 02:44:43 | 000,273,920 | ---- | C] (Microsoft Corporation)
 MMDevAPI.dll -> C:\Windows\SysWow64\MMDevAPI.dll -> [2011/07/02 02:44:43 | 000,213,504 | ---- | C] (Microsoft Corporation)
 QSHVHOST.DLL -> C:\Windows\SysWow64\QSHVHOST.DLL -> [2011/07/02 02:44:43 | 000,167,936 | ---- | C] (Microsoft Corporation)
 aaclient.dll -> C:\Windows\SysWow64\aaclient.dll -> [2011/07/02 02:44:43 | 000,131,584 | ---- | C] (Microsoft Corporation)
 consent.exe -> C:\Windows\SysNative\consent.exe -> [2011/07/02 02:44:43 | 000,112,000 | ---- | C] (Microsoft Corporation)
 t2embed.dll -> C:\Windows\SysWow64\t2embed.dll -> [2011/07/02 02:44:43 | 000,109,056 | ---- | C] (Microsoft Corporation)
 QUTIL.DLL -> C:\Windows\SysNative\QUTIL.DLL -> [2011/07/02 02:44:43 | 000,107,520 | ---- | C] (Microsoft Corporation)
 regapi.dll -> C:\Windows\SysNative\regapi.dll -> [2011/07/02 02:44:43 | 000,095,232 | ---- | C] (Microsoft Corporation)
 davclnt.dll -> C:\Windows\SysWow64\davclnt.dll -> [2011/07/02 02:44:43 | 000,080,384 | ---- | C] (Microsoft Corporation)
 samcli.dll -> C:\Windows\SysNative\samcli.dll -> [2011/07/02 02:44:43 | 000,067,584 | ---- | C] (Microsoft Corporation)
 wscapi.dll -> C:\Windows\SysNative\wscapi.dll -> [2011/07/02 02:44:43 | 000,063,488 | ---- | C] (Microsoft Corporation)
 SyncCenter.dll -> C:\Windows\SysWow64\SyncCenter.dll -> [2011/07/02 02:44:42 | 002,146,304 | ---- | C] (Microsoft Corporation)
 appwiz.cpl -> C:\Windows\SysNative\appwiz.cpl -> [2011/07/02 02:44:42 | 000,726,528 | ---- | C] (Microsoft Corporation)
 TabletPC.cpl -> C:\Windows\SysNative\TabletPC.cpl -> [2011/07/02 02:44:42 | 000,684,032 | ---- | C] (Microsoft Corporation)
 wuapi.dll -> C:\Windows\SysWow64\wuapi.dll -> [2011/07/02 02:44:42 | 000,560,128 | ---- | C] (Microsoft Corporation)
 rastls.dll -> C:\Windows\SysNative\rastls.dll -> [2011/07/02 02:44:42 | 000,424,448 | ---- | C] (Microsoft Corporation)
 wksprt.exe -> C:\Windows\SysNative\wksprt.exe -> [2011/07/02 02:44:42 | 000,248,832 | ---- | C] (Microsoft Corporation)
 netdiagfx.dll -> C:\Windows\SysWow64\netdiagfx.dll -> [2011/07/02 02:44:42 | 000,225,792 | ---- | C] (Microsoft Corporation)
 fde.dll -> C:\Windows\SysWow64\fde.dll -> [2011/07/02 02:44:42 | 000,124,416 | ---- | C] (Microsoft Corporation)
 setupcl.exe -> C:\Windows\SysNative\setupcl.exe -> [2011/07/02 02:44:42 | 000,088,576 | ---- | C] (Microsoft Corporation)
 taskhost.exe -> C:\Windows\SysNative\taskhost.exe -> [2011/07/02 02:44:42 | 000,069,120 | ---- | C] (Microsoft Corporation)
 wscapi.dll -> C:\Windows\SysWow64\wscapi.dll -> [2011/07/02 02:44:42 | 000,051,712 | ---- | C] (Microsoft Corporation)
 MSMPEG2ENC.DLL -> C:\Windows\SysWow64\MSMPEG2ENC.DLL -> [2011/07/02 02:44:41 | 000,830,464 | ---- | C] (Microsoft Corporation)
 rdpcore.dll -> C:\Windows\SysWow64\rdpcore.dll -> [2011/07/02 02:44:41 | 000,826,368 | ---- | C] (Microsoft Corporation)
 AuxiliaryDisplayCpl.dll -> C:\Windows\SysNative\AuxiliaryDisplayCpl.dll -> [2011/07/02 02:44:41 | 000,726,528 | ---- | C] (Microsoft Corporation)
 hgcpl.dll -> C:\Windows\SysNative\hgcpl.dll -> [2011/07/02 02:44:41 | 000,332,288 | ---- | C] (Microsoft Corporation)
 clusapi.dll -> C:\Windows\SysNative\clusapi.dll -> [2011/07/02 02:44:41 | 000,314,368 | ---- | C] (Microsoft Corporation)
 msconfig.exe -> C:\Windows\SysNative\msconfig.exe -> [2011/07/02 02:44:41 | 000,300,032 | ---- | C] (Microsoft Corporation)
 netiohlp.dll -> C:\Windows\SysNative\netiohlp.dll -> [2011/07/02 02:44:41 | 000,215,552 | ---- | C] (Microsoft Corporation)
 basecsp.dll -> C:\Windows\SysNative\basecsp.dll -> [2011/07/02 02:44:41 | 000,166,784 | ---- | C] (Microsoft Corporation)
 winsta.dll -> C:\Windows\SysWow64\winsta.dll -> [2011/07/02 02:44:41 | 000,156,672 | ---- | C] (Microsoft Corporation)
 WinSCard.dll -> C:\Windows\SysWow64\WinSCard.dll -> [2011/07/02 02:44:41 | 000,134,656 | ---- | C] (Microsoft Corporation)
 fdeploy.dll -> C:\Windows\SysNative\fdeploy.dll -> [2011/07/02 02:44:41 | 000,072,192 | ---- | C] (Microsoft Corporation)
 lsmproxy.dll -> C:\Windows\SysNative\lsmproxy.dll -> [2011/07/02 02:44:41 | 000,050,176 | ---- | C] (Microsoft Corporation)
 mimefilt.dll -> C:\Windows\SysNative\mimefilt.dll -> [2011/07/02 02:44:41 | 000,041,472 | ---- | C] (Microsoft Corporation)
 gameux.dll -> C:\Windows\SysWow64\gameux.dll -> [2011/07/02 02:44:40 | 002,576,384 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2011/07/02 02:44:40 | 001,538,560 | ---- | C] (Microsoft Corporation)
 riched20.dll -> C:\Windows\SysNative\riched20.dll -> [2011/07/02 02:44:40 | 000,633,344 | ---- | C] (Microsoft Corporation)
 DXPTaskRingtone.dll -> C:\Windows\SysWow64\DXPTaskRingtone.dll -> [2011/07/02 02:44:40 | 000,630,784 | ---- | C] (Microsoft Corporation)
 imapi2.dll -> C:\Windows\SysWow64\imapi2.dll -> [2011/07/02 02:44:40 | 000,392,192 | ---- | C] (Microsoft Corporation)
 mtxclu.dll -> C:\Windows\SysNative\mtxclu.dll -> [2011/07/02 02:44:40 | 000,372,736 | ---- | C] (Microsoft Corporation)
 iepeers.dll -> C:\Windows\SysWow64\iepeers.dll -> [2011/07/02 02:44:40 | 000,186,368 | ---- | C] (Microsoft Corporation)
 dnscmmc.dll -> C:\Windows\SysNative\dnscmmc.dll -> [2011/07/02 02:44:40 | 000,118,272 | ---- | C] (Microsoft Corporation)
 TsUsbGDCoInstaller.dll -> C:\Windows\SysNative\TsUsbGDCoInstaller.dll -> [2011/07/02 02:44:40 | 000,040,960 | ---- | C] (Microsoft Corporation)
 SensorsCpl.dll -> C:\Windows\SysNative\SensorsCpl.dll -> [2011/07/02 02:44:39 | 002,250,752 | ---- | C] (Microsoft Corporation)
 themecpl.dll -> C:\Windows\SysNative\themecpl.dll -> [2011/07/02 02:44:39 | 002,193,920 | ---- | C] (Microsoft Corporation)
 WMPEncEn.dll -> C:\Windows\SysWow64\WMPEncEn.dll -> [2011/07/02 02:44:39 | 001,624,064 | ---- | C] (Microsoft Corporation)
 Narrator.exe -> C:\Windows\SysNative\Narrator.exe -> [2011/07/02 02:44:39 | 001,077,248 | ---- | C] (Microsoft Corporation)
 autochk.exe -> C:\Windows\SysWow64\autochk.exe -> [2011/07/02 02:44:39 | 000,668,160 | ---- | C] (Microsoft Corporation)
 autofmt.exe -> C:\Windows\SysWow64\autofmt.exe -> [2011/07/02 02:44:39 | 000,658,944 | ---- | C] (Microsoft Corporation)
 powercpl.dll -> C:\Windows\SysNative\powercpl.dll -> [2011/07/02 02:44:39 | 000,486,400 | ---- | C] (Microsoft Corporation)
 eudcedit.exe -> C:\Windows\SysNative\eudcedit.exe -> [2011/07/02 02:44:39 | 000,359,936 | ---- | C] (Microsoft Corporation)
 sharemediacpl.dll -> C:\Windows\SysNative\sharemediacpl.dll -> [2011/07/02 02:44:39 | 000,357,888 | ---- | C] (Microsoft Corporation)
 Faultrep.dll -> C:\Windows\SysNative\Faultrep.dll -> [2011/07/02 02:44:39 | 000,355,328 | ---- | C] (Microsoft Corporation)
 onex.dll -> C:\Windows\SysWow64\onex.dll -> [2011/07/02 02:44:39 | 000,199,168 | ---- | C] (Microsoft Corporation)
 netjoin.dll -> C:\Windows\SysNative\netjoin.dll -> [2011/07/02 02:44:39 | 000,188,928 | ---- | C] (Microsoft Corporation)
 logoncli.dll -> C:\Windows\SysNative\logoncli.dll -> [2011/07/02 02:44:39 | 000,186,880 | ---- | C] (Microsoft Corporation)
 netiohlp.dll -> C:\Windows\SysWow64\netiohlp.dll -> [2011/07/02 02:44:39 | 000,166,400 | ---- | C] (Microsoft Corporation)
 nci.dll -> C:\Windows\SysNative\nci.dll -> [2011/07/02 02:44:39 | 000,090,112 | ---- | C] (Microsoft Corporation)
 hbaapi.dll -> C:\Windows\SysWow64\hbaapi.dll -> [2011/07/02 02:44:39 | 000,066,560 | ---- | C] (Microsoft Corporation)
 RpcRtRemote.dll -> C:\Windows\SysNative\RpcRtRemote.dll -> [2011/07/02 02:44:39 | 000,065,536 | ---- | C] (Microsoft Corporation)
 licmgr10.dll -> C:\Windows\SysNative\licmgr10.dll -> [2011/07/02 02:44:39 | 000,057,856 | ---- | C] (Microsoft Corporation)
 autoconv.exe -> C:\Windows\SysNative\autoconv.exe -> [2011/07/02 02:44:38 | 000,793,088 | ---- | C] (Microsoft Corporation)
 autochk.exe -> C:\Windows\SysNative\autochk.exe -> [2011/07/02 02:44:38 | 000,777,728 | ---- | C] (Microsoft Corporation)
 autofmt.exe -> C:\Windows\SysNative\autofmt.exe -> [2011/07/02 02:44:38 | 000,763,904 | ---- | C] (Microsoft Corporation)
 autoconv.exe -> C:\Windows\SysWow64\autoconv.exe -> [2011/07/02 02:44:38 | 000,679,424 | ---- | C] (Microsoft Corporation)
 comctl32.dll -> C:\Windows\SysNative\comctl32.dll -> [2011/07/02 02:44:38 | 000,633,856 | ---- | C] (Microsoft Corporation)
 ipsmsnap.dll -> C:\Windows\SysWow64\ipsmsnap.dll -> [2011/07/02 02:44:38 | 000,400,896 | ---- | C] (Microsoft Corporation)
 msinfo32.exe -> C:\Windows\SysWow64\msinfo32.exe -> [2011/07/02 02:44:38 | 000,303,104 | ---- | C] (Microsoft Corporation)
 sppcomapi.dll -> C:\Windows\SysNative\sppcomapi.dll -> [2011/07/02 02:44:38 | 000,232,448 | ---- | C] (Microsoft Corporation)
 AudioSes.dll -> C:\Windows\SysWow64\AudioSes.dll -> [2011/07/02 02:44:38 | 000,195,584 | ---- | C] (Microsoft Corporation)
 msutb.dll -> C:\Windows\SysWow64\msutb.dll -> [2011/07/02 02:44:38 | 000,167,936 | ---- | C] (Microsoft Corporation)
 cabview.dll -> C:\Windows\SysNative\cabview.dll -> [2011/07/02 02:44:38 | 000,139,264 | ---- | C] (Microsoft Corporation)
 IPHLPAPI.DLL -> C:\Windows\SysWow64\IPHLPAPI.DLL -> [2011/07/02 02:44:38 | 000,103,936 | ---- | C] (Microsoft Corporation)
 regapi.dll -> C:\Windows\SysWow64\regapi.dll -> [2011/07/02 02:44:38 | 000,072,192 | ---- | C] (Microsoft Corporation)
 mimefilt.dll -> C:\Windows\SysWow64\mimefilt.dll -> [2011/07/02 02:44:38 | 000,042,496 | ---- | C] (Microsoft Corporation)
 vpnikeapi.dll -> C:\Windows\SysNative\vpnikeapi.dll -> [2011/07/02 02:44:38 | 000,038,912 | ---- | C] (Microsoft Corporation)
 proquota.exe -> C:\Windows\SysWow64\proquota.exe -> [2011/07/02 02:44:38 | 000,028,672 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2011/07/02 02:44:37 | 001,466,368 | ---- | C] (Microsoft Corporation)
 sdclt.exe -> C:\Windows\SysNative\sdclt.exe -> [2011/07/02 02:44:37 | 001,264,640 | ---- | C] (Microsoft Corporation)
 mmsys.cpl -> C:\Windows\SysWow64\mmsys.cpl -> [2011/07/02 02:44:37 | 000,905,216 | ---- | C] (Microsoft Corporation)
 fontext.dll -> C:\Windows\SysNative\fontext.dll -> [2011/07/02 02:44:37 | 000,861,184 | ---- | C] (Microsoft Corporation)
 AuxiliaryDisplayCpl.dll -> C:\Windows\SysWow64\AuxiliaryDisplayCpl.dll -> [2011/07/02 02:44:37 | 000,665,600 | ---- | C] (Microsoft Corporation)
 wpd_ci.dll -> C:\Windows\SysNative\wpd_ci.dll -> [2011/07/02 02:44:37 | 000,611,840 | ---- | C] (Microsoft Corporation)
 timedate.cpl -> C:\Windows\SysWow64\timedate.cpl -> [2011/07/02 02:44:37 | 000,478,720 | ---- | C] (Microsoft Corporation)
 nshipsec.dll -> C:\Windows\SysNative\nshipsec.dll -> [2011/07/02 02:44:37 | 000,455,168 | ---- | C] (Microsoft Corporation)
 powercpl.dll -> C:\Windows\SysWow64\powercpl.dll -> [2011/07/02 02:44:37 | 000,441,856 | ---- | C] (Microsoft Corporation)
 wlanui.dll -> C:\Windows\SysNative\wlanui.dll -> [2011/07/02 02:44:37 | 000,414,208 | ---- | C] (Microsoft Corporation)
 msihnd.dll -> C:\Windows\SysWow64\msihnd.dll -> [2011/07/02 02:44:37 | 000,337,408 | ---- | C] (Microsoft Corporation)
 srchadmin.dll -> C:\Windows\SysWow64\srchadmin.dll -> [2011/07/02 02:44:37 | 000,301,568 | ---- | C] (Microsoft Corporation)
 wwanconn.dll -> C:\Windows\SysNative\wwanconn.dll -> [2011/07/02 02:44:37 | 000,222,720 | ---- | C] (Microsoft Corporation)
 eapphost.dll -> C:\Windows\SysWow64\eapphost.dll -> [2011/07/02 02:44:37 | 000,222,208 | ---- | C] (Microsoft Corporation)
 framedyn.dll -> C:\Windows\SysWow64\framedyn.dll -> [2011/07/02 02:44:37 | 000,202,752 | ---- | C] (Microsoft Corporation)
 tcpipcfg.dll -> C:\Windows\SysWow64\tcpipcfg.dll -> [2011/07/02 02:44:37 | 000,181,760 | ---- | C] (Microsoft Corporation)
 schtasks.exe -> C:\Windows\SysWow64\schtasks.exe -> [2011/07/02 02:44:37 | 000,179,712 | ---- | C] (Microsoft Corporation)
 QAGENT.DLL -> C:\Windows\SysWow64\QAGENT.DLL -> [2011/07/02 02:44:37 | 000,171,520 | ---- | C] (Microsoft Corporation)
 scsiport.sys -> C:\Windows\SysNative\drivers\scsiport.sys -> [2011/07/02 02:44:37 | 000,171,392 | ---- | C] (Microsoft Corporation)
 bcdsrv.dll -> C:\Windows\SysNative\bcdsrv.dll -> [2011/07/02 02:44:37 | 000,168,448 | ---- | C] (Microsoft Corporation)
 prntvpt.dll -> C:\Windows\SysNative\prntvpt.dll -> [2011/07/02 02:44:37 | 000,156,160 | ---- | C] (Microsoft Corporation)
 mscorier.dll -> C:\Windows\SysWow64\mscorier.dll -> [2011/07/02 02:44:37 | 000,155,472 | ---- | C] (Microsoft Corporation)
 mscorier.dll -> C:\Windows\SysNative\mscorier.dll -> [2011/07/02 02:44:37 | 000,154,960 | ---- | C] (Microsoft Corporation)
 shsetup.dll -> C:\Windows\SysNative\shsetup.dll -> [2011/07/02 02:44:37 | 000,130,048 | ---- | C] (Microsoft Corporation)
 audiodg.exe -> C:\Windows\SysNative\audiodg.exe -> [2011/07/02 02:44:37 | 000,126,464 | ---- | C] (Microsoft Corporation)
 fms.dll -> C:\Windows\SysNative\fms.dll -> [2011/07/02 02:44:37 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider)
 wdc.dll -> C:\Windows\SysWow64\wdc.dll -> [2011/07/02 02:44:36 | 001,227,776 | ---- | C] (Microsoft Corporation)
 Display.dll -> C:\Windows\SysNative\Display.dll -> [2011/07/02 02:44:36 | 001,066,496 | ---- | C] (Microsoft Corporation)
 mblctr.exe -> C:\Windows\SysNative\mblctr.exe -> [2011/07/02 02:44:36 | 000,957,440 | ---- | C] (Microsoft Corporation)
 batmeter.dll -> C:\Windows\SysNative\batmeter.dll -> [2011/07/02 02:44:36 | 000,749,568 | ---- | C] (Microsoft Corporation)
 qedit.dll -> C:\Windows\SysNative\qedit.dll -> [2011/07/02 02:44:36 | 000,624,128 | ---- | C] (Microsoft Corporation)
 scesrv.dll -> C:\Windows\SysWow64\scesrv.dll -> [2011/07/02 02:44:36 | 000,307,712 | ---- | C] (Microsoft Corporation)
 wmpsrcwp.dll -> C:\Windows\SysNative\wmpsrcwp.dll -> [2011/07/02 02:44:36 | 000,223,232 | ---- | C] (Microsoft Corporation)
 mprddm.dll -> C:\Windows\SysNative\mprddm.dll -> [2011/07/02 02:44:36 | 000,211,456 | ---- | C] (Microsoft Corporation)
 MSNP.ax -> C:\Windows\SysWow64\MSNP.ax -> [2011/07/02 02:44:36 | 000,204,288 | ---- | C] (Microsoft Corporation)
 netid.dll -> C:\Windows\SysWow64\netid.dll -> [2011/07/02 02:44:36 | 000,117,248 | ---- | C] (Microsoft Corporation)
 hidclass.sys -> C:\Windows\SysNative\drivers\hidclass.sys -> [2011/07/02 02:44:36 | 000,076,800 | ---- | C] (Microsoft Corporation)
 bootres.dll -> C:\Windows\SysNative\bootres.dll -> [2011/07/02 02:44:35 | 002,217,856 | ---- | C] (Microsoft Corporation)
 wlanpref.dll -> C:\Windows\SysWow64\wlanpref.dll -> [2011/07/02 02:44:35 | 001,326,592 | ---- | C] (Microsoft Corporation)
 DiagCpl.dll -> C:\Windows\SysNative\DiagCpl.dll -> [2011/07/02 02:44:35 | 001,202,176 | ---- | C] (Microsoft Corporation)
 WMNetMgr.dll -> C:\Windows\SysWow64\WMNetMgr.dll -> [2011/07/02 02:44:35 | 001,003,008 | ---- | C] (Microsoft Corporation)
 Vault.dll -> C:\Windows\SysWow64\Vault.dll -> [2011/07/02 02:44:35 | 000,933,376 | ---- | C] (Microsoft Corporation)
 usercpl.dll -> C:\Windows\SysNative\usercpl.dll -> [2011/07/02 02:44:35 | 000,625,664 | ---- | C] (Microsoft Corporation)
 MCEWMDRMNDBootstrap.dll -> C:\Windows\SysNative\MCEWMDRMNDBootstrap.dll -> [2011/07/02 02:44:35 | 000,433,512 | ---- | C] (Microsoft Corporation)
 rastls.dll -> C:\Windows\SysWow64\rastls.dll -> [2011/07/02 02:44:35 | 000,372,224 | ---- | C] (Microsoft Corporation)
 untfs.dll -> C:\Windows\SysWow64\untfs.dll -> [2011/07/02 02:44:35 | 000,346,624 | ---- | C] (Microsoft Corporation)
 Robocopy.exe -> C:\Windows\SysWow64\Robocopy.exe -> [2011/07/02 02:44:35 | 000,098,816 | ---- | C] (Microsoft)
 WSTPager.ax -> C:\Windows\SysNative\WSTPager.ax -> [2011/07/02 02:44:35 | 000,098,304 | ---- | C] (Microsoft Corporation)
 nci.dll -> C:\Windows\SysWow64\nci.dll -> [2011/07/02 02:44:35 | 000,078,848 | ---- | C] (Microsoft Corporation)
 rtutils.dll -> C:\Windows\SysNative\rtutils.dll -> [2011/07/02 02:44:35 | 000,052,224 | ---- | C] (Microsoft Corporation)
 licmgr10.dll -> C:\Windows\SysWow64\licmgr10.dll -> [2011/07/02 02:44:35 | 000,044,544 | ---- | C] (Microsoft Corporation)
 wpccpl.dll -> C:\Windows\SysNative\wpccpl.dll -> [2011/07/02 02:44:34 | 000,812,032 | ---- | C] (Microsoft Corporation)
 ksproxy.ax -> C:\Windows\SysNative\ksproxy.ax -> [2011/07/02 02:44:34 | 000,250,880 | ---- | C] (Microsoft Corporation)
 DxpTaskSync.dll -> C:\Windows\SysWow64\DxpTaskSync.dll -> [2011/07/02 02:44:33 | 001,400,320 | ---- | C] (Microsoft Corporation)
 Display.dll -> C:\Windows\SysWow64\Display.dll -> [2011/07/02 02:44:33 | 001,040,384 | ---- | C] (Microsoft Corporation)
 prnfldr.dll -> C:\Windows\SysNative\prnfldr.dll -> [2011/07/02 02:44:33 | 000,416,256 | ---- | C] (Microsoft Corporation)
 puiobj.dll -> C:\Windows\SysWow64\puiobj.dll -> [2011/07/02 02:44:33 | 000,324,608 | ---- | C] (Microsoft Corporation)
 mtxclu.dll -> C:\Windows\SysWow64\mtxclu.dll -> [2011/07/02 02:44:33 | 000,320,512 | ---- | C] (Microsoft Corporation)
 dxdiagn.dll -> C:\Windows\SysNative\dxdiagn.dll -> [2011/07/02 02:44:33 | 000,279,552 | ---- | C] (Microsoft Corporation)
 taskmgr.exe -> C:\Windows\SysNative\taskmgr.exe -> [2011/07/02 02:44:33 | 000,257,024 | ---- | C] (Microsoft Corporation)
 taskmgr.exe -> C:\Windows\SysWow64\taskmgr.exe -> [2011/07/02 02:44:33 | 000,227,328 | ---- | C] (Microsoft Corporation)
 SndVolSSO.dll -> C:\Windows\SysNative\SndVolSSO.dll -> [2011/07/02 02:44:33 | 000,225,280 | ---- | C] (Microsoft Corporation)
 rasppp.dll -> C:\Windows\SysNative\rasppp.dll -> [2011/07/02 02:44:33 | 000,211,456 | ---- | C] (Microsoft Corporation)
 shdocvw.dll -> C:\Windows\SysNative\shdocvw.dll -> [2011/07/02 02:44:33 | 000,196,608 | ---- | C] (Microsoft Corporation)
 XpsRasterService.dll -> C:\Windows\SysWow64\XpsRasterService.dll -> [2011/07/02 02:44:33 | 000,135,168 | ---- | C] (Microsoft Corporation)
 hbaapi.dll -> C:\Windows\SysNative\hbaapi.dll -> [2011/07/02 02:44:33 | 000,078,848 | ---- | C] (Microsoft Corporation)
 dot3cfg.dll -> C:\Windows\SysNative\dot3cfg.dll -> [2011/07/02 02:44:33 | 000,069,120 | ---- | C] (Microsoft Corporation)
 termmgr.dll -> C:\Windows\SysWow64\termmgr.dll -> [2011/07/02 02:44:32 | 000,352,768 | ---- | C] (Microsoft Corporation)
 pdh.dll -> C:\Windows\SysNative\pdh.dll -> [2011/07/02 02:44:32 | 000,300,032 | ---- | C] (Microsoft Corporation)
 eudcedit.exe -> C:\Windows\SysWow64\eudcedit.exe -> [2011/07/02 02:44:32 | 000,288,256 | ---- | C] (Microsoft Corporation)
 MSAC3ENC.DLL -> C:\Windows\SysNative\MSAC3ENC.DLL -> [2011/07/02 02:44:32 | 000,268,288 | ---- | C] (Microsoft Corporation)
 ataport.sys -> C:\Windows\SysNative\drivers\ataport.sys -> [2011/07/02 02:44:32 | 000,155,520 | ---- | C] (Microsoft Corporation)
 WPDShServiceObj.dll -> C:\Windows\SysNative\WPDShServiceObj.dll -> [2011/07/02 02:44:32 | 000,115,200 | ---- | C] (Microsoft Corporation)
 proquota.exe -> C:\Windows\SysNative\proquota.exe -> [2011/07/02 02:44:32 | 000,031,744 | ---- | C] (Microsoft Corporation)
 accessibilitycpl.dll -> C:\Windows\SysNative\accessibilitycpl.dll -> [2011/07/02 02:44:31 | 003,745,792 | ---- | C] (Microsoft Corporation)
 SensorsCpl.dll -> C:\Windows\SysWow64\SensorsCpl.dll -> [2011/07/02 02:44:31 | 002,202,624 | ---- | C] (Microsoft Corporation)
 themecpl.dll -> C:\Windows\SysWow64\themecpl.dll -> [2011/07/02 02:44:31 | 002,157,568 | ---- | C] (Microsoft Corporation)
 FirewallControlPanel.dll -> C:\Windows\SysWow64\FirewallControlPanel.dll -> [2011/07/02 02:44:31 | 000,856,576 | ---- | C] (Microsoft Corporation)
 appwiz.cpl -> C:\Windows\SysWow64\appwiz.cpl -> [2011/07/02 02:44:31 | 000,649,216 | ---- | C] (Microsoft Corporation)
 wiadefui.dll -> C:\Windows\SysWow64\wiadefui.dll -> [2011/07/02 02:44:31 | 000,416,768 | ---- | C] (Microsoft Corporation)
 untfs.dll -> C:\Windows\SysNative\untfs.dll -> [2011/07/02 02:44:31 | 000,403,968 | ---- | C] (Microsoft Corporation)
 zipfldr.dll -> C:\Windows\SysNative\zipfldr.dll -> [2011/07/02 02:44:31 | 000,366,080 | ---- | C] (Microsoft Corporation)
 slui.exe -> C:\Windows\SysNative\slui.exe -> [2011/07/02 02:44:31 | 000,349,696 | ---- | C] (Microsoft Corporation)
 FWPUCLNT.DLL -> C:\Windows\SysWow64\FWPUCLNT.DLL -> [2011/07/02 02:44:31 | 000,216,576 | ---- | C] (Microsoft Corporation)
 sppcomapi.dll -> C:\Windows\SysWow64\sppcomapi.dll -> [2011/07/02 02:44:31 | 000,193,536 | ---- | C] (Microsoft Corporation)
 rasppp.dll -> C:\Windows\SysWow64\rasppp.dll -> [2011/07/02 02:44:31 | 000,176,640 | ---- | C] (Microsoft Corporation)
 rdpcorekmts.dll -> C:\Windows\SysNative\rdpcorekmts.dll -> [2011/07/02 02:44:31 | 000,149,504 | ---- | C] (Microsoft Corporation)
 cabview.dll -> C:\Windows\SysWow64\cabview.dll -> [2011/07/02 02:44:31 | 000,132,608 | ---- | C] (Microsoft Corporation)
 logoncli.dll -> C:\Windows\SysWow64\logoncli.dll -> [2011/07/02 02:44:31 | 000,127,488 | ---- | C] (Microsoft Corporation)
 shsetup.dll -> C:\Windows\SysWow64\shsetup.dll -> [2011/07/02 02:44:31 | 000,111,104 | ---- | C] (Microsoft Corporation)
 dnscmmc.dll -> C:\Windows\SysWow64\dnscmmc.dll -> [2011/07/02 02:44:31 | 000,109,056 | ---- | C] (Microsoft Corporation)
 PhotoScreensaver.scr -> C:\Windows\SysWow64\PhotoScreensaver.scr -> [2011/07/02 02:44:30 | 000,413,696 | ---- | C] (Microsoft Corporation)
 msieftp.dll -> C:\Windows\SysNative\msieftp.dll -> [2011/07/02 02:44:30 | 000,335,360 | ---- | C] (Microsoft Corporation)
 hgcpl.dll -> C:\Windows\SysWow64\hgcpl.dll -> [2011/07/02 02:44:30 | 000,312,832 | ---- | C] (Microsoft Corporation)
 defaultlocationcpl.dll -> C:\Windows\SysNative\defaultlocationcpl.dll -> [2011/07/02 02:44:30 | 000,233,984 | ---- | C] (Microsoft Corporation)
 Mpeg2Data.ax -> C:\Windows\SysNative\Mpeg2Data.ax -> [2011/07/02 02:44:30 | 000,104,960 | ---- | C] (Microsoft Corporation)
 networkmap.dll -> C:\Windows\SysNative\networkmap.dll -> [2011/07/02 02:44:29 | 002,146,816 | ---- | C] (Microsoft Corporation)
 cryptui.dll -> C:\Windows\SysNative\cryptui.dll -> [2011/07/02 02:44:29 | 001,065,984 | ---- | C] (Microsoft Corporation)
 fontext.dll -> C:\Windows\SysWow64\fontext.dll -> [2011/07/02 02:44:29 | 000,828,928 | ---- | C] (Microsoft Corporation)
 ActionCenter.dll -> C:\Windows\SysNative\ActionCenter.dll -> [2011/07/02 02:44:29 | 000,780,800 | ---- | C] (Microsoft Corporation)
 sud.dll -> C:\Windows\SysNative\sud.dll -> [2011/07/02 02:44:29 | 000,769,536 | ---- | C] (Microsoft Corporation)
 PerfCenterCPL.dll -> C:\Windows\SysWow64\PerfCenterCPL.dll -> [2011/07/02 02:44:29 | 000,600,576 | ---- | C] (Microsoft Corporation)
 usercpl.dll -> C:\Windows\SysWow64\usercpl.dll -> [2011/07/02 02:44:29 | 000,600,064 | ---- | C] (Microsoft Corporation)
 DeviceCenter.dll -> C:\Windows\SysNative\DeviceCenter.dll -> [2011/07/02 02:44:29 | 000,508,928 | ---- | C] (Microsoft Corporation)
 srcore.dll -> C:\Windows\SysNative\srcore.dll -> [2011/07/02 02:44:29 | 000,503,296 | ---- | C] (Microsoft Corporation)
 mscms.dll -> C:\Windows\SysWow64\mscms.dll -> [2011/07/02 02:44:29 | 000,481,792 | ---- | C] (Microsoft Corporation)
 localsec.dll -> C:\Windows\SysWow64\localsec.dll -> [2011/07/02 02:44:29 | 000,429,056 | ---- | C] (Microsoft Corporation)
 qdvd.dll -> C:\Windows\SysNative\qdvd.dll -> [2011/07/02 02:44:29 | 000,366,592 | ---- | C] (Microsoft Corporation)
 mprddm.dll -> C:\Windows\SysWow64\mprddm.dll -> [2011/07/02 02:44:29 | 000,268,800 | ---- | C] (Microsoft Corporation)
 taskbarcpl.dll -> C:\Windows\SysNative\taskbarcpl.dll -> [2011/07/02 02:44:29 | 000,243,712 | ---- | C] (Microsoft Corporation)
 OnLineIDCpl.dll -> C:\Windows\SysNative\OnLineIDCpl.dll -> [2011/07/02 02:44:29 | 000,221,696 | ---- | C] (Microsoft Corporation)
 SndVolSSO.dll -> C:\Windows\SysWow64\SndVolSSO.dll -> [2011/07/02 02:44:29 | 000,220,160 | ---- | C] (Microsoft Corporation)
 scecli.dll -> C:\Windows\SysWow64\scecli.dll -> [2011/07/02 02:44:29 | 000,175,616 | ---- | C] (Microsoft Corporation)
 twext.dll -> C:\Windows\SysNative\twext.dll -> [2011/07/02 02:44:29 | 000,172,544 | ---- | C] (Microsoft Corporation)
 psisrndr.ax -> C:\Windows\SysNative\psisrndr.ax -> [2011/07/02 02:44:29 | 000,108,032 | ---- | C] (Microsoft Corporation)
 mscories.dll -> C:\Windows\SysWow64\mscories.dll -> [2011/07/02 02:44:29 | 000,080,720 | ---- | C] (Microsoft Corporation)
 netcenter.dll -> C:\Windows\SysWow64\netcenter.dll -> [2011/07/02 02:44:28 | 001,644,032 | ---- | C] (Microsoft Corporation)
 OobeFldr.dll -> C:\Windows\SysNative\OobeFldr.dll -> [2011/07/02 02:44:28 | 000,898,560 | ---- | C] (Microsoft Corporation)
 batmeter.dll -> C:\Windows\SysWow64\batmeter.dll -> [2011/07/02 02:44:28 | 000,740,864 | ---- | C] (Microsoft Corporation)
 VAN.dll -> C:\Windows\SysWow64\VAN.dll -> [2011/07/02 02:44:28 | 000,638,976 | ---- | C] (Microsoft Corporation)
 qdvd.dll -> C:\Windows\SysWow64\qdvd.dll -> [2011/07/02 02:44:28 | 000,514,560 | ---- | C] (Microsoft Corporation)
 qedit.dll -> C:\Windows\SysWow64\qedit.dll -> [2011/07/02 02:44:28 | 000,509,440 | ---- | C] (Microsoft Corporation)
 wlanui.dll -> C:\Windows\SysWow64\wlanui.dll -> [2011/07/02 02:44:28 | 000,410,112 | ---- | C] (Microsoft Corporation)
 intl.cpl -> C:\Windows\SysNative\intl.cpl -> [2011/07/02 02:44:28 | 000,373,248 | ---- | C] (Microsoft Corporation)
 bcdedit.exe -> C:\Windows\SysNative\bcdedit.exe -> [2011/07/02 02:44:28 | 000,346,112 | ---- | C] (Microsoft Corporation)
 SndVol.exe -> C:\Windows\SysWow64\SndVol.exe -> [2011/07/02 02:44:28 | 000,314,368 | ---- | C] (Microsoft Corporation)
 uxlib.dll -> C:\Windows\SysNative\uxlib.dll -> [2011/07/02 02:44:28 | 000,154,624 | ---- | C] (Microsoft Corporation)
 recovery.dll -> C:\Windows\SysNative\recovery.dll -> [2011/07/02 02:44:28 | 000,146,944 | ---- | C] (Microsoft Corporation)
 prntvpt.dll -> C:\Windows\SysWow64\prntvpt.dll -> [2011/07/02 02:44:28 | 000,120,320 | ---- | C] (Microsoft Corporation)
 rdpwsx.dll -> C:\Windows\SysNative\rdpwsx.dll -> [2011/07/02 02:44:28 | 000,077,312 | ---- | C] (Microsoft Corporation)
 w32tm.exe -> C:\Windows\SysWow64\w32tm.exe -> [2011/07/02 02:44:28 | 000,066,048 | ---- | C] (Microsoft Corporation)
 accessibilitycpl.dll -> C:\Windows\SysWow64\accessibilitycpl.dll -> [2011/07/02 02:44:27 | 003,727,872 | ---- | C] (Microsoft Corporation)
 cryptui.dll -> C:\Windows\SysWow64\cryptui.dll -> [2011/07/02 02:44:27 | 001,003,520 | ---- | C] (Microsoft Corporation)
 sdcpl.dll -> C:\Windows\SysNative\sdcpl.dll -> [2011/07/02 02:44:27 | 000,762,368 | ---- | C] (Microsoft Corporation)
 bthprops.cpl -> C:\Windows\SysNative\bthprops.cpl -> [2011/07/02 02:44:27 | 000,721,408 | ---- | C] (Microsoft Corporation)
 dsuiext.dll -> C:\Windows\SysNative\dsuiext.dll -> [2011/07/02 02:44:27 | 000,701,440 | ---- | C] (Microsoft Corporation)
 main.cpl -> C:\Windows\SysWow64\main.cpl -> [2011/07/02 02:44:27 | 000,516,096 | ---- | C] (Microsoft Corporation)
 azroleui.dll -> C:\Windows\SysNative\azroleui.dll -> [2011/07/02 02:44:27 | 000,472,064 | ---- | C] (Microsoft Corporation)
 shwebsvc.dll -> C:\Windows\SysNative\shwebsvc.dll -> [2011/07/02 02:44:27 | 000,451,072 | ---- | C] (Microsoft Corporation)
 systemcpl.dll -> C:\Windows\SysNative\systemcpl.dll -> [2011/07/02 02:44:27 | 000,419,840 | ---- | C] (Microsoft Corporation)
 spwizeng.dll -> C:\Windows\SysWow64\spwizeng.dll -> [2011/07/02 02:44:27 | 000,352,768 | ---- | C] (Microsoft Corporation)
 MediaMetadataHandler.dll -> C:\Windows\SysNative\MediaMetadataHandler.dll -> [2011/07/02 02:44:27 | 000,345,600 | ---- | C] (Microsoft Corporation)
 zipfldr.dll -> C:\Windows\SysWow64\zipfldr.dll -> [2011/07/02 02:44:27 | 000,327,680 | ---- | C] (Microsoft Corporation)
 azroleui.dll -> C:\Windows\SysWow64\azroleui.dll -> [2011/07/02 02:44:27 | 000,314,368 | ---- | C] (Microsoft Corporation)
 efscore.dll -> C:\Windows\SysNative\efscore.dll -> [2011/07/02 02:44:27 | 000,304,128 | ---- | C] (Microsoft Corporation)
 recdisc.exe -> C:\Windows\SysNative\recdisc.exe -> [2011/07/02 02:44:27 | 000,238,080 | ---- | C] (Microsoft Corporation)
 MSAC3ENC.DLL -> C:\Windows\SysWow64\MSAC3ENC.DLL -> [2011/07/02 02:44:27 | 000,226,304 | ---- | C] (Microsoft Corporation)
 syncui.dll -> C:\Windows\SysNative\syncui.dll -> [2011/07/02 02:44:27 | 000,200,192 | ---- | C] (Microsoft Corporation)
 VBICodec.ax -> C:\Windows\SysNative\VBICodec.ax -> [2011/07/02 02:44:27 | 000,196,096 | ---- | C] (Microsoft Corporation)
 netplwiz.dll -> C:\Windows\SysNative\netplwiz.dll -> [2011/07/02 02:44:27 | 000,193,024 | ---- | C] (Microsoft Corporation)
 autoplay.dll -> C:\Windows\SysNative\autoplay.dll -> [2011/07/02 02:44:27 | 000,155,136 | ---- | C] (Microsoft Corporation)
 cca.dll -> C:\Windows\SysNative\cca.dll -> [2011/07/02 02:44:27 | 000,095,232 | ---- | C] (Microsoft Corporation)
 isoburn.exe -> C:\Windows\SysNative\isoburn.exe -> [2011/07/02 02:44:27 | 000,091,648 | ---- | C] (Microsoft Corporation)
 fdeploy.dll -> C:\Windows\SysWow64\fdeploy.dll -> [2011/07/02 02:44:27 | 000,059,904 | ---- | C] (Microsoft Corporation)
 tzutil.exe -> C:\Windows\SysNative\tzutil.exe -> [2011/07/02 02:44:27 | 000,058,368 | ---- | C] (Microsoft Corporation)
 httpapi.dll -> C:\Windows\SysNative\httpapi.dll -> [2011/07/02 02:44:27 | 000,045,056 | ---- | C] (Microsoft Corporation)
 sisbkup.dll -> C:\Windows\SysNative\sisbkup.dll -> [2011/07/02 02:44:27 | 000,024,064 | ---- | C] (Microsoft Corporation)
 certcli.dll -> C:\Windows\SysNative\certcli.dll -> [2011/07/02 02:44:26 | 000,460,800 | ---- | C] (Microsoft Corporation)
 sysclass.dll -> C:\Windows\SysNative\sysclass.dll -> [2011/07/02 02:44:26 | 000,207,360 | ---- | C] (Microsoft Corporation)
 adsldp.dll -> C:\Windows\SysWow64\adsldp.dll -> [2011/07/02 02:44:26 | 000,186,880 | ---- | C] (Microsoft Corporation)
 netjoin.dll -> C:\Windows\SysWow64\netjoin.dll -> [2011/07/02 02:44:26 | 000,161,792 | ---- | C] (Microsoft Corporation)
 ncryptui.dll -> C:\Windows\SysNative\ncryptui.dll -> [2011/07/02 02:44:26 | 000,066,048 | ---- | C] (Microsoft Corporation)
 sspisrv.dll -> C:\Windows\SysNative\sspisrv.dll -> [2011/07/02 02:44:26 | 000,029,184 | ---- | C] (Microsoft Corporation)
 networkmap.dll -> C:\Windows\SysWow64\networkmap.dll -> [2011/07/02 02:44:25 | 002,130,944 | ---- | C] (Microsoft Corporation)
 sud.dll -> C:\Windows\SysWow64\sud.dll -> [2011/07/02 02:44:25 | 000,755,200 | ---- | C] (Microsoft Corporation)
 ActionCenter.dll -> C:\Windows\SysWow64\ActionCenter.dll -> [2011/07/02 02:44:25 | 000,744,448 | ---- | C] (Microsoft Corporation)
 ActionCenterCPL.dll -> C:\Windows\SysNative\ActionCenterCPL.dll -> [2011/07/02 02:44:25 | 000,549,888 | ---- | C] (Microsoft Corporation)
 sysmon.ocx -> C:\Windows\SysNative\sysmon.ocx -> [2011/07/02 02:44:25 | 000,474,112 | ---- | C] (Microsoft Corporation)
 spwizeng.dll -> C:\Windows\SysNative\spwizeng.dll -> [2011/07/02 02:44:25 | 000,445,952 | ---- | C] (Microsoft Corporation)
 termmgr.dll -> C:\Windows\SysNative\termmgr.dll -> [2011/07/02 02:44:25 | 000,421,888 | ---- | C] (Microsoft Corporation)
 wlanmsm.dll -> C:\Windows\SysNative\wlanmsm.dll -> [2011/07/02 02:44:25 | 000,414,720 | ---- | C] (Microsoft Corporation)
 prnfldr.dll -> C:\Windows\SysWow64\prnfldr.dll -> [2011/07/02 02:44:25 | 000,395,264 | ---- | C] (Microsoft Corporation)
 sysmon.ocx -> C:\Windows\SysWow64\sysmon.ocx -> [2011/07/02 02:44:25 | 000,389,632 | ---- | C] (Microsoft Corporation)
 Faultrep.dll -> C:\Windows\SysWow64\Faultrep.dll -> [2011/07/02 02:44:25 | 000,320,512 | ---- | C] (Microsoft Corporation)
 wusa.exe -> C:\Windows\SysWow64\wusa.exe -> [2011/07/02 02:44:25 | 000,314,880 | ---- | C] (Microsoft Corporation)
 MCEWMDRMNDBootstrap.dll -> C:\Windows\SysWow64\MCEWMDRMNDBootstrap.dll -> [2011/07/02 02:44:25 | 000,312,168 | ---- | C] (Microsoft Corporation)
 msieftp.dll -> C:\Windows\SysWow64\msieftp.dll -> [2011/07/02 02:44:25 | 000,301,568 | ---- | C] (Microsoft Corporation)
 photowiz.dll -> C:\Windows\SysWow64\photowiz.dll -> [2011/07/02 02:44:25 | 000,295,424 | ---- | C] (Microsoft Corporation)
 MediaMetadataHandler.dll -> C:\Windows\SysWow64\MediaMetadataHandler.dll -> [2011/07/02 02:44:25 | 000,266,752 | ---- | C] (Microsoft Corporation)
 MFPlay.dll -> C:\Windows\SysNative\MFPlay.dll -> [2011/07/02 02:44:25 | 000,240,640 | ---- | C] (Microsoft Corporation)
 OnLineIDCpl.dll -> C:\Windows\SysWow64\OnLineIDCpl.dll -> [2011/07/02 02:44:25 | 000,218,112 | ---- | C] (Microsoft Corporation)
 vdsutil.dll -> C:\Windows\SysNative\vdsutil.dll -> [2011/07/02 02:44:25 | 000,185,856 | ---- | C] (Microsoft Corporation)
 AuxiliaryDisplayServices.dll -> C:\Windows\SysNative\AuxiliaryDisplayServices.dll -> [2011/07/02 02:44:25 | 000,135,680 | ---- | C] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2011/07/02 02:44:25 | 000,097,280 | ---- | C] (Microsoft Corporation)
 ksxbar.ax -> C:\Windows\SysNative\ksxbar.ax -> [2011/07/02 02:44:25 | 000,066,048 | ---- | C] (Microsoft Corporation)
 bthprops.cpl -> C:\Windows\SysWow64\bthprops.cpl -> [2011/07/02 02:44:24 | 000,692,736 | ---- | C] (Microsoft Corporation)
 msscp.dll -> C:\Windows\SysNative\msscp.dll -> [2011/07/02 02:44:24 | 000,641,024 | ---- | C] (Microsoft Corporation)
 sqlcese30.dll -> C:\Windows\SysNative\sqlcese30.dll -> [2011/07/02 02:44:24 | 000,446,976 | ---- | C] (Microsoft Corporation)
 shwebsvc.dll -> C:\Windows\SysWow64\shwebsvc.dll -> [2011/07/02 02:44:24 | 000,428,544 | ---- | C] (Microsoft Corporation)
 intl.cpl -> C:\Windows\SysWow64\intl.cpl -> [2011/07/02 02:44:24 | 000,345,088 | ---- | C] (Microsoft Corporation)
 ReAgent.dll -> C:\Windows\SysNative\ReAgent.dll -> [2011/07/02 02:44:24 | 000,313,856 | ---- | C] (Microsoft Corporation)
 rstrui.exe -> C:\Windows\SysNative\rstrui.exe -> [2011/07/02 02:44:24 | 000,296,960 | ---- | C] (Microsoft Corporation)
 iprtrmgr.dll -> C:\Windows\SysNative\iprtrmgr.dll -> [2011/07/02 02:44:24 | 000,281,088 | ---- | C] (Microsoft Corporation)
 sethc.exe -> C:\Windows\SysNative\sethc.exe -> [2011/07/02 02:44:24 | 000,279,040 | ---- | C] (Microsoft Corporation)
 iprtrmgr.dll -> C:\Windows\SysWow64\iprtrmgr.dll -> [2011/07/02 02:44:24 | 000,271,360 | ---- | C] (Microsoft Corporation)
 defaultlocationcpl.dll -> C:\Windows\SysWow64\defaultlocationcpl.dll -> [2011/07/02 02:44:24 | 000,220,672 | ---- | C] (Microsoft Corporation)
 efscore.dll -> C:\Windows\SysWow64\efscore.dll -> [2011/07/02 02:44:24 | 000,205,312 | ---- | C] (Microsoft Corporation)
 SmartcardCredentialProvider.dll -> C:\Windows\SysNative\SmartcardCredentialProvider.dll -> [2011/07/02 02:44:24 | 000,189,952 | ---- | C] (Microsoft Corporation)
 odbccp32.dll -> C:\Windows\SysNative\odbccp32.dll -> [2011/07/02 02:44:24 | 000,163,840 | ---- | C] (Microsoft Corporation)
 ifsutil.dll -> C:\Windows\SysWow64\ifsutil.dll -> [2011/07/02 02:44:24 | 000,148,992 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2011/07/02 02:44:24 | 000,139,264 | ---- | C] (Microsoft Corporation)
 ntlanman.dll -> C:\Windows\SysNative\ntlanman.dll -> [2011/07/02 02:44:24 | 000,129,536 | ---- | C] (Microsoft Corporation)
 dot3cfg.dll -> C:\Windows\SysWow64\dot3cfg.dll -> [2011/07/02 02:44:24 | 000,082,432 | ---- | C] (Microsoft Corporation)
 rdpd3d.dll -> C:\Windows\SysNative\rdpd3d.dll -> [2011/07/02 02:44:24 | 000,068,096 | ---- | C] (Microsoft Corporation)
 wwanprotdim.dll -> C:\Windows\SysNative\wwanprotdim.dll -> [2011/07/02 02:44:24 | 000,048,640 | ---- | C] (Microsoft Corporation)
 tsgqec.dll -> C:\Windows\SysNative\tsgqec.dll -> [2011/07/02 02:44:24 | 000,044,032 | ---- | C] (Microsoft Corporation)
 ftp.exe -> C:\Windows\SysWow64\ftp.exe -> [2011/07/02 02:44:24 | 000,042,496 | ---- | C] (Microsoft Corporation)
 sisbkup.dll -> C:\Windows\SysWow64\sisbkup.dll -> [2011/07/02 02:44:24 | 000,019,456 | ---- | C] (Microsoft Corporation)
 OobeFldr.dll -> C:\Windows\SysWow64\OobeFldr.dll -> [2011/07/02 02:44:23 | 000,859,648 | ---- | C] (Microsoft Corporation)
 wmdrmsdk.dll -> C:\Windows\SysNative\wmdrmsdk.dll -> [2011/07/02 02:44:23 | 000,781,312 | ---- | C] (Microsoft Corporation)
 wmpmde.dll -> C:\Windows\SysWow64\wmpmde.dll -> [2011/07/02 02:44:23 | 000,738,816 | ---- | C] (Microsoft Corporation)
 ActionCenterCPL.dll -> C:\Windows\SysWow64\ActionCenterCPL.dll -> [2011/07/02 02:44:23 | 000,537,600 | ---- | C] (Microsoft Corporation)
 drmmgrtn.dll -> C:\Windows\SysNative\drmmgrtn.dll -> [2011/07/02 02:44:23 | 000,495,104 | ---- | C] (Microsoft Corporation)
 DeviceCenter.dll -> C:\Windows\SysWow64\DeviceCenter.dll -> [2011/07/02 02:44:23 | 000,484,864 | ---- | C] (Microsoft Corporation)
 systemcpl.dll -> C:\Windows\SysWow64\systemcpl.dll -> [2011/07/02 02:44:23 | 000,410,624 | ---- | C] (Microsoft Corporation)
 ntprint.dll -> C:\Windows\SysNative\ntprint.dll -> [2011/07/02 02:44:23 | 000,344,576 | ---- | C] (Microsoft Corporation)
 ssText3d.scr -> C:\Windows\SysNative\ssText3d.scr -> [2011/07/02 02:44:23 | 000,333,824 | ---- | C] (Microsoft Corporation)
 unimdm.tsp -> C:\Windows\SysNative\unimdm.tsp -> [2011/07/02 02:44:23 | 000,321,536 | ---- | C] (Microsoft Corporation)
 odbcjt32.dll -> C:\Windows\SysWow64\odbcjt32.dll -> [2011/07/02 02:44:23 | 000,319,488 | ---- | C] (Microsoft Corporation)
 ntprint.dll -> C:\Windows\SysWow64\ntprint.dll -> [2011/07/02 02:44:23 | 000,297,472 | ---- | C] (Microsoft Corporation)
 iTVData.dll -> C:\Windows\SysNative\iTVData.dll -> [2011/07/02 02:44:23 | 000,282,624 | ---- | C] (Microsoft Corporation)
 wavemsp.dll -> C:\Windows\SysNative\wavemsp.dll -> [2011/07/02 02:44:23 | 000,255,488 | ---- | C] (Microsoft Corporation)
 DevicePairingFolder.dll -> C:\Windows\SysNative\DevicePairingFolder.dll -> [2011/07/02 02:44:23 | 000,225,280 | ---- | C] (Microsoft Corporation)
 odbctrac.dll -> C:\Windows\SysNative\odbctrac.dll -> [2011/07/02 02:44:23 | 000,212,992 | ---- | C] (Microsoft Corporation)
 dskquoui.dll -> C:\Windows\SysWow64\dskquoui.dll -> [2011/07/02 02:44:23 | 000,196,608 | ---- | C] (Microsoft Corporation)
 powercfg.cpl -> C:\Windows\SysNative\powercfg.cpl -> [2011/07/02 02:44:23 | 000,173,568 | ---- | C] (Microsoft Corporation)
 syncui.dll -> C:\Windows\SysWow64\syncui.dll -> [2011/07/02 02:44:23 | 000,159,232 | ---- | C] (Microsoft Corporation)
 SmartcardCredentialProvider.dll -> C:\Windows\SysWow64\SmartcardCredentialProvider.dll -> [2011/07/02 02:44:23 | 000,152,064 | ---- | C] (Microsoft Corporation)
 autoplay.dll -> C:\Windows\SysWow64\autoplay.dll -> [2011/07/02 02:44:23 | 000,146,944 | ---- | C] (Microsoft Corporation)
 NAPHLPR.DLL -> C:\Windows\SysNative\NAPHLPR.DLL -> [2011/07/02 02:44:23 | 000,133,632 | ---- | C] (Microsoft Corporation)
 srvcli.dll -> C:\Windows\SysNative\srvcli.dll -> [2011/07/02 02:44:23 | 000,128,000 | ---- | C] (Microsoft Corporation)
 iesysprep.dll -> C:\Windows\SysWow64\iesysprep.dll -> [2011/07/02 02:44:23 | 000,114,688 | ---- | C] (Microsoft Corporation)
 nslookup.exe -> C:\Windows\SysNative\nslookup.exe -> [2011/07/02 02:44:23 | 000,109,568 | ---- | C] (Microsoft Corporation)
 UserAccountControlSettings.dll -> C:\Windows\SysNative\UserAccountControlSettings.dll -> [2011/07/02 02:44:23 | 000,084,480 | ---- | C] (Microsoft Corporation)
 ntlanman.dll -> C:\Windows\SysWow64\ntlanman.dll -> [2011/07/02 02:44:23 | 000,069,120 | ---- | C] (Microsoft Corporation)
 WSTPager.ax -> C:\Windows\SysWow64\WSTPager.ax -> [2011/07/02 02:44:23 | 000,068,608 | ---- | C] (Microsoft Corporation)
 acppage.dll -> C:\Windows\SysNative\acppage.dll -> [2011/07/02 02:44:23 | 000,053,248 | ---- | C] (Microsoft Corporation)
 rtutils.dll -> C:\Windows\SysWow64\rtutils.dll -> [2011/07/02 02:44:23 | 000,037,376 | ---- | C] (Microsoft Corporation)
 secur32.dll -> C:\Windows\SysNative\secur32.dll -> [2011/07/02 02:44:23 | 000,028,160 | ---- | C] (Microsoft Corporation)
 slwga.dll -> C:\Windows\SysNative\slwga.dll -> [2011/07/02 02:44:23 | 000,015,360 | ---- | C] (Microsoft Corporation)
 networkexplorer.dll -> C:\Windows\SysNative\networkexplorer.dll -> [2011/07/02 02:44:22 | 001,672,704 | ---- | C] (Microsoft Corporation)
 blackbox.dll -> C:\Windows\SysWow64\blackbox.dll -> [2011/07/02 02:44:22 | 000,743,424 | ---- | C] (Microsoft Corporation)
 nshwfp.dll -> C:\Windows\SysWow64\nshwfp.dll -> [2011/07/02 02:44:22 | 000,656,384 | ---- | C] (Microsoft Corporation)
 riched20.dll -> C:\Windows\SysWow64\riched20.dll -> [2011/07/02 02:44:22 | 000,473,600 | ---- | C] (Microsoft Corporation)
 srrstr.dll -> C:\Windows\SysNative\srrstr.dll -> [2011/07/02 02:44:22 | 000,270,848 | ---- | C] (Microsoft Corporation)
 sethc.exe -> C:\Windows\SysWow64\sethc.exe -> [2011/07/02 02:44:22 | 000,270,336 | ---- | C] (Microsoft Corporation)
 fsquirt.exe -> C:\Windows\SysNative\fsquirt.exe -> [2011/07/02 02:44:22 | 000,229,376 | ---- | C] (Microsoft Corporation)
 activeds.dll -> C:\Windows\SysWow64\activeds.dll -> [2011/07/02 02:44:22 | 000,202,752 | ---- | C] (Microsoft Corporation)
 ksproxy.ax -> C:\Windows\SysWow64\ksproxy.ax -> [2011/07/02 02:44:22 | 000,193,536 | ---- | C] (Microsoft Corporation)
 wmpsrcwp.dll -> C:\Windows\SysWow64\wmpsrcwp.dll -> [2011/07/02 02:44:22 | 000,182,272 | ---- | C] (Microsoft Corporation)
 netplwiz.dll -> C:\Windows\SysWow64\netplwiz.dll -> [2011/07/02 02:44:22 | 000,175,616 | ---- | C] (Microsoft Corporation)
 bcdboot.exe -> C:\Windows\SysNative\bcdboot.exe -> [2011/07/02 02:44:22 | 000,175,616 | ---- | C] (Microsoft Corporation)
 NAPHLPR.DLL -> C:\Windows\SysWow64\NAPHLPR.DLL -> [2011/07/02 02:44:22 | 000,107,008 | ---- | C] (Microsoft Corporation)
 sppnp.dll -> C:\Windows\SysNative\sppnp.dll -> [2011/07/02 02:44:22 | 000,102,400 | ---- | C] (Microsoft Corporation)
 migisol.dll -> C:\Windows\SysWow64\migisol.dll -> [2011/07/02 02:44:22 | 000,101,888 | ---- | C] (Microsoft Corporation)
 cabinet.dll -> C:\Windows\SysNative\cabinet.dll -> [2011/07/02 02:44:22 | 000,094,720 | ---- | C] (Microsoft Corporation)
 fms.dll -> C:\Windows\SysWow64\fms.dll -> [2011/07/02 02:44:22 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider)
 cdosys.dll -> C:\Windows\SysNative\cdosys.dll -> [2011/07/02 02:44:21 | 001,133,568 | ---- | C] (Microsoft Corporation)
 blackbox.dll -> C:\Windows\SysNative\blackbox.dll -> [2011/07/02 02:44:21 | 000,840,192 | ---- | C] (Microsoft Corporation)
 cdosys.dll -> C:\Windows\SysWow64\cdosys.dll -> [2011/07/02 02:44:21 | 000,805,376 | ---- | C] (Microsoft Corporation)
 dsuiext.dll -> C:\Windows\SysWow64\dsuiext.dll -> [2011/07/02 02:44:21 | 000,685,056 | ---- | C] (Microsoft Corporation)
 dfrgui.exe -> C:\Windows\SysNative\dfrgui.exe -> [2011/07/02 02:44:21 | 000,606,208 | ---- | C] (Microsoft Corporation)
 wvc.dll -> C:\Windows\SysNative\wvc.dll -> [2011/07/02 02:44:21 | 000,594,432 | ---- | C] (Microsoft Corporation)
 msftedit.dll -> C:\Windows\SysWow64\msftedit.dll -> [2011/07/02 02:44:21 | 000,592,384 | ---- | C] (Microsoft Corporation)
 dfrgui.exe -> C:\Windows\SysWow64\dfrgui.exe -> [2011/07/02 02:44:21 | 000,586,752 | ---- | C] (Microsoft Corporation)
 wlanmsm.dll -> C:\Windows\SysWow64\wlanmsm.dll -> [2011/07/02 02:44:21 | 000,428,032 | ---- | C] (Microsoft Corporation)
 wmpdxm.dll -> C:\Windows\SysNative\wmpdxm.dll -> [2011/07/02 02:44:21 | 000,358,400 | ---- | C] (Microsoft Corporation)
 nshipsec.dll -> C:\Windows\SysWow64\nshipsec.dll -> [2011/07/02 02:44:21 | 000,346,112 | ---- | C] (Microsoft Corporation)
 dot3ui.dll -> C:\Windows\SysWow64\dot3ui.dll -> [2011/07/02 02:44:21 | 000,333,824 | ---- | C] (Microsoft Corporation)
 wsqmcons.exe -> C:\Windows\SysNative\wsqmcons.exe -> [2011/07/02 02:44:21 | 000,293,888 | ---- | C] (Microsoft Corporation)
 ReAgent.dll -> C:\Windows\SysWow64\ReAgent.dll -> [2011/07/02 02:44:21 | 000,247,808 | ---- | C] (Microsoft Corporation)
 wavemsp.dll -> C:\Windows\SysWow64\wavemsp.dll -> [2011/07/02 02:44:21 | 000,222,208 | ---- | C] (Microsoft Corporation)
 WinSCard.dll -> C:\Windows\SysNative\WinSCard.dll -> [2011/07/02 02:44:21 | 000,217,600 | ---- | C] (Microsoft Corporation)
 wuwebv.dll -> C:\Windows\SysNative\wuwebv.dll -> [2011/07/02 02:44:21 | 000,178,688 | ---- | C] (Microsoft Corporation)
 wuwebv.dll -> C:\Windows\SysWow64\wuwebv.dll -> [2011/07/02 02:44:21 | 000,164,352 | ---- | C] (Microsoft Corporation)
 remotepg.dll -> C:\Windows\SysNative\remotepg.dll -> [2011/07/02 02:44:21 | 000,153,088 | ---- | C] (Microsoft Corporation)
 net1.exe -> C:\Windows\SysNative\net1.exe -> [2011/07/02 02:44:21 | 000,152,064 | ---- | C] (Microsoft Corporation)
 kstvtune.ax -> C:\Windows\SysNative\kstvtune.ax -> [2011/07/02 02:44:21 | 000,102,912 | ---- | C] (Microsoft Corporation)
 isoburn.exe -> C:\Windows\SysWow64\isoburn.exe -> [2011/07/02 02:44:21 | 000,086,528 | ---- | C] (Microsoft Corporation)
 wkscli.dll -> C:\Windows\SysNative\wkscli.dll -> [2011/07/02 02:44:21 | 000,071,680 | ---- | C] (Microsoft Corporation)
 wsnmp32.dll -> C:\Windows\SysNative\wsnmp32.dll -> [2011/07/02 02:44:21 | 000,067,072 | ---- | C] (Microsoft Corporation)
 ftp.exe -> C:\Windows\SysNative\ftp.exe -> [2011/07/02 02:44:21 | 000,048,128 | ---- | C] (Microsoft Corporation)
 tzutil.exe -> C:\Windows\SysWow64\tzutil.exe -> [2011/07/02 02:44:21 | 000,047,616 | ---- | C] (Microsoft Corporation)
 httpapi.dll -> C:\Windows\SysWow64\httpapi.dll -> [2011/07/02 02:44:21 | 000,034,816 | ---- | C] (Microsoft Corporation)
 wmdrmdev.dll -> C:\Windows\SysNative\wmdrmdev.dll -> [2011/07/02 02:44:20 | 000,636,416 | ---- | C] (Microsoft Corporation)
 wvc.dll -> C:\Windows\SysWow64\wvc.dll -> [2011/07/02 02:44:20 | 000,444,928 | ---- | C] (Microsoft Corporation)
 wimgapi.dll -> C:\Windows\SysWow64\wimgapi.dll -> [2011/07/02 02:44:20 | 000,406,528 | ---- | C] (Microsoft Corporation)
 mfps.dll -> C:\Windows\SysNative\mfps.dll -> [2011/07/02 02:44:20 | 000,206,848 | ---- | C] (Microsoft Corporation)
 ocsetup.exe -> C:\Windows\SysWow64\ocsetup.exe -> [2011/07/02 02:44:20 | 000,197,632 | ---- | C] (Microsoft Corporation)
 wtsapi32.dll -> C:\Windows\SysWow64\wtsapi32.dll -> [2011/07/02 02:44:20 | 000,040,448 | ---- | C] (Microsoft Corporation)
 WerFaultSecure.exe -> C:\Windows\SysNative\WerFaultSecure.exe -> [2011/07/02 02:44:20 | 000,026,112 | ---- | C] (Microsoft Corporation)
 OpcServices.dll -> C:\Windows\SysNative\OpcServices.dll -> [2011/07/02 02:44:19 | 001,911,808 | ---- | C] (Microsoft Corporation)
 Bubbles.scr -> C:\Windows\SysNative\Bubbles.scr -> [2011/07/02 02:44:19 | 000,899,584 | ---- | C] (Microsoft Corporation)
 main.cpl -> C:\Windows\SysNative\main.cpl -> [2011/07/02 02:44:19 | 000,497,664 | ---- | C] (Microsoft Corporation)
 diskraid.exe -> C:\Windows\SysNative\diskraid.exe -> [2011/07/02 02:44:19 | 000,363,520 | ---- | C] (Microsoft Corporation)
 ssText3d.scr -> C:\Windows\SysWow64\ssText3d.scr -> [2011/07/02 02:44:19 | 000,293,888 | ---- | C] (Microsoft Corporation)
 unimdm.tsp -> C:\Windows\SysWow64\unimdm.tsp -> [2011/07/02 02:44:19 | 000,281,088 | ---- | C] (Microsoft Corporation)
 dxgmms1.sys -> C:\Windows\SysNative\drivers\dxgmms1.sys -> [2011/07/02 02:44:19 | 000,258,048 | ---- | C] (Microsoft Corporation)
 Mystify.scr -> C:\Windows\SysNative\Mystify.scr -> [2011/07/02 02:44:19 | 000,242,688 | ---- | C] (Microsoft Corporation)
 Ribbons.scr -> C:\Windows\SysNative\Ribbons.scr -> [2011/07/02 02:44:19 | 000,241,664 | ---- | C] (Microsoft Corporation)
 mstask.dll -> C:\Windows\SysWow64\mstask.dll -> [2011/07/02 02:44:19 | 000,209,920 | ---- | C] (Microsoft Corporation)
 qasf.dll -> C:\Windows\SysWow64\qasf.dll -> [2011/07/02 02:44:19 | 000,206,848 | ---- | C] (Microsoft Corporation)
 msrating.dll -> C:\Windows\SysWow64\msrating.dll -> [2011/07/02 02:44:19 | 000,195,072 | ---- | C] (Microsoft Corporation)
 qcap.dll -> C:\Windows\SysWow64\qcap.dll -> [2011/07/02 02:44:19 | 000,190,976 | ---- | C] (Microsoft Corporation)
 WUDFPlatform.dll -> C:\Windows\SysNative\WUDFPlatform.dll -> [2011/07/02 02:44:19 | 000,182,784 | ---- | C] (Microsoft Corporation)
 ifsutil.dll -> C:\Windows\SysNative\ifsutil.dll -> [2011/07/02 02:44:19 | 000,180,736 | ---- | C] (Microsoft Corporation)
 occache.dll -> C:\Windows\SysWow64\occache.dll -> [2011/07/02 02:44:19 | 000,153,088 | ---- | C] (Microsoft Corporation)
 twext.dll -> C:\Windows\SysWow64\twext.dll -> [2011/07/02 02:44:19 | 000,146,432 | ---- | C] (Microsoft Corporation)
 msvfw32.dll -> C:\Windows\SysWow64\msvfw32.dll -> [2011/07/02 02:44:19 | 000,120,320 | ---- | C] (Microsoft Corporation)
 uxlib.dll -> C:\Windows\SysWow64\uxlib.dll -> [2011/07/02 02:44:19 | 000,118,784 | ---- | C] (Microsoft Corporation)
 setupugc.exe -> C:\Windows\SysWow64\setupugc.exe -> [2011/07/02 02:44:19 | 000,113,152 | ---- | C] (Microsoft Corporation)
 mapistub.dll -> C:\Windows\SysNative\mapistub.dll -> [2011/07/02 02:44:19 | 000,091,648 | ---- | C] (Microsoft Corporation)
 mapi32.dll -> C:\Windows\SysNative\mapi32.dll -> [2011/07/02 02:44:19 | 000,091,648 | ---- | C] (Microsoft Corporation)
 unimdmat.dll -> C:\Windows\SysNative\unimdmat.dll -> [2011/07/02 02:44:19 | 000,073,216 | ---- | C] (Microsoft Corporation)
 twain_32.dll -> C:\Windows\twain_32.dll -> [2011/07/02 02:44:19 | 000,051,200 | ---- | C] (Twain Working Group)
 iscsium.dll -> C:\Windows\SysNative\iscsium.dll -> [2011/07/02 02:44:19 | 000,037,376 | ---- | C] (Microsoft Corporation)
 slwga.dll -> C:\Windows\SysWow64\slwga.dll -> [2011/07/02 02:44:19 | 000,014,336 | ---- | C] (Microsoft Corporation)
 TsUsbRedirectionGroupPolicyControl.exe -> C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe -> [2011/07/02 02:44:19 | 000,008,192 | ---- | C] (Microsoft Corporation)
 wmdrmsdk.dll -> C:\Windows\SysWow64\wmdrmsdk.dll -> [2011/07/02 02:44:18 | 000,616,960 | ---- | C] (Microsoft Corporation)
 d3d10level9.dll -> C:\Windows\SysNative\d3d10level9.dll -> [2011/07/02 02:44:18 | 000,573,952 | ---- | C] (Microsoft Corporation)
 msscp.dll -> C:\Windows\SysWow64\msscp.dll -> [2011/07/02 02:44:18 | 000,504,320 | ---- | C] (Microsoft Corporation)
 WindowsAnytimeUpgradeResults.exe -> C:\Windows\SysNative\WindowsAnytimeUpgradeResults.exe -> [2011/07/02 02:44:18 | 000,294,912 | ---- | C] (Microsoft Corporation)
 audiodev.dll -> C:\Windows\SysWow64\audiodev.dll -> [2011/07/02 02:44:18 | 000,243,712 | ---- | C] (Microsoft Corporation)
 clusapi.dll -> C:\Windows\SysWow64\clusapi.dll -> [2011/07/02 02:44:18 | 000,230,912 | ---- | C] (Microsoft Corporation)
 rdpencom.dll -> C:\Windows\SysNative\rdpencom.dll -> [2011/07/02 02:44:18 | 000,222,208 | ---- | C] (Microsoft Corporation)
 DevicePairingFolder.dll -> C:\Windows\SysWow64\DevicePairingFolder.dll -> [2011/07/02 02:44:18 | 000,211,456 | ---- | C] (Microsoft Corporation)
 perfmon.exe -> C:\Windows\SysNative\perfmon.exe -> [2011/07/02 02:44:18 | 000,172,544 | ---- | C] (Microsoft Corporation)
 wmpshell.dll -> C:\Windows\SysNative\wmpshell.dll -> [2011/07/02 02:44:18 | 000,132,608 | ---- | C] (Microsoft Corporation)
 nslookup.exe -> C:\Windows\SysWow64\nslookup.exe -> [2011/07/02 02:44:18 | 000,098,304 | ---- | C] (Microsoft Corporation)
 mciavi32.dll -> C:\Windows\SysWow64\mciavi32.dll -> [2011/07/02 02:44:18 | 000,084,480 | ---- | C] (Microsoft Corporation)
 imgutil.dll -> C:\Windows\SysWow64\imgutil.dll -> [2011/07/02 02:44:18 | 000,034,304 | ---- | C] (Microsoft Corporation)
 AzSqlExt.dll -> C:\Windows\SysNative\AzSqlExt.dll -> [2011/07/02 02:44:18 | 000,031,744 | ---- | C] (Microsoft Corporation)
 muifontsetup.dll -> C:\Windows\SysNative\muifontsetup.dll -> [2011/07/02 02:44:18 | 000,016,896 | ---- | C] (Microsoft Corporation)
 WMADMOD.DLL -> C:\Windows\SysNative\WMADMOD.DLL -> [2011/07/02 02:44:17 | 001,232,896 | ---- | C] (Microsoft Corporation)
 dbghelp.dll -> C:\Windows\SysNative\dbghelp.dll -> [2011/07/02 02:44:17 | 001,087,488 | ---- | C] (Microsoft Corporation)
 FXSAPI.dll -> C:\Windows\SysNative\FXSAPI.dll -> [2011/07/02 02:44:17 | 000,623,104 | ---- | C] (Microsoft Corporation)
 drmmgrtn.dll -> C:\Windows\SysWow64\drmmgrtn.dll -> [2011/07/02 02:44:17 | 000,402,944 | ---- | C] (Microsoft Corporation)
 raschap.dll -> C:\Windows\SysNative\raschap.dll -> [2011/07/02 02:44:17 | 000,337,920 | ---- | C] (Microsoft Corporation)
 wimserv.exe -> C:\Windows\SysWow64\wimserv.exe -> [2011/07/02 02:44:17 | 000,327,680 | ---- | C] (Microsoft Corporation)
 raschap.dll -> C:\Windows\SysWow64\raschap.dll -> [2011/07/02 02:44:17 | 000,318,976 | ---- | C] (Microsoft Corporation)
 diskraid.exe -> C:\Windows\SysWow64\diskraid.exe -> [2011/07/02 02:44:17 | 000,276,480 | ---- | C] (Microsoft Corporation)
 qasf.dll -> C:\Windows\SysNative\qasf.dll -> [2011/07/02 02:44:17 | 000,254,464 | ---- | C] (Microsoft Corporation)
 wpdwcn.dll -> C:\Windows\SysNative\wpdwcn.dll -> [2011/07/02 02:44:17 | 000,215,040 | ---- | C] (Microsoft Corporation)
 ActionQueue.dll -> C:\Windows\SysNative\ActionQueue.dll -> [2011/07/02 02:44:17 | 000,213,504 | ---- | C] (Microsoft Corporation)
 input.dll -> C:\Windows\SysWow64\input.dll -> [2011/07/02 02:44:17 | 000,202,240 | ---- | C] (Microsoft Corporation)
 rdpencom.dll -> C:\Windows\SysWow64\rdpencom.dll -> [2011/07/02 02:44:17 | 000,186,368 | ---- | C] (Microsoft Corporation)
 ocsetapi.dll -> C:\Windows\SysWow64\ocsetapi.dll -> [2011/07/02 02:44:17 | 000,174,592 | ---- | C] (Microsoft Corporation)
 perfmon.exe -> C:\Windows\SysWow64\perfmon.exe -> [2011/07/02 02:44:17 | 000,157,184 | ---- | C] (Microsoft Corporation)
 remotepg.dll -> C:\Windows\SysWow64\remotepg.dll -> [2011/07/02 02:44:17 | 000,146,944 | ---- | C] (Microsoft Corporation)
 MdSched.exe -> C:\Windows\SysNative\MdSched.exe -> [2011/07/02 02:44:17 | 000,146,944 | ---- | C] (Microsoft Corporation)
 inseng.dll -> C:\Windows\SysNative\inseng.dll -> [2011/07/02 02:44:17 | 000,125,440 | ---- | C] (Microsoft Corporation)
 wiavideo.dll -> C:\Windows\SysNative\wiavideo.dll -> [2011/07/02 02:44:17 | 000,124,928 | ---- | C] (Microsoft Corporation)
 odbccp32.dll -> C:\Windows\SysWow64\odbccp32.dll -> [2011/07/02 02:44:17 | 000,122,880 | ---- | C] (Microsoft Corporation)
 QUTIL.DLL -> C:\Windows\SysWow64\QUTIL.DLL -> [2011/07/02 02:44:17 | 000,080,896 | ---- | C] (Microsoft Corporation)
 UserAccountControlSettings.dll -> C:\Windows\SysWow64\UserAccountControlSettings.dll -> [2011/07/02 02:44:17 | 000,078,848 | ---- | C] (Microsoft Corporation)
 tlscsp.dll -> C:\Windows\SysNative\tlscsp.dll -> [2011/07/02 02:44:17 | 000,073,728 | ---- | C] (Microsoft Corporation)
 bfsvc.exe -> C:\Windows\bfsvc.exe -> [2011/07/02 02:44:17 | 000,071,168 | ---- | C] (Microsoft Corporation)
 umb.dll -> C:\Windows\SysNative\umb.dll -> [2011/07/02 02:44:17 | 000,059,904 | ---- | C] (Microsoft Corporation)
 runonce.exe -> C:\Windows\SysNative\runonce.exe -> [2011/07/02 02:44:17 | 000,056,832 | ---- | C] (Microsoft Corporation)
 NAPCRYPT.DLL -> C:\Windows\SysNative\NAPCRYPT.DLL -> [2011/07/02 02:44:17 | 000,050,176 | ---- | C] (Microsoft Corporation)
 NAPCRYPT.DLL -> C:\Windows\SysWow64\NAPCRYPT.DLL -> [2011/07/02 02:44:17 | 000,046,080 | ---- | C] (Microsoft Corporation)
 acppage.dll -> C:\Windows\SysWow64\acppage.dll -> [2011/07/02 02:44:17 | 000,045,568 | ---- | C] (Microsoft Corporation)
 netutils.dll -> C:\Windows\SysNative\netutils.dll -> [2011/07/02 02:44:17 | 000,029,184 | ---- | C] (Microsoft Corporation)
 syssetup.dll -> C:\Windows\SysNative\syssetup.dll -> [2011/07/02 02:44:17 | 000,017,408 | ---- | C] (Microsoft Corporation)
 onexui.dll -> C:\Windows\SysWow64\onexui.dll -> [2011/07/02 02:44:16 | 001,111,552 | ---- | C] (Microsoft Corporation)
 WMVSDECD.DLL -> C:\Windows\SysNative\WMVSDECD.DLL -> [2011/07/02 02:44:16 | 000,666,112 | ---- | C] (Microsoft Corporation)
 nltest.exe -> C:\Windows\SysNative\nltest.exe -> [2011/07/02 02:44:16 | 000,395,776 | ---- | C] (Microsoft Corporation)
 wmpdxm.dll -> C:\Windows\SysWow64\wmpdxm.dll -> [2011/07/02 02:44:16 | 000,299,520 | ---- | C] (Microsoft Corporation)
 mstask.dll -> C:\Windows\SysNative\mstask.dll -> [2011/07/02 02:44:16 | 000,238,080 | ---- | C] (Microsoft Corporation)
 bitsadmin.exe -> C:\Windows\SysNative\bitsadmin.exe -> [2011/07/02 02:44:16 | 000,232,448 | ---- | C] (Microsoft Corporation)
 iTVData.dll -> C:\Windows\SysWow64\iTVData.dll -> [2011/07/02 02:44:16 | 000,219,648 | ---- | C] (Microsoft Corporation)
 dxdiagn.dll -> C:\Windows\SysWow64\dxdiagn.dll -> [2011/07/02 02:44:16 | 000,210,432 | ---- | C] (Microsoft Corporation)
 wpdwcn.dll -> C:\Windows\SysWow64\wpdwcn.dll -> [2011/07/02 02:44:16 | 000,198,144 | ---- | C] (Microsoft Corporation)
 vdsbas.dll -> C:\Windows\SysNative\vdsbas.dll -> [2011/07/02 02:44:16 | 000,190,976 | ---- | C] (Microsoft Corporation)
 vdsbas.dll -> C:\Windows\SysWow64\vdsbas.dll -> [2011/07/02 02:44:16 | 000,160,256 | ---- | C] (Microsoft Corporation)
 rmcast.sys -> C:\Windows\SysNative\drivers\rmcast.sys -> [2011/07/02 02:44:16 | 000,146,432 | ---- | C] (Microsoft Corporation)
 Kswdmcap.ax -> C:\Windows\SysNative\Kswdmcap.ax -> [2011/07/02 02:44:16 | 000,133,120 | ---- | C] (Microsoft Corporation)
 inseng.dll -> C:\Windows\SysWow64\inseng.dll -> [2011/07/02 02:44:16 | 000,096,256 | ---- | C] (Microsoft Corporation)
 logagent.exe -> C:\Windows\SysWow64\logagent.exe -> [2011/07/02 02:44:16 | 000,095,232 | ---- | C] (Microsoft Corporation)
 RegisterIEPKEYs.exe -> C:\Windows\SysWow64\RegisterIEPKEYs.exe -> [2011/07/02 02:44:16 | 000,083,968 | ---- | C] (Microsoft Corporation)
 runonce.exe -> C:\Windows\SysWow64\runonce.exe -> [2011/07/02 02:44:16 | 000,050,688 | ---- | C] (Microsoft Corporation)
 PrintIsolationProxy.dll -> C:\Windows\SysNative\PrintIsolationProxy.dll -> [2011/07/02 02:44:16 | 000,048,128 | ---- | C] (Microsoft Corporation)
 vpnikeapi.dll -> C:\Windows\SysWow64\vpnikeapi.dll -> [2011/07/02 02:44:16 | 000,025,600 | ---- | C] (Microsoft Corporation)
 WMSPDMOD.DLL -> C:\Windows\SysNative\WMSPDMOD.DLL -> [2011/07/02 02:44:15 | 000,978,944 | ---- | C] (Microsoft Corporation)
 Bubbles.scr -> C:\Windows\SysWow64\Bubbles.scr -> [2011/07/02 02:44:15 | 000,878,592 | ---- | C] (Microsoft Corporation)
 wmdrmnet.dll -> C:\Windows\SysNative\wmdrmnet.dll -> [2011/07/02 02:44:15 | 000,527,872 | ---- | C] (Microsoft Corporation)
 wmdrmdev.dll -> C:\Windows\SysWow64\wmdrmdev.dll -> [2011/07/02 02:44:15 | 000,507,392 | ---- | C] (Microsoft Corporation)
 d3d10level9.dll -> C:\Windows\SysWow64\d3d10level9.dll -> [2011/07/02 02:44:15 | 000,489,984 | ---- | C] (Microsoft Corporation)
 WPDSp.dll -> C:\Windows\SysNative\WPDSp.dll -> [2011/07/02 02:44:15 | 000,431,104 | ---- | C] (Microsoft Corporation)
 msnetobj.dll -> C:\Windows\SysNative\msnetobj.dll -> [2011/07/02 02:44:15 | 000,325,632 | ---- | C] (Microsoft Corporation)
 sqlcese30.dll -> C:\Windows\SysWow64\sqlcese30.dll -> [2011/07/02 02:44:15 | 000,309,760 | ---- | C] (Microsoft Corporation)
 qdv.dll -> C:\Windows\SysNative\qdv.dll -> [2011/07/02 02:44:15 | 000,250,880 | ---- | C] (Microsoft Corporation)
 eapp3hst.dll -> C:\Windows\SysWow64\eapp3hst.dll -> [2011/07/02 02:44:15 | 000,242,176 | ---- | C] (Microsoft Corporation)
 PortableDeviceSyncProvider.dll -> C:\Windows\SysNative\PortableDeviceSyncProvider.dll -> [2011/07/02 02:44:15 | 000,224,256 | ---- | C] (Microsoft Corporation)
 bitsadmin.exe -> C:\Windows\SysWow64\bitsadmin.exe -> [2011/07/02 02:44:15 | 000,186,368 | ---- | C] (Microsoft Corporation)
 qcap.dll -> C:\Windows\SysNative\qcap.dll -> [2011/07/02 02:44:15 | 000,181,248 | ---- | C] (Microsoft Corporation)
 MFPlay.dll -> C:\Windows\SysWow64\MFPlay.dll -> [2011/07/02 02:44:15 | 000,176,128 | ---- | C] (Microsoft Corporation)
 mprapi.dll -> C:\Windows\SysWow64\mprapi.dll -> [2011/07/02 02:44:15 | 000,158,720 | ---- | C] (Microsoft Corporation)
 shacct.dll -> C:\Windows\SysNative\shacct.dll -> [2011/07/02 02:44:15 | 000,135,168 | ---- | C] (Microsoft Corporation)
 QSVRMGMT.DLL -> C:\Windows\SysNative\QSVRMGMT.DLL -> [2011/07/02 02:44:15 | 000,124,416 | ---- | C] (Microsoft Corporation)
 secproc_ssp_isv.dll -> C:\Windows\SysNative\secproc_ssp_isv.dll -> [2011/07/02 02:44:15 | 000,121,856 | ---- | C] (Microsoft Corporation)
 secproc_ssp.dll -> C:\Windows\SysNative\secproc_ssp.dll -> [2011/07/02 02:44:15 | 000,121,856 | ---- | C] (Microsoft Corporation)
 shacct.dll -> C:\Windows\SysWow64\shacct.dll -> [2011/07/02 02:44:15 | 000,108,032 | ---- | C] (Microsoft Corporation)
 wmpshell.dll -> C:\Windows\SysWow64\wmpshell.dll -> [2011/07/02 02:44:15 | 000,105,472 | ---- | C] (Microsoft Corporation)
 logman.exe -> C:\Windows\SysNative\logman.exe -> [2011/07/02 02:44:15 | 000,104,448 | ---- | C] (Microsoft Corporation)
 wudriver.dll -> C:\Windows\SysNative\wudriver.dll -> [2011/07/02 02:44:15 | 000,098,304 | ---- | C] (Microsoft Corporation)
 wudriver.dll -> C:\Windows\SysWow64\wudriver.dll -> [2011/07/02 02:44:15 | 000,087,552 | ---- | C] (Microsoft Corporation)
 tabcal.exe -> C:\Windows\SysNative\tabcal.exe -> [2011/07/02 02:44:15 | 000,078,848 | ---- | C] (Microsoft Corporation)
 vss_ps.dll -> C:\Windows\SysNative\vss_ps.dll -> [2011/07/02 02:44:15 | 000,061,952 | ---- | C] (Microsoft Corporation)
 unimdmat.dll -> C:\Windows\SysWow64\unimdmat.dll -> [2011/07/02 02:44:15 | 000,059,392 | ---- | C] (Microsoft Corporation)
 rdpd3d.dll -> C:\Windows\SysWow64\rdpd3d.dll -> [2011/07/02 02:44:15 | 000,052,224 | ---- | C] (Microsoft Corporation)
 cscapi.dll -> C:\Windows\SysNative\cscapi.dll -> [2011/07/02 02:44:15 | 000,046,080 | ---- | C] (Microsoft Corporation)
 iscsium.dll -> C:\Windows\SysWow64\iscsium.dll -> [2011/07/02 02:44:15 | 000,028,672 | ---- | C] (Microsoft Corporation)
 lsmproxy.dll -> C:\Windows\SysWow64\lsmproxy.dll -> [2011/07/02 02:44:15 | 000,021,504 | ---- | C] (Microsoft Corporation)
 OpcServices.dll -> C:\Windows\SysWow64\OpcServices.dll -> [2011/07/02 02:44:14 | 001,160,192 | ---- | C] (Microsoft Corporation)
 pdh.dll -> C:\Windows\SysWow64\pdh.dll -> [2011/07/02 02:44:14 | 000,236,544 | ---- | C] (Microsoft Corporation)
 PortableDeviceSyncProvider.dll -> C:\Windows\SysWow64\PortableDeviceSyncProvider.dll -> [2011/07/02 02:44:14 | 000,183,296 | ---- | C] (Microsoft Corporation)
 RegisterIEPKEYs.exe -> C:\Windows\SysNative\RegisterIEPKEYs.exe -> [2011/07/02 02:44:14 | 000,098,816 | ---- | C] (Microsoft Corporation)
 kstvtune.ax -> C:\Windows\SysWow64\kstvtune.ax -> [2011/07/02 02:44:14 | 000,084,480 | ---- | C] (Microsoft Corporation)
 logman.exe -> C:\Windows\SysWow64\logman.exe -> [2011/07/02 02:44:14 | 000,082,944 | ---- | C] (Microsoft Corporation)
 spbcd.dll -> C:\Windows\SysNative\spbcd.dll -> [2011/07/02 02:44:14 | 000,078,848 | ---- | C] (Microsoft Corporation)
 IMJP10.IME -> C:\Windows\SysNative\IMJP10.IME -> [2011/07/02 02:44:13 | 001,148,416 | ---- | C] (Microsoft Corporation)
 WMADMOD.DLL -> C:\Windows\SysWow64\WMADMOD.DLL -> [2011/07/02 02:44:13 | 000,902,656 | ---- | C] (Microsoft Corporation)
 WMVSDECD.DLL -> C:\Windows\SysWow64\WMVSDECD.DLL -> [2011/07/02 02:44:13 | 000,541,184 | ---- | C] (Microsoft Corporation)
 PortableDeviceStatus.dll -> C:\Windows\SysNative\PortableDeviceStatus.dll -> [2011/07/02 02:44:13 | 000,435,712 | ---- | C] (Microsoft Corporation)
 PortableDeviceStatus.dll -> C:\Windows\SysWow64\PortableDeviceStatus.dll -> [2011/07/02 02:44:13 | 000,427,520 | ---- | C] (Microsoft Corporation)
 WMPhoto.dll -> C:\Windows\SysNative\WMPhoto.dll -> [2011/07/02 02:44:13 | 000,392,192 | ---- | C] (Microsoft Corporation)
 WPDSp.dll -> C:\Windows\SysWow64\WPDSp.dll -> [2011/07/02 02:44:13 | 000,350,720 | ---- | C] (Microsoft Corporation)
 WMPhoto.dll -> C:\Windows\SysWow64\WMPhoto.dll -> [2011/07/02 02:44:13 | 000,318,464 | ---- | C] (Microsoft Corporation)
 dot3ui.dll -> C:\Windows\SysNative\dot3ui.dll -> [2011/07/02 02:44:13 | 000,313,344 | ---- | C] (Microsoft Corporation)
 Mystify.scr -> C:\Windows\SysWow64\Mystify.scr -> [2011/07/02 02:44:13 | 000,221,184 | ---- | C] (Microsoft Corporation)
 Ribbons.scr -> C:\Windows\SysWow64\Ribbons.scr -> [2011/07/02 02:44:13 | 000,220,672 | ---- | C] (Microsoft Corporation)
 sqmapi.dll -> C:\Windows\SysWow64\sqmapi.dll -> [2011/07/02 02:44:13 | 000,189,952 | ---- | C] (Microsoft Corporation)
 odbctrac.dll -> C:\Windows\SysWow64\odbctrac.dll -> [2011/07/02 02:44:13 | 000,163,840 | ---- | C] (Microsoft Corporation)
 VBICodec.ax -> C:\Windows\SysWow64\VBICodec.ax -> [2011/07/02 02:44:13 | 000,153,600 | ---- | C] (Microsoft Corporation)
 EhStorAPI.dll -> C:\Windows\SysNative\EhStorAPI.dll -> [2011/07/02 02:44:13 | 000,144,896 | ---- | C] (Microsoft Corporation)
 powercfg.cpl -> C:\Windows\SysWow64\powercfg.cpl -> [2011/07/02 02:44:13 | 000,142,336 | ---- | C] (Microsoft Corporation)
 desk.cpl -> C:\Windows\SysNative\desk.cpl -> [2011/07/02 02:44:13 | 000,130,048 | ---- | C] (Microsoft Corporation)
 fphc.dll -> C:\Windows\SysNative\fphc.dll -> [2011/07/02 02:44:13 | 000,121,344 | ---- | C] (Microsoft Corporation)
 dot3msm.dll -> C:\Windows\SysWow64\dot3msm.dll -> [2011/07/02 02:44:13 | 000,115,200 | ---- | C] (Microsoft Corporation)
 wiavideo.dll -> C:\Windows\SysWow64\wiavideo.dll -> [2011/07/02 02:44:13 | 000,109,568 | ---- | C] (Microsoft Corporation)
 Kswdmcap.ax -> C:\Windows\SysWow64\Kswdmcap.ax -> [2011/07/02 02:44:13 | 000,107,008 | ---- | C] (Microsoft Corporation)
 QSVRMGMT.DLL -> C:\Windows\SysWow64\QSVRMGMT.DLL -> [2011/07/02 02:44:13 | 000,099,328 | ---- | C] (Microsoft Corporation)
 fphc.dll -> C:\Windows\SysWow64\fphc.dll -> [2011/07/02 02:44:13 | 000,098,304 | ---- | C] (Microsoft Corporation)
 avifil32.dll -> C:\Windows\SysWow64\avifil32.dll -> [2011/07/02 02:44:13 | 000,091,648 | ---- | C] (Microsoft Corporation)
 amstream.dll -> C:\Windows\SysNative\amstream.dll -> [2011/07/02 02:44:13 | 000,089,088 | ---- | C] (Microsoft Corporation)
 olethk32.dll -> C:\Windows\SysWow64\olethk32.dll -> [2011/07/02 02:44:13 | 000,077,824 | ---- | C] (Microsoft Corporation)
 mapistub.dll -> C:\Windows\SysWow64\mapistub.dll -> [2011/07/02 02:44:13 | 000,076,800 | ---- | C] (Microsoft Corporation)
 mapi32.dll -> C:\Windows\SysWow64\mapi32.dll -> [2011/07/02 02:44:13 | 000,076,800 | ---- | C] (Microsoft Corporation)
 Mpeg2Data.ax -> C:\Windows\SysWow64\Mpeg2Data.ax -> [2011/07/02 02:44:13 | 000,072,704 | ---- | C] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2011/07/02 02:44:13 | 000,067,072 | ---- | C] (Microsoft Corporation)
 takeown.exe -> C:\Windows\SysNative\takeown.exe -> [2011/07/02 02:44:13 | 000,063,488 | ---- | C] (Microsoft Corporation)
 PnPUnattend.exe -> C:\Windows\SysNative\PnPUnattend.exe -> [2011/07/02 02:44:13 | 000,062,976 | ---- | C] (Microsoft Corporation)
 ncryptui.dll -> C:\Windows\SysWow64\ncryptui.dll -> [2011/07/02 02:44:13 | 000,060,928 | ---- | C] (Microsoft Corporation)
 takeown.exe -> C:\Windows\SysWow64\takeown.exe -> [2011/07/02 02:44:13 | 000,051,200 | ---- | C] (Microsoft Corporation)
 tsgqec.dll -> C:\Windows\SysWow64\tsgqec.dll -> [2011/07/02 02:44:13 | 000,036,864 | ---- | C] (Microsoft Corporation)
 utildll.dll -> C:\Windows\SysWow64\utildll.dll -> [2011/07/02 02:44:13 | 000,031,744 | ---- | C] (Microsoft Corporation)
 WMSPDMOD.DLL -> C:\Windows\SysWow64\WMSPDMOD.DLL -> [2011/07/02 02:44:12 | 000,739,328 | ---- | C] (Microsoft Corporation)
 WUDFx.dll -> C:\Windows\SysNative\WUDFx.dll -> [2011/07/02 02:44:12 | 000,681,472 | ---- | C] (Microsoft Corporation)
 wmdrmnet.dll -> C:\Windows\SysWow64\wmdrmnet.dll -> [2011/07/02 02:44:12 | 000,436,736 | ---- | C] (Microsoft Corporation)
 qdv.dll -> C:\Windows\SysWow64\qdv.dll -> [2011/07/02 02:44:12 | 000,283,136 | ---- | C] (Microsoft Corporation)
 msnetobj.dll -> C:\Windows\SysWow64\msnetobj.dll -> [2011/07/02 02:44:12 | 000,265,216 | ---- | C] (Microsoft Corporation)
 WUDFHost.exe -> C:\Windows\SysNative\WUDFHost.exe -> [2011/07/02 02:44:12 | 000,226,816 | ---- | C] (Microsoft Corporation)
 imagehlp.dll -> C:\Windows\SysWow64\imagehlp.dll -> [2011/07/02 02:44:12 | 000,155,136 | ---- | C] (Microsoft Corporation)
 EhStorAPI.dll -> C:\Windows\SysWow64\EhStorAPI.dll -> [2011/07/02 02:44:12 | 000,128,512 | ---- | C] (Microsoft Corporation)
 sppinst.dll -> C:\Windows\SysWow64\sppinst.dll -> [2011/07/02 02:44:12 | 000,100,864 | ---- | C] (Microsoft Corporation)
 cmstp.exe -> C:\Windows\SysNative\cmstp.exe -> [2011/07/02 02:44:12 | 000,092,160 | ---- | C] (Microsoft Corporation)
 cmstp.exe -> C:\Windows\SysWow64\cmstp.exe -> [2011/07/02 02:44:12 | 000,084,992 | ---- | C] (Microsoft Corporation)
 QCLIPROV.DLL -> C:\Windows\SysNative\QCLIPROV.DLL -> [2011/07/02 02:44:12 | 000,079,872 | ---- | C] (Microsoft Corporation)
 psisrndr.ax -> C:\Windows\SysWow64\psisrndr.ax -> [2011/07/02 02:44:12 | 000,075,776 | ---- | C] (Microsoft Corporation)
 MSDvbNP.ax -> C:\Windows\SysNative\MSDvbNP.ax -> [2011/07/02 02:44:12 | 000,075,776 | ---- | C] (Microsoft Corporation)
 fdProxy.dll -> C:\Windows\SysNative\fdProxy.dll -> [2011/07/02 02:44:12 | 000,074,240 | ---- | C] (Microsoft Corporation)
 netapi32.dll -> C:\Windows\SysNative\netapi32.dll -> [2011/07/02 02:44:12 | 000,072,704 | ---- | C] (Microsoft Corporation)
 QCLIPROV.DLL -> C:\Windows\SysWow64\QCLIPROV.DLL -> [2011/07/02 02:44:12 | 000,071,680 | ---- | C] (Microsoft Corporation)
 CertPolEng.dll -> C:\Windows\SysNative\CertPolEng.dll -> [2011/07/02 02:44:12 | 000,071,680 | ---- | C] (Microsoft Corporation)
 MuiUnattend.exe -> C:\Windows\SysWow64\MuiUnattend.exe -> [2011/07/02 02:44:12 | 000,070,656 | ---- | C] (Microsoft Corporation)
 cca.dll -> C:\Windows\SysWow64\cca.dll -> [2011/07/02 02:44:12 | 000,066,560 | ---- | C] (Microsoft Corporation)
 WavDest.dll -> C:\Windows\SysNative\WavDest.dll -> [2011/07/02 02:44:12 | 000,061,952 | ---- | C] (Microsoft Corporation)
 djoin.exe -> C:\Windows\SysNative\djoin.exe -> [2011/07/02 02:44:12 | 000,061,440 | ---- | C] (Microsoft Corporation)
 vfwwdm32.dll -> C:\Windows\SysWow64\vfwwdm32.dll -> [2011/07/02 02:44:12 | 000,056,832 | ---- | C] (Microsoft Corporation)
 wsnmp32.dll -> C:\Windows\SysWow64\wsnmp32.dll -> [2011/07/02 02:44:12 | 000,051,712 | ---- | C] (Microsoft Corporation)
 MultiDigiMon.exe -> C:\Windows\SysNative\MultiDigiMon.exe -> [2011/07/02 02:44:12 | 000,051,712 | ---- | C] (Microsoft Corporation)
 pdhui.dll -> C:\Windows\SysWow64\pdhui.dll -> [2011/07/02 02:44:12 | 000,046,592 | ---- | C] (Microsoft Corporation)
 shimgvw.dll -> C:\Windows\SysNative\shimgvw.dll -> [2011/07/02 02:44:12 | 000,037,376 | ---- | C] (Microsoft Corporation)
 HotStartUserAgent.dll -> C:\Windows\SysNative\HotStartUserAgent.dll -> [2011/07/02 02:44:12 | 000,027,136 | ---- | C] (Microsoft Corporation)
 nrpsrv.dll -> C:\Windows\SysNative\nrpsrv.dll -> [2011/07/02 02:44:12 | 000,015,360 | ---- | C] (Microsoft Corporation)
 IMJP10.IME -> C:\Windows\SysWow64\IMJP10.IME -> [2011/07/02 02:44:11 | 001,027,584 | ---- | C] (Microsoft Corporation)
 FXSTIFF.dll -> C:\Windows\SysNative\FXSTIFF.dll -> [2011/07/02 02:44:11 | 000,434,688 | ---- | C] (Microsoft Corporation)
 RMActivate_ssp.exe -> C:\Windows\SysNative\RMActivate_ssp.exe -> [2011/07/02 02:44:11 | 000,306,688 | ---- | C] (Microsoft Corporation)
 RMActivate_ssp_isv.exe -> C:\Windows\SysNative\RMActivate_ssp_isv.exe -> [2011/07/02 02:44:11 | 000,305,152 | ---- | C] (Microsoft Corporation)
 itircl.dll -> C:\Windows\SysNative\itircl.dll -> [2011/07/02 02:44:11 | 000,194,048 | ---- | C] (Microsoft Corporation)
 msorcl32.dll -> C:\Windows\SysWow64\msorcl32.dll -> [2011/07/02 02:44:11 | 000,176,128 | ---- | C] (Microsoft Corporation)
 diskpart.exe -> C:\Windows\SysNative\diskpart.exe -> [2011/07/02 02:44:11 | 000,166,400 | ---- | C] (Microsoft Corporation)
 itircl.dll -> C:\Windows\SysWow64\itircl.dll -> [2011/07/02 02:44:11 | 000,158,720 | ---- | C] (Microsoft Corporation)
 iscsicli.exe -> C:\Windows\SysNative\iscsicli.exe -> [2011/07/02 02:44:11 | 000,152,064 | ---- | C] (Microsoft Corporation)
 iscsicli.exe -> C:\Windows\SysWow64\iscsicli.exe -> [2011/07/02 02:44:11 | 000,144,896 | ---- | C] (Microsoft Corporation)
 wmpps.dll -> C:\Windows\SysWow64\wmpps.dll -> [2011/07/02 02:44:11 | 000,144,384 | ---- | C] (Microsoft Corporation)
 mydocs.dll -> C:\Windows\SysNative\mydocs.dll -> [2011/07/02 02:44:11 | 000,143,360 | ---- | C] (Microsoft Corporation)
 mydocs.dll -> C:\Windows\SysWow64\mydocs.dll -> [2011/07/02 02:44:11 | 000,136,192 | ---- | C] (Microsoft Corporation)
 diskpart.exe -> C:\Windows\SysWow64\diskpart.exe -> [2011/07/02 02:44:11 | 000,133,632 | ---- | C] (Microsoft Corporation)
 desk.cpl -> C:\Windows\SysWow64\desk.cpl -> [2011/07/02 02:44:11 | 000,128,000 | ---- | C] (Microsoft Corporation)
 setupcln.dll -> C:\Windows\SysWow64\setupcln.dll -> [2011/07/02 02:44:11 | 000,115,712 | ---- | C] (Microsoft Corporation)
 eappgnui.dll -> C:\Windows\SysNative\eappgnui.dll -> [2011/07/02 02:44:11 | 000,103,936 | ---- | C] (Microsoft Corporation)
 dot3msm.dll -> C:\Windows\SysNative\dot3msm.dll -> [2011/07/02 02:44:11 | 000,103,936 | ---- | C] (Microsoft Corporation)
 mobsync.exe -> C:\Windows\SysNative\mobsync.exe -> [2011/07/02 02:44:11 | 000,102,400 | ---- | C] (Microsoft Corporation)
 secproc_ssp_isv.dll -> C:\Windows\SysWow64\secproc_ssp_isv.dll -> [2011/07/02 02:44:11 | 000,085,504 | ---- | C] (Microsoft Corporation)
 secproc_ssp.dll -> C:\Windows\SysWow64\secproc_ssp.dll -> [2011/07/02 02:44:11 | 000,085,504 | ---- | C] (Microsoft Corporation)
 resutils.dll -> C:\Windows\SysWow64\resutils.dll -> [2011/07/02 02:44:11 | 000,071,168 | ---- | C] (Microsoft Corporation)
 amstream.dll -> C:\Windows\SysWow64\amstream.dll -> [2011/07/02 02:44:11 | 000,070,656 | ---- | C] (Microsoft Corporation)
 rastapi.dll -> C:\Windows\SysWow64\rastapi.dll -> [2011/07/02 02:44:11 | 000,069,632 | ---- | C] (Microsoft Corporation)
 CertPolEng.dll -> C:\Windows\SysWow64\CertPolEng.dll -> [2011/07/02 02:44:11 | 000,065,024 | ---- | C] (Microsoft Corporation)
 spbcd.dll -> C:\Windows\SysWow64\spbcd.dll -> [2011/07/02 02:44:11 | 000,061,952 | ---- | C] (Microsoft Corporation)
 browcli.dll -> C:\Windows\SysNative\browcli.dll -> [2011/07/02 02:44:11 | 000,058,880 | ---- | C] (Microsoft Corporation)
 g711codc.ax -> C:\Windows\SysNative\g711codc.ax -> [2011/07/02 02:44:11 | 000,057,856 | ---- | C] (Microsoft Corporation)
 wuauclt.exe -> C:\Windows\SysNative\wuauclt.exe -> [2011/07/02 02:44:11 | 000,051,200 | ---- | C] (Microsoft Corporation)
 ksxbar.ax -> C:\Windows\SysWow64\ksxbar.ax -> [2011/07/02 02:44:11 | 000,048,640 | ---- | C] (Microsoft Corporation)
 wkscli.dll -> C:\Windows\SysWow64\wkscli.dll -> [2011/07/02 02:44:11 | 000,047,104 | ---- | C] (Microsoft Corporation)
 vbisurf.ax -> C:\Windows\SysNative\vbisurf.ax -> [2011/07/02 02:44:11 | 000,043,520 | ---- | C] (Microsoft Corporation)
 relog.exe -> C:\Windows\SysNative\relog.exe -> [2011/07/02 02:44:11 | 000,043,008 | ---- | C] (Microsoft Corporation)
 mciqtz32.dll -> C:\Windows\SysNative\mciqtz32.dll -> [2011/07/02 02:44:11 | 000,041,472 | ---- | C] (Microsoft Corporation)
 relog.exe -> C:\Windows\SysWow64\relog.exe -> [2011/07/02 02:44:11 | 000,037,888 | ---- | C] (Microsoft Corporation)
 wuapp.exe -> C:\Windows\SysNative\wuapp.exe -> [2011/07/02 02:44:11 | 000,036,864 | ---- | C] (Microsoft Corporation)
 choice.exe -> C:\Windows\SysNative\choice.exe -> [2011/07/02 02:44:11 | 000,036,864 | ---- | C] (Microsoft Corporation)
 msdmo.dll -> C:\Windows\SysNative\msdmo.dll -> [2011/07/02 02:44:11 | 000,035,840 | ---- | C] (Microsoft Corporation)
 AzSqlExt.dll -> C:\Windows\SysWow64\AzSqlExt.dll -> [2011/07/02 02:44:11 | 000,028,160 | ---- | C] (Microsoft Corporation)
 netiougc.exe -> C:\Windows\SysWow64\netiougc.exe -> [2011/07/02 02:44:11 | 000,025,600 | ---- | C] (Microsoft Corporation)
 netbtugc.exe -> C:\Windows\SysWow64\netbtugc.exe -> [2011/07/02 02:44:11 | 000,024,064 | ---- | C] (Microsoft Corporation)
 syssetup.dll -> C:\Windows\SysWow64\syssetup.dll -> [2011/07/02 02:44:11 | 000,014,848 | ---- | C] (Microsoft Corporation)
 BWUnpairElevated.dll -> C:\Windows\SysNative\BWUnpairElevated.dll -> [2011/07/02 02:44:11 | 000,014,848 | ---- | C] (Microsoft Corporation)
 sscore.dll -> C:\Windows\SysNative\sscore.dll -> [2011/07/02 02:44:11 | 000,013,312 | ---- | C] (Microsoft Corporation)
 onexui.dll -> C:\Windows\SysNative\onexui.dll -> [2011/07/02 02:44:10 | 001,080,320 | ---- | C] (Microsoft Corporation)
 RMActivate_ssp.exe -> C:\Windows\SysWow64\RMActivate_ssp.exe -> [2011/07/02 02:44:10 | 000,280,064 | ---- | C] (Microsoft Corporation)
 RMActivate_ssp_isv.exe -> C:\Windows\SysWow64\RMActivate_ssp_isv.exe -> [2011/07/02 02:44:10 | 000,278,016 | ---- | C] (Microsoft Corporation)
 sppc.dll -> C:\Windows\SysNative\sppc.dll -> [2011/07/02 02:44:10 | 000,145,920 | ---- | C] (Microsoft Corporation)
 sppc.dll -> C:\Windows\SysWow64\sppc.dll -> [2011/07/02 02:44:10 | 000,121,344 | ---- | C] (Microsoft Corporation)
 mobsync.exe -> C:\Windows\SysWow64\mobsync.exe -> [2011/07/02 02:44:10 | 000,101,376 | ---- | C] (Microsoft Corporation)
 eappgnui.dll -> C:\Windows\SysWow64\eappgnui.dll -> [2011/07/02 02:44:10 | 000,094,208 | ---- | C] (Microsoft Corporation)
 iccvid.dll -> C:\Windows\SysWow64\iccvid.dll -> [2011/07/02 02:44:10 | 000,082,944 | ---- | C] (Radius Inc.)
 manage-bde.exe -> C:\Windows\SysNative\manage-bde.exe -> [2011/07/02 02:44:10 | 000,079,872 | ---- | C] (Microsoft Corporation)
 imagehlp.dll -> C:\Windows\SysNative\imagehlp.dll -> [2011/07/02 02:44:10 | 000,076,800 | ---- | C] (Microsoft Corporation)
 cabinet.dll -> C:\Windows\SysWow64\cabinet.dll -> [2011/07/02 02:44:10 | 000,073,216 | ---- | C] (Microsoft Corporation)
 findstr.exe -> C:\Windows\SysNative\findstr.exe -> [2011/07/02 02:44:10 | 000,071,168 | ---- | C] (Microsoft Corporation)
 tlscsp.dll -> C:\Windows\SysWow64\tlscsp.dll -> [2011/07/02 02:44:10 | 000,069,632 | ---- | C] (Microsoft Corporation)
 inetmib1.dll -> C:\Windows\SysNative\inetmib1.dll -> [2011/07/02 02:44:10 | 000,065,536 | ---- | C] (Microsoft Corporation)
 findstr.exe -> C:\Windows\SysWow64\findstr.exe -> [2011/07/02 02:44:10 | 000,062,976 | ---- | C] (Microsoft Corporation)
 MSDvbNP.ax -> C:\Windows\SysWow64\MSDvbNP.ax -> [2011/07/02 02:44:10 | 000,059,904 | ---- | C] (Microsoft Corporation)
 repair-bde.exe -> C:\Windows\SysNative\repair-bde.exe -> [2011/07/02 02:44:10 | 000,051,712 | ---- | C] (Microsoft Corporation)
 luainstall.dll -> C:\Windows\SysNative\luainstall.dll -> [2011/07/02 02:44:10 | 000,048,640 | ---- | C] (Microsoft Corporation)
 wdiasqmmodule.dll -> C:\Windows\SysNative\wdiasqmmodule.dll -> [2011/07/02 02:44:10 | 000,036,352 | ---- | C] (Microsoft Corporation)
 mciqtz32.dll -> C:\Windows\SysWow64\mciqtz32.dll -> [2011/07/02 02:44:10 | 000,036,352 | ---- | C] (Microsoft Corporation)
 wuapp.exe -> C:\Windows\SysWow64\wuapp.exe -> [2011/07/02 02:44:10 | 000,033,792 | ---- | C] (Microsoft Corporation)
 WerFaultSecure.exe -> C:\Windows\SysWow64\WerFaultSecure.exe -> [2011/07/02 02:44:10 | 000,028,672 | ---- | C] (Microsoft Corporation)
 schedcli.dll -> C:\Windows\SysNative\schedcli.dll -> [2011/07/02 02:44:10 | 000,024,064 | ---- | C] (Microsoft Corporation)
 ReAgentc.exe -> C:\Windows\SysWow64\ReAgentc.exe -> [2011/07/02 02:44:10 | 000,022,016 | ---- | C] (Microsoft Corporation)
 muifontsetup.dll -> C:\Windows\SysWow64\muifontsetup.dll -> [2011/07/02 02:44:10 | 000,013,312 | ---- | C] (Microsoft Corporation)
 UIRibbonRes.dll -> C:\Windows\SysWow64\UIRibbonRes.dll -> [2011/07/02 02:44:09 | 001,164,800 | ---- | C] (Microsoft Corporation)
 UIRibbonRes.dll -> C:\Windows\SysNative\UIRibbonRes.dll -> [2011/07/02 02:44:09 | 001,164,800 | ---- | C] (Microsoft Corporation)
 RDPENCDD.dll -> C:\Windows\SysNative\RDPENCDD.dll -> [2011/07/02 02:44:09 | 000,147,456 | ---- | C] (Microsoft Corporation)
 odbcconf.dll -> C:\Windows\SysNative\odbcconf.dll -> [2011/07/02 02:44:09 | 000,053,248 | ---- | C] (Microsoft Corporation)
 inetmib1.dll -> C:\Windows\SysWow64\inetmib1.dll -> [2011/07/02 02:44:09 | 000,052,736 | ---- | C] (Microsoft Corporation)
 g711codc.ax -> C:\Windows\SysWow64\g711codc.ax -> [2011/07/02 02:44:09 | 000,045,568 | ---- | C] (Microsoft Corporation)
 WUDFCoinstaller.dll -> C:\Windows\SysNative\WUDFCoinstaller.dll -> [2011/07/02 02:44:09 | 000,044,544 | ---- | C] (Microsoft Corporation)
 luainstall.dll -> C:\Windows\SysWow64\luainstall.dll -> [2011/07/02 02:44:09 | 000,041,984 | ---- | C] (Microsoft Corporation)
 FXSMON.dll -> C:\Windows\SysNative\FXSMON.dll -> [2011/07/02 02:44:09 | 000,041,984 | ---- | C] (Microsoft Corporation)
 browcli.dll -> C:\Windows\SysWow64\browcli.dll -> [2011/07/02 02:44:09 | 000,041,984 | ---- | C] (Microsoft Corporation)
 odbcconf.dll -> C:\Windows\SysWow64\odbcconf.dll -> [2011/07/02 02:44:09 | 000,040,960 | ---- | C] (Microsoft Corporation)
 shimgvw.dll -> C:\Windows\SysWow64\shimgvw.dll -> [2011/07/02 02:44:09 | 000,035,840 | ---- | C] (Microsoft Corporation)
 unlodctr.exe -> C:\Windows\SysWow64\unlodctr.exe -> [2011/07/02 02:44:09 | 000,034,304 | ---- | C] (Microsoft Corporation)
 vbisurf.ax -> C:\Windows\SysWow64\vbisurf.ax -> [2011/07/02 02:44:09 | 000,033,792 | ---- | C] (Microsoft Corporation)
 profprov.dll -> C:\Windows\SysNative\profprov.dll -> [2011/07/02 02:44:09 | 000,033,792 | ---- | C] (Microsoft Corporation)
 msdmo.dll -> C:\Windows\SysWow64\msdmo.dll -> [2011/07/02 02:44:09 | 000,030,720 | ---- | C] (Microsoft Corporation)
 wups.dll -> C:\Windows\SysWow64\wups.dll -> [2011/07/02 02:44:09 | 000,027,648 | ---- | C] (Microsoft Corporation)
 tdi.sys -> C:\Windows\SysNative\drivers\tdi.sys -> [2011/07/02 02:44:09 | 000,026,624 | ---- | C] (Microsoft Corporation)
 elsTrans.dll -> C:\Windows\SysNative\elsTrans.dll -> [2011/07/02 02:44:09 | 000,025,600 | ---- | C] (Microsoft Corporation)
 TRAPI.dll -> C:\Windows\SysNative\TRAPI.dll -> [2011/07/02 02:44:09 | 000,021,504 | ---- | C] (Microsoft Corporation)
 rdprefdrvapi.dll -> C:\Windows\SysWow64\rdprefdrvapi.dll -> [2011/07/02 02:44:09 | 000,021,504 | ---- | C] (Microsoft Corporation)
 spopk.dll -> C:\Windows\SysWow64\spopk.dll -> [2011/07/02 02:44:09 | 000,019,968 | ---- | C] (Microsoft Corporation)
 spopk.dll -> C:\Windows\SysNative\spopk.dll -> [2011/07/02 02:44:09 | 000,018,944 | ---- | C] (Microsoft Corporation)
 fixmapi.exe -> C:\Windows\SysNative\fixmapi.exe -> [2011/07/02 02:44:09 | 000,017,920 | ---- | C] (Microsoft Corporation)
 perfts.dll -> C:\Windows\SysWow64\perfts.dll -> [2011/07/02 02:44:09 | 000,017,408 | ---- | C] (Microsoft Corporation)
 msfeedssync.exe -> C:\Windows\SysNative\msfeedssync.exe -> [2011/07/02 02:44:09 | 000,012,288 | ---- | C] (Microsoft Corporation)
 napdsnap.dll -> C:\Windows\SysNative\napdsnap.dll -> [2011/07/02 02:44:08 | 000,072,192 | ---- | C] (Microsoft Corporation)
 dsauth.dll -> C:\Windows\SysNative\dsauth.dll -> [2011/07/02 02:44:08 | 000,036,864 | ---- | C] (Microsoft Corporation)
 LogonUI.exe -> C:\Windows\SysNative\LogonUI.exe -> [2011/07/02 02:44:08 | 000,027,648 | ---- | C] (Microsoft Corporation)
 cscdll.dll -> C:\Windows\SysNative\cscdll.dll -> [2011/07/02 02:44:07 | 000,030,208 | ---- | C] (Microsoft Corporation)
 rdprefdrvapi.dll -> C:\Windows\SysNative\rdprefdrvapi.dll -> [2011/07/02 02:44:07 | 000,023,040 | ---- | C] (Microsoft Corporation)
 elsTrans.dll -> C:\Windows\SysWow64\elsTrans.dll -> [2011/07/02 02:44:07 | 000,022,528 | ---- | C] (Microsoft Corporation)
 TRAPI.dll -> C:\Windows\SysWow64\TRAPI.dll -> [2011/07/02 02:44:07 | 000,021,504 | ---- | C] (Microsoft Corporation)
 FXSUNATD.exe -> C:\Windows\SysNative\FXSUNATD.exe -> [2011/07/02 02:44:07 | 000,018,432 | ---- | C] (Microsoft Corporation)
 msfeedssync.exe -> C:\Windows\SysWow64\msfeedssync.exe -> [2011/07/02 02:44:07 | 000,012,800 | ---- | C] (Microsoft Corporation)
 bitsperf.dll -> C:\Windows\SysNative\bitsperf.dll -> [2011/07/02 02:44:06 | 000,024,576 | ---- | C] (Microsoft Corporation)
 bitsperf.dll -> C:\Windows\SysWow64\bitsperf.dll -> [2011/07/02 02:44:06 | 000,019,456 | ---- | C] (Microsoft Corporation)
 imkr80.ime -> C:\Windows\SysNative\imkr80.ime -> [2011/07/02 02:44:05 | 000,457,216 | ---- | C] (Microsoft Corporation)
 napdsnap.dll -> C:\Windows\SysWow64\napdsnap.dll -> [2011/07/02 02:44:05 | 000,068,096 | ---- | C] (Microsoft Corporation)
 wups2.dll -> C:\Windows\SysNative\wups2.dll -> [2011/07/02 02:44:05 | 000,037,376 | ---- | C] (Microsoft Corporation)
 usbrpm.sys -> C:\Windows\SysNative\drivers\usbrpm.sys -> [2011/07/02 02:44:05 | 000,031,744 | ---- | C] (Microsoft Corporation)
 dsauth.dll -> C:\Windows\SysWow64\dsauth.dll -> [2011/07/02 02:44:05 | 000,030,208 | ---- | C] (Microsoft Corporation)
 schedcli.dll -> C:\Windows\SysWow64\schedcli.dll -> [2011/07/02 02:44:05 | 000,017,408 | ---- | C] (Microsoft Corporation)
 html.iec -> C:\Windows\SysNative\html.iec -> [2011/07/02 02:44:03 | 000,482,816 | ---- | C] (Microsoft Corporation)
 imkr80.ime -> C:\Windows\SysWow64\imkr80.ime -> [2011/07/02 02:44:03 | 000,430,080 | ---- | C] (Microsoft Corporation)
 wups.dll -> C:\Windows\SysNative\wups.dll -> [2011/07/02 02:44:03 | 000,033,280 | ---- | C] (Microsoft Corporation)
 shgina.dll -> C:\Windows\SysNative\shgina.dll -> [2011/07/02 02:44:03 | 000,028,160 | ---- | C] (Microsoft Corporation)
 wsdchngr.dll -> C:\Windows\SysNative\wsdchngr.dll -> [2011/07/02 02:44:03 | 000,026,112 | ---- | C] (Microsoft Corporation)
 wsdchngr.dll -> C:\Windows\SysWow64\wsdchngr.dll -> [2011/07/02 02:44:03 | 000,021,504 | ---- | C] (Microsoft Corporation)
 shgina.dll -> C:\Windows\SysWow64\shgina.dll -> [2011/07/02 02:44:03 | 000,020,992 | ---- | C] (Microsoft Corporation)
 sscore.dll -> C:\Windows\SysWow64\sscore.dll -> [2011/07/02 02:44:03 | 000,009,728 | ---- | C] (Microsoft Corporation)
 riched32.dll -> C:\Windows\SysWow64\riched32.dll -> [2011/07/02 02:44:03 | 000,008,704 | ---- | C] (Microsoft Corporation)
 wow64win.dll -> C:\Windows\SysNative\wow64win.dll -> [2011/07/02 02:44:02 | 000,361,984 | ---- | C] (Microsoft Corporation)
 USBCAMD2.sys -> C:\Windows\SysNative\drivers\USBCAMD2.sys -> [2011/07/02 02:44:02 | 000,032,896 | ---- | C] (Microsoft Corporation)
 wshirda.dll -> C:\Windows\SysNative\wshirda.dll -> [2011/07/02 02:44:02 | 000,013,824 | ---- | C] (Microsoft Corporation)
 wow64cpu.dll -> C:\Windows\SysNative\wow64cpu.dll -> [2011/07/02 02:44:02 | 000,013,312 | ---- | C] (Microsoft Corporation)
 html.iec -> C:\Windows\SysWow64\html.iec -> [2011/07/02 02:44:01 | 000,386,048 | ---- | C] (Microsoft Corporation)
 C_ISCII.DLL -> C:\Windows\SysNative\C_ISCII.DLL -> [2011/07/02 02:44:01 | 000,013,312 | ---- | C] (Microsoft Corporation)
 wshirda.dll -> C:\Windows\SysWow64\wshirda.dll -> [2011/07/02 02:44:01 | 000,011,264 | ---- | C] (Microsoft Corporation)
 riched32.dll -> C:\Windows\SysNative\riched32.dll -> [2011/07/02 02:44:01 | 000,010,752 | ---- | C] (Microsoft Corporation)
 rdpcfgex.dll -> C:\Windows\SysNative\rdpcfgex.dll -> [2011/07/02 02:44:01 | 000,010,240 | ---- | C] (Microsoft Corporation)
 spwmp.dll -> C:\Windows\SysNative\spwmp.dll -> [2011/07/02 02:44:01 | 000,009,728 | ---- | C] (Microsoft Corporation)
 spwmp.dll -> C:\Windows\SysWow64\spwmp.dll -> [2011/07/02 02:44:01 | 000,008,192 | ---- | C] (Microsoft Corporation)
 shunimpl.dll -> C:\Windows\SysNative\shunimpl.dll -> [2011/07/02 02:44:00 | 000,011,264 | ---- | C] (Microsoft Corporation)
 C_ISCII.DLL -> C:\Windows\SysWow64\C_ISCII.DLL -> [2011/07/02 02:44:00 | 000,011,264 | ---- | C] (Microsoft Corporation)
 shunimpl.dll -> C:\Windows\SysWow64\shunimpl.dll -> [2011/07/02 02:44:00 | 000,010,752 | ---- | C] (Microsoft Corporation)
 msdxm.ocx -> C:\Windows\SysNative\msdxm.ocx -> [2011/07/02 02:44:00 | 000,005,120 | ---- | C] (Microsoft Corporation)
 dxmasf.dll -> C:\Windows\SysNative\dxmasf.dll -> [2011/07/02 02:44:00 | 000,005,120 | ---- | C] (Microsoft Corporation)
 msdxm.ocx -> C:\Windows\SysWow64\msdxm.ocx -> [2011/07/02 02:44:00 | 000,004,096 | ---- | C] (Microsoft Corporation)
 dxmasf.dll -> C:\Windows\SysWow64\dxmasf.dll -> [2011/07/02 02:44:00 | 000,004,096 | ---- | C] (Microsoft Corporation)
 api-ms-win-core-ums-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-ums-l1-1-0.dll -> [2011/07/02 02:44:00 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 wmploc.DLL -> C:\Windows\SysNative\wmploc.DLL -> [2011/07/02 02:43:59 | 012,625,920 | ---- | C] (Microsoft Corporation)
 wmploc.DLL -> C:\Windows\SysWow64\wmploc.DLL -> [2011/07/02 02:43:59 | 012,625,408 | ---- | C] (Microsoft Corporation)
 KBDTUQ.DLL -> C:\Windows\SysNative\KBDTUQ.DLL -> [2011/07/02 02:43:59 | 000,008,192 | ---- | C] (Microsoft Corporation)
 KBDTUF.DLL -> C:\Windows\SysNative\KBDTUF.DLL -> [2011/07/02 02:43:59 | 000,008,192 | ---- | C] (Microsoft Corporation)
 KBDSG.DLL -> C:\Windows\SysNative\KBDSG.DLL -> [2011/07/02 02:43:59 | 000,008,192 | ---- | C] (Microsoft Corporation)
 kbdlk41a.dll -> C:\Windows\SysNative\kbdlk41a.dll -> [2011/07/02 02:43:59 | 000,008,192 | ---- | C] (Microsoft Corporation)
 KBDGKL.DLL -> C:\Windows\SysNative\KBDGKL.DLL -> [2011/07/02 02:43:59 | 000,008,192 | ---- | C] (Microsoft Corporation)
 KBDCZ1.DLL -> C:\Windows\SysNative\KBDCZ1.DLL -> [2011/07/02 02:43:59 | 000,008,192 | ---- | C] (Microsoft Corporation)
 KBDTUQ.DLL -> C:\Windows\SysWow64\KBDTUQ.DLL -> [2011/07/02 02:43:59 | 000,007,680 | ---- | C] (Microsoft Corporation)
 KBDTUF.DLL -> C:\Windows\SysWow64\KBDTUF.DLL -> [2011/07/02 02:43:59 | 000,007,680 | ---- | C] (Microsoft Corporation)
 KBDSG.DLL -> C:\Windows\SysWow64\KBDSG.DLL -> [2011/07/02 02:43:59 | 000,007,680 | ---- | C] (Microsoft Corporation)
 KBDSF.DLL -> C:\Windows\SysNative\KBDSF.DLL -> [2011/07/02 02:43:59 | 000,007,680 | ---- | C] (Microsoft Corporation)
 KBDPO.DLL -> C:\Windows\SysNative\KBDPO.DLL -> [2011/07/02 02:43:59 | 000,007,680 | ---- | C] (Microsoft Corporation)
 KBDNEPR.DLL -> C:\Windows\SysNative\KBDNEPR.DLL -> [2011/07/02 02:43:59 | 000,007,680 | ---- | C] (Microsoft Corporation)
 kbdlk41a.dll -> C:\Windows\SysWow64\kbdlk41a.dll -> [2011/07/02 02:43:59 | 000,007,680 | ---- | C] (Microsoft Corporation)
 KBDINTAM.DLL -> C:\Windows\SysNative\KBDINTAM.DLL -> [2011/07/02 02:43:59 | 000,007,680 | ---- | C] (Microsoft Corporation)
 KBDINBEN.DLL -> C:\Windows\SysNative\KBDINBEN.DLL -> [2011/07/02 02:43:59 | 000,007,680 | ---- | C] (Microsoft Corporation)
 KBDGR1.DLL -> C:\Windows\SysWow64\KBDGR1.DLL -> [2011/07/02 02:43:59 | 000,007,680 | ---- | C] (Microsoft Corporation)
 KBDGR1.DLL -> C:\Windows\SysNative\KBDGR1.DLL -> [2011/07/02 02:43:59 | 000,007,680 | ---- | C] (Microsoft Corporation)
 KBDGKL.DLL -> C:\Windows\SysWow64\KBDGKL.DLL -> [2011/07/02 02:43:59 | 000,007,680 | ---- | C] (Microsoft Corporation)
 KBDCZ1.DLL -> C:\Windows\SysWow64\KBDCZ1.DLL -> [2011/07/02 02:43:59 | 000,007,680 | ---- | C] (Microsoft Corporation)
 KBDINHIN.DLL -> C:\Windows\SysWow64\KBDINHIN.DLL -> [2011/07/02 02:43:59 | 000,007,168 | ---- | C] (Microsoft Corporation)
 KBDUS.DLL -> C:\Windows\SysWow64\KBDUS.DLL -> [2011/07/02 02:43:59 | 000,006,656 | ---- | C] (Microsoft Corporation)
 KBDTURME.DLL -> C:\Windows\SysWow64\KBDTURME.DLL -> [2011/07/02 02:43:59 | 000,006,656 | ---- | C] (Microsoft Corporation)
 KBDTAJIK.DLL -> C:\Windows\SysWow64\KBDTAJIK.DLL -> [2011/07/02 02:43:59 | 000,006,656 | ---- | C] (Microsoft Corporation)
 KBDMON.DLL -> C:\Windows\SysWow64\KBDMON.DLL -> [2011/07/02 02:43:59 | 000,006,656 | ---- | C] (Microsoft Corporation)
 KBDINTEL.DLL -> C:\Windows\SysWow64\KBDINTEL.DLL -> [2011/07/02 02:43:59 | 000,006,656 | ---- | C] (Microsoft Corporation)
 KBDGEO.DLL -> C:\Windows\SysWow64\KBDGEO.DLL -> [2011/07/02 02:43:59 | 000,006,656 | ---- | C] (Microsoft Corporation)
 KBDGEO.DLL -> C:\Windows\SysNative\KBDGEO.DLL -> [2011/07/02 02:43:59 | 000,006,656 | ---- | C] (Microsoft Corporation)
 KBDBLR.DLL -> C:\Windows\SysWow64\KBDBLR.DLL -> [2011/07/02 02:43:59 | 000,006,656 | ---- | C] (Microsoft Corporation)
 nlsbres.dll -> C:\Windows\SysWow64\nlsbres.dll -> [2011/07/02 02:43:58 | 000,069,120 | ---- | C] (Microsoft Corporation)
 nlsbres.dll -> C:\Windows\SysNative\nlsbres.dll -> [2011/07/02 02:43:58 | 000,069,120 | ---- | C] (Microsoft Corporation)
 BlbEvents.dll -> C:\Windows\SysNative\BlbEvents.dll -> [2011/07/02 02:43:58 | 000,052,736 | ---- | C] (Microsoft Corporation)
 pifmgr.dll -> C:\Windows\SysWow64\pifmgr.dll -> [2011/07/02 02:43:58 | 000,035,328 | ---- | C] (Microsoft Corporation)
 pifmgr.dll -> C:\Windows\SysNative\pifmgr.dll -> [2011/07/02 02:43:58 | 000,035,328 | ---- | C] (Microsoft Corporation)
 spwizres.dll -> C:\Windows\SysWow64\spwizres.dll -> [2011/07/02 02:43:58 | 000,007,680 | ---- | C] (Microsoft Corporation)
 spwizres.dll -> C:\Windows\SysNative\spwizres.dll -> [2011/07/02 02:43:58 | 000,007,680 | ---- | C] (Microsoft Corporation)
 KBDUS.DLL -> C:\Windows\SysNative\KBDUS.DLL -> [2011/07/02 02:43:58 | 000,007,168 | ---- | C] (Microsoft Corporation)
 KBDUGHR1.DLL -> C:\Windows\SysNative\KBDUGHR1.DLL -> [2011/07/02 02:43:58 | 000,007,168 | ---- | C] (Microsoft Corporation)
 KBDTURME.DLL -> C:\Windows\SysNative\KBDTURME.DLL -> [2011/07/02 02:43:58 | 000,007,168 | ---- | C] (Microsoft Corporation)
 KBDTAJIK.DLL -> C:\Windows\SysNative\KBDTAJIK.DLL -> [2011/07/02 02:43:58 | 000,007,168 | ---- | C] (Microsoft Corporation)
 KBDSF.DLL -> C:\Windows\SysWow64\KBDSF.DLL -> [2011/07/02 02:43:58 | 000,007,168 | ---- | C] (Microsoft Corporation)
 KBDPO.DLL -> C:\Windows\SysWow64\KBDPO.DLL -> [2011/07/02 02:43:58 | 000,007,168 | ---- | C] (Microsoft Corporation)
 KBDNEPR.DLL -> C:\Windows\SysWow64\KBDNEPR.DLL -> [2011/07/02 02:43:58 | 000,007,168 | ---- | C] (Microsoft Corporation)
 KBDMON.DLL -> C:\Windows\SysNative\KBDMON.DLL -> [2011/07/02 02:43:58 | 000,007,168 | ---- | C] (Microsoft Corporation)
 KBDMAORI.DLL -> C:\Windows\SysNative\KBDMAORI.DLL -> [2011/07/02 02:43:58 | 000,007,168 | ---- | C] (Microsoft Corporation)
 KBDLT1.DLL -> C:\Windows\SysNative\KBDLT1.DLL -> [2011/07/02 02:43:58 | 000,007,168 | ---- | C] (Microsoft Corporation)
 KBDINTEL.DLL -> C:\Windows\SysNative\KBDINTEL.DLL -> [2011/07/02 02:43:58 | 000,007,168 | ---- | C] (Microsoft Corporation)
 KBDINTAM.DLL -> C:\Windows\SysWow64\KBDINTAM.DLL -> [2011/07/02 02:43:58 | 000,007,168 | ---- | C] (Microsoft Corporation)
 KBDINORI.DLL -> C:\Windows\SysWow64\KBDINORI.DLL -> [2011/07/02 02:43:58 | 000,007,168 | ---- | C] (Microsoft Corporation)
 KBDINORI.DLL -> C:\Windows\SysNative\KBDINORI.DLL -> [2011/07/02 02:43:58 | 000,007,168 | ---- | C] (Microsoft Corporation)
 KBDINMAR.DLL -> C:\Windows\SysWow64\KBDINMAR.DLL -> [2011/07/02 02:43:58 | 000,007,168 | ---- | C] (Microsoft Corporation)
 KBDINMAR.DLL -> C:\Windows\SysNative\KBDINMAR.DLL -> [2011/07/02 02:43:58 | 000,007,168 | ---- | C] (Microsoft Corporation)
 KBDINKAN.DLL -> C:\Windows\SysWow64\KBDINKAN.DLL -> [2011/07/02 02:43:58 | 000,007,168 | ---- | C] (Microsoft Corporation)
 KBDINKAN.DLL -> C:\Windows\SysNative\KBDINKAN.DLL -> [2011/07/02 02:43:58 | 000,007,168 | ---- | C] (Microsoft Corporation)
 KBDINHIN.DLL -> C:\Windows\SysNative\KBDINHIN.DLL -> [2011/07/02 02:43:58 | 000,007,168 | ---- | C] (Microsoft Corporation)
 KBDINBEN.DLL -> C:\Windows\SysWow64\KBDINBEN.DLL -> [2011/07/02 02:43:58 | 000,007,168 | ---- | C] (Microsoft Corporation)
 KBDBULG.DLL -> C:\Windows\SysNative\KBDBULG.DLL -> [2011/07/02 02:43:58 | 000,007,168 | ---- | C] (Microsoft Corporation)
 KBDBLR.DLL -> C:\Windows\SysNative\KBDBLR.DLL -> [2011/07/02 02:43:58 | 000,007,168 | ---- | C] (Microsoft Corporation)
 KBDBASH.DLL -> C:\Windows\SysNative\KBDBASH.DLL -> [2011/07/02 02:43:58 | 000,007,168 | ---- | C] (Microsoft Corporation)
 KBDUGHR1.DLL -> C:\Windows\SysWow64\KBDUGHR1.DLL -> [2011/07/02 02:43:58 | 000,006,656 | ---- | C] (Microsoft Corporation)
 KBDMAORI.DLL -> C:\Windows\SysWow64\KBDMAORI.DLL -> [2011/07/02 02:43:58 | 000,006,656 | ---- | C] (Microsoft Corporation)
 KBDLT1.DLL -> C:\Windows\SysWow64\KBDLT1.DLL -> [2011/07/02 02:43:58 | 000,006,656 | ---- | C] (Microsoft Corporation)
 KBDBULG.DLL -> C:\Windows\SysWow64\KBDBULG.DLL -> [2011/07/02 02:43:58 | 000,006,656 | ---- | C] (Microsoft Corporation)
 KBDBASH.DLL -> C:\Windows\SysWow64\KBDBASH.DLL -> [2011/07/02 02:43:58 | 000,006,656 | ---- | C] (Microsoft Corporation)
 dpnaddr.dll -> C:\Windows\SysNative\dpnaddr.dll -> [2011/07/02 02:43:58 | 000,003,072 | ---- | C] (Microsoft Corporation)
 dpnaddr.dll -> C:\Windows\SysWow64\dpnaddr.dll -> [2011/07/02 02:43:58 | 000,002,560 | ---- | C] (Microsoft Corporation)
 PkgMgr.exe -> C:\Windows\SysWow64\PkgMgr.exe -> [2011/07/02 02:43:49 | 000,209,920 | ---- | C] (Microsoft Corporation)
 wdscore.dll -> C:\Windows\SysWow64\wdscore.dll -> [2011/07/02 02:43:49 | 000,189,952 | ---- | C] (Microsoft Corporation)
 drvstore.dll -> C:\Windows\SysWow64\drvstore.dll -> [2011/07/02 02:43:43 | 000,323,072 | ---- | C] (Microsoft Corporation)
 dpx.dll -> C:\Windows\SysWow64\dpx.dll -> [2011/07/02 02:43:43 | 000,257,024 | ---- | C] (Microsoft Corporation)
 wbemcomn.dll -> C:\Windows\SysNative\wbemcomn.dll -> [2011/07/02 02:42:54 | 000,529,408 | ---- | C] (Microsoft Corporation)
 wmicmiplugin.dll -> C:\Windows\SysNative\wmicmiplugin.dll -> [2011/07/02 02:42:54 | 000,524,288 | ---- | C] (Microsoft Corporation)
 SmiEngine.dll -> C:\Windows\SysNative\SmiEngine.dll -> [2011/07/02 02:42:49 | 000,933,376 | ---- | C] (Microsoft Corporation)
 PkgMgr.exe -> C:\Windows\SysNative\PkgMgr.exe -> [2011/07/02 02:42:46 | 000,199,168 | ---- | C] (Microsoft Corporation)
 drvstore.dll -> C:\Windows\SysNative\drvstore.dll -> [2011/07/02 02:42:33 | 000,422,912 | ---- | C] (Microsoft Corporation)
 dpx.dll -> C:\Windows\SysNative\dpx.dll -> [2011/07/02 02:42:33 | 000,399,872 | ---- | C] (Microsoft Corporation)
 Google Chrome -> C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome -> [2011/07/01 23:19:26 | 000,000,000 | ---D | C]
 Deployment -> C:\Users\Cathy\AppData\Local\Deployment -> [2011/06/30 22:00:53 | 000,000,000 | ---D | C]
 Apps -> C:\Users\Cathy\AppData\Local\Apps -> [2011/06/30 22:00:53 | 000,000,000 | ---D | C]
 en -> C:\Windows\en -> [2011/06/30 18:23:52 | 000,000,000 | ---D | C]
 Windows Live -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live -> [2011/06/30 18:23:42 | 000,000,000 | R--D | C]
 Windows Live -> C:\Program Files\Windows Live -> [2011/06/30 18:22:26 | 000,000,000 | ---D | C]
 XAudio2_5.dll -> C:\Windows\SysWow64\XAudio2_5.dll -> [2011/06/30 18:21:11 | 000,515,416 | ---- | C] (Microsoft Corporation)
 XAPOFX1_3.dll -> C:\Windows\SysWow64\XAPOFX1_3.dll -> [2011/06/30 18:21:11 | 000,069,464 | ---- | C] (Microsoft Corporation)
 d3dx10_42.dll -> C:\Windows\SysNative\d3dx10_42.dll -> [2011/06/30 18:21:09 | 000,523,088 | ---- | C] (Microsoft Corporation)
 d3dx10_42.dll -> C:\Windows\SysWow64\d3dx10_42.dll -> [2011/06/30 18:21:09 | 000,453,456 | ---- | C] (Microsoft Corporation)
 Windows Live -> C:\Users\Cathy\AppData\Local\Windows Live -> [2011/06/30 18:20:06 | 000,000,000 | ---D | C]
 aswBoot.exe -> C:\Windows\SysNative\aswBoot.exe -> [2011/06/29 19:50:59 | 000,253,888 | ---- | C] (AVAST Software)
 AVAST Software -> C:\ProgramData\AVAST Software -> [2011/06/29 19:50:34 | 000,000,000 | ---D | C]
 AVAST Software -> C:\Program Files\AVAST Software -> [2011/06/29 19:50:34 | 000,000,000 | ---D | C]
 drvinst.exe -> C:\Windows\SysWow64\drvinst.exe -> [2011/06/29 19:14:35 | 000,252,928 | ---- | C] (Microsoft Corporation)
 cfgmgr32.dll -> C:\Windows\SysNative\cfgmgr32.dll -> [2011/06/29 19:14:35 | 000,207,872 | ---- | C] (Microsoft Corporation)
 devrtl.dll -> C:\Windows\SysWow64\devrtl.dll -> [2011/06/29 19:14:35 | 000,044,544 | ---- | C] (Microsoft Corporation)
 tquery.dll -> C:\Windows\SysNative\tquery.dll -> [2011/06/29 19:14:29 | 002,315,776 | ---- | C] (Microsoft Corporation)
 mssrch.dll -> C:\Windows\SysNative\mssrch.dll -> [2011/06/29 19:14:29 | 002,223,616 | ---- | C] (Microsoft Corporation)
 tquery.dll -> C:\Windows\SysWow64\tquery.dll -> [2011/06/29 19:14:29 | 001,549,312 | ---- | C] (Microsoft Corporation)
 mssrch.dll -> C:\Windows\SysWow64\mssrch.dll -> [2011/06/29 19:14:29 | 001,401,344 | ---- | C] (Microsoft Corporation)
 mssvp.dll -> C:\Windows\SysNative\mssvp.dll -> [2011/06/29 19:14:28 | 000,778,752 | ---- | C] (Microsoft Corporation)
 mssvp.dll -> C:\Windows\SysWow64\mssvp.dll -> [2011/06/29 19:14:28 | 000,666,624 | ---- | C] (Microsoft Corporation)
 mssph.dll -> C:\Windows\SysNative\mssph.dll -> [2011/06/29 19:14:28 | 000,491,520 | ---- | C] (Microsoft Corporation)
 mssph.dll -> C:\Windows\SysWow64\mssph.dll -> [2011/06/29 19:14:28 | 000,337,408 | ---- | C] (Microsoft Corporation)
 mssphtb.dll -> C:\Windows\SysNative\mssphtb.dll -> [2011/06/29 19:14:28 | 000,288,256 | ---- | C] (Microsoft Corporation)
 SearchProtocolHost.exe -> C:\Windows\SysNative\SearchProtocolHost.exe -> [2011/06/29 19:14:28 | 000,249,856 | ---- | C] (Microsoft Corporation)
 mssphtb.dll -> C:\Windows\SysWow64\mssphtb.dll -> [2011/06/29 19:14:28 | 000,197,120 | ---- | C] (Microsoft Corporation)
 SearchFilterHost.exe -> C:\Windows\SysNative\SearchFilterHost.exe -> [2011/06/29 19:14:28 | 000,113,664 | ---- | C] (Microsoft Corporation)
 msscntrs.dll -> C:\Windows\SysNative\msscntrs.dll -> [2011/06/29 19:14:28 | 000,075,264 | ---- | C] (Microsoft Corporation)
 msscntrs.dll -> C:\Windows\SysWow64\msscntrs.dll -> [2011/06/29 19:14:27 | 000,059,392 | ---- | C] (Microsoft Corporation)
 48f0b1d1bef8a61d3a -> C:\48f0b1d1bef8a61d3a -> [2011/06/29 18:43:01 | 000,000,000 | ---D | C]
 FWPKCLNT.SYS -> C:\Windows\SysNative\drivers\FWPKCLNT.SYS -> [2011/06/16 19:58:26 | 000,288,640 | ---- | C] (Microsoft Corporation)
 msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2011/06/16 19:58:02 | 000,702,464 | ---- | C] (Microsoft Corporation)
 msfeeds.dll -> C:\Windows\SysWow64\msfeeds.dll -> [2011/06/16 19:58:02 | 000,599,552 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2011/06/16 19:57:59 | 000,247,808 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2011/06/16 19:57:59 | 000,176,640 | ---- | C] (Microsoft Corporation)
 d3d10_1core.dll -> C:\Windows\SysNative\d3d10_1core.dll -> [2011/06/16 19:57:19 | 000,321,024 | ---- | C] (Microsoft Corporation)
 d3d10_1core.dll -> C:\Windows\SysWow64\d3d10_1core.dll -> [2011/06/16 19:57:19 | 000,219,136 | ---- | C] (Microsoft Corporation)
 d3d10_1.dll -> C:\Windows\SysNative\d3d10_1.dll -> [2011/06/16 19:57:19 | 000,197,120 | ---- | C] (Microsoft Corporation)
 d3d10_1.dll -> C:\Windows\SysWow64\d3d10_1.dll -> [2011/06/16 19:57:19 | 000,161,792 | ---- | C] (Microsoft Corporation)
 oleaut32.dll -> C:\Windows\SysNative\oleaut32.dll -> [2011/06/16 19:57:10 | 000,861,696 | ---- | C] (Microsoft Corporation)
 FlashPlayerCPLApp.cpl -> C:\Windows\SysWow64\FlashPlayerCPLApp.cpl -> [2011/06/15 22:09:34 | 000,404,640 | ---- | C] (Adobe Systems Incorporated)
 Midnight Synergy -> C:\Users\Cathy\AppData\Local\Midnight Synergy -> [2011/06/13 22:44:33 | 000,000,000 | -H-D | C]
 Big Fish Games -> C:\ProgramData\Big Fish Games -> [2011/06/13 22:42:57 | 000,000,000 | ---D | C]
 dleainpa.dll -> C:\Windows\SysWow64\dleainpa.dll -> [2010/07/25 16:51:56 | 000,364,544 | ---- | C] ( )
 dleaiesc.dll -> C:\Windows\SysWow64\dleaiesc.dll -> [2010/07/25 16:51:56 | 000,344,064 | ---- | C] ( )
 dleapmui.dll -> C:\Windows\SysWow64\dleapmui.dll -> [2010/07/25 16:51:55 | 000,643,072 | ---- | C] ( )
 dleausb1.dll -> C:\Windows\SysWow64\dleausb1.dll -> [2010/07/25 16:51:54 | 000,847,872 | ---- | C] ( )
 dleaserv.dll -> C:\Windows\SysWow64\dleaserv.dll -> [2010/07/25 16:51:53 | 001,048,576 | ---- | C] ( )
 dlealmpm.dll -> C:\Windows\SysWow64\dlealmpm.dll -> [2010/07/25 16:51:52 | 000,577,536 | ---- | C] ( )
 dleaih.exe -> C:\Windows\SysWow64\dleaih.exe -> [2010/07/25 16:51:52 | 000,324,264 | ---- | C] ( )
 dleahbn3.dll -> C:\Windows\SysWow64\dleahbn3.dll -> [2010/07/25 16:51:51 | 000,688,128 | ---- | C] ( )
 dleacoms.exe -> C:\Windows\SysWow64\dleacoms.exe -> [2010/07/25 16:51:51 | 000,598,696 | ---- | C] ( )
 dleacomc.dll -> C:\Windows\SysWow64\dleacomc.dll -> [2010/07/25 16:51:50 | 000,802,816 | ---- | C] ( )
 dleacfg.exe -> C:\Windows\SysWow64\dleacfg.exe -> [2010/07/25 16:51:50 | 000,373,416 | ---- | C] ( )
 dleacomm.dll -> C:\Windows\SysWow64\dleacomm.dll -> [2010/07/25 16:51:50 | 000,372,736 | ---- | C] ( )
 4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> 
 4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 OTS.exe -> C:\Users\Cathy\Desktop\OTS.exe -> [2011/07/09 20:57:24 | 000,645,120 | ---- | M] (OldTimer Tools)
 GoogleUpdateTaskUserS-1-5-21-1004034769-3964568363-3058316472-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1004034769-3964568363-3058316472-1000UA.job -> [2011/07/09 20:23:01 | 000,000,908 | ---- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2011/07/09 20:16:15 | 000,000,896 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2011/07/09 15:16:01 | 000,000,892 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/07/09 14:33:52 | 000,014,240 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/07/09 14:33:52 | 000,014,240 | -H-- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2011/07/09 14:29:16 | 000,726,316 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2011/07/09 14:29:16 | 000,624,178 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2011/07/09 14:29:16 | 000,106,522 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2011/07/09 14:24:40 | 000,067,584 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2011/07/09 14:24:31 | 505,696,255 | -HS- | M] ()
 GoogleUpdateTaskUserS-1-5-21-1004034769-3964568363-3058316472-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1004034769-3964568363-3058316472-1000Core.job -> [2011/07/08 23:23:01 | 000,000,856 | ---- | M] ()
 SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2011/07/07 21:50:35 | 000,001,810 | ---- | M] ()
 config.nt -> C:\Windows\SysWow64\config.nt -> [2011/07/07 21:41:13 | 000,000,000 | ---- | M] ()
 hosts -> C:\Windows\SysNative\drivers\etc\hosts -> [2011/07/06 21:54:59 | 000,000,021 | RHS- | M] ()
 cComboFix.exe -> C:\Users\Cathy\Desktop\cComboFix.exe -> [2011/07/05 21:08:21 | 004,131,692 | R--- | M] (Swearware)
 MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2011/07/05 20:35:06 | 1398,852,491 | ---- | M] ()
 nsreg.dat -> C:\Windows\nsreg.dat -> [2011/07/04 11:20:21 | 000,000,000 | ---- | M] ()
 Mozilla Firefox.lnk -> C:\Users\Public\Desktop\Mozilla Firefox.lnk -> [2011/07/04 11:20:17 | 000,001,100 | ---- | M] ()
 MGlogs.zip -> C:\MGlogs.zip -> [2011/07/04 11:11:17 | 000,131,887 | ---- | M] ()
 avastSS.scr -> C:\Windows\avastSS.scr -> [2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software)
 aswBoot.exe -> C:\Windows\SysWow64\aswBoot.exe -> [2011/07/04 07:43:51 | 000,199,304 | ---- | M] (AVAST Software)
 aswBoot.exe -> C:\Windows\SysNative\aswBoot.exe -> [2011/07/04 07:43:42 | 000,253,888 | ---- | M] (AVAST Software)
 aswSnx.sys -> C:\Windows\SysNative\drivers\aswSnx.sys -> [2011/07/04 07:36:56 | 000,600,920 | ---- | M] (AVAST Software)
 aswSP.sys -> C:\Windows\SysNative\drivers\aswSP.sys -> [2011/07/04 07:36:54 | 000,288,088 | ---- | M] (AVAST Software)
 aswTdi.sys -> C:\Windows\SysNative\drivers\aswTdi.sys -> [2011/07/04 07:35:28 | 000,045,400 | ---- | M] (AVAST Software)
 aswRdr.sys -> C:\Windows\SysNative\drivers\aswRdr.sys -> [2011/07/04 07:32:35 | 000,031,064 | ---- | M] (AVAST Software)
 aswMonFlt.sys -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2011/07/04 07:32:24 | 000,064,856 | ---- | M] (AVAST Software)
 aswFsBlk.sys -> C:\Windows\SysNative\drivers\aswFsBlk.sys -> [2011/07/04 07:32:14 | 000,022,360 | ---- | M] (AVAST Software)
 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2011/07/04 03:03:24 | 000,389,096 | ---- | M] ()
 resmon.resmoncfg -> C:\Users\Cathy\AppData\Local\resmon.resmoncfg -> [2011/07/03 22:48:38 | 000,000,017 | ---- | M] ()
 msclmd.dll -> C:\Windows\SysNative\msclmd.dll -> [2011/07/03 19:34:37 | 000,175,616 | ---- | M] (Microsoft Corporation)
 msclmd.dll -> C:\Windows\SysWow64\msclmd.dll -> [2011/07/03 19:34:37 | 000,152,576 | ---- | M] (Microsoft Corporation)
 hosts.trb -> C:\Windows\SysNative\drivers\etc\hosts.trb -> [2011/07/03 18:47:32 | 000,000,027 | ---- | M] ()
 epplauncher.mif -> C:\Windows\epplauncher.mif -> [2011/07/03 12:50:45 | 000,001,945 | ---- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2011/07/02 23:32:51 | 000,743,534 | ---- | M] ()
 Google Chrome.lnk -> C:\Users\Cathy\Desktop\Google Chrome.lnk -> [2011/07/01 23:19:30 | 000,002,318 | ---- | M] ()
 Launch Internet Explorer Browser.lnk -> C:\Users\Cathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> [2011/06/30 18:33:34 | 000,001,403 | ---- | M] ()
 ~39575288 -> C:\ProgramData\~39575288 -> [2011/06/29 12:30:49 | 000,000,040 | -H-- | M] ()
 PEV.exe -> C:\Windows\PEV.exe -> [2011/06/26 02:45:56 | 000,256,000 | ---- | M] ()
 FlashPlayerCPLApp.cpl -> C:\Windows\SysWow64\FlashPlayerCPLApp.cpl -> [2011/06/15 22:09:34 | 000,404,640 | ---- | M] (Adobe Systems Incorporated)
 More Great Games.lnk -> C:\Users\Public\Desktop\More Great Games.lnk -> [2011/06/13 22:44:17 | 000,001,326 | ---- | M] ()
 Game Manager.lnk -> C:\Users\Cathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk -> [2011/06/13 22:42:52 | 000,001,724 | ---- | M] ()
 Game Manager.lnk -> C:\Users\Public\Desktop\Game Manager.lnk -> [2011/06/13 22:42:52 | 000,001,700 | ---- | M] ()
 4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> 
 4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> 
 
[Files - No Company Name]
 SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2011/07/07 21:50:35 | 000,001,810 | ---- | C] ()
 PEV.exe -> C:\Windows\PEV.exe -> [2011/07/05 21:11:26 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\Windows\MBR.exe -> [2011/07/05 21:11:26 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\Windows\sed.exe -> [2011/07/05 21:11:26 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\Windows\grep.exe -> [2011/07/05 21:11:26 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\Windows\zip.exe -> [2011/07/05 21:11:26 | 000,068,096 | ---- | C] ()
 nsreg.dat -> C:\Windows\nsreg.dat -> [2011/07/04 11:20:21 | 000,000,000 | ---- | C] ()
 Mozilla Firefox.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> [2011/07/04 11:20:17 | 000,001,112 | ---- | C] ()
 Mozilla Firefox.lnk -> C:\Users\Public\Desktop\Mozilla Firefox.lnk -> [2011/07/04 11:20:17 | 000,001,100 | ---- | C] ()
 MGlogs.zip -> C:\MGlogs.zip -> [2011/07/04 10:56:07 | 000,131,887 | ---- | C] ()
 resmon.resmoncfg -> C:\Users\Cathy\AppData\Local\resmon.resmoncfg -> [2011/07/03 22:48:38 | 000,000,017 | ---- | C] ()
 epplauncher.mif -> C:\Windows\epplauncher.mif -> [2011/07/02 23:33:05 | 000,001,945 | ---- | C] ()
 PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2011/07/02 23:32:51 | 000,743,534 | ---- | C] ()
 systemsf.ebd -> C:\Windows\SysNative\systemsf.ebd -> [2011/07/02 02:45:23 | 000,347,904 | ---- | C] ()
 ScavengeSpace.xml -> C:\Windows\SysNative\ScavengeSpace.xml -> [2011/07/02 02:44:10 | 000,010,429 | ---- | C] ()
 RacRules.xml -> C:\Windows\SysWow64\RacRules.xml -> [2011/07/02 02:43:57 | 000,105,559 | ---- | C] ()
 RacRules.xml -> C:\Windows\SysNative\RacRules.xml -> [2011/07/02 02:43:57 | 000,105,559 | ---- | C] ()
 tcpbidi.xml -> C:\Windows\SysWow64\tcpbidi.xml -> [2011/07/02 02:43:48 | 000,001,041 | ---- | C] ()
 Google Chrome.lnk -> C:\Users\Cathy\Desktop\Google Chrome.lnk -> [2011/07/01 23:19:30 | 000,002,318 | ---- | C] ()
 GoogleUpdateTaskUserS-1-5-21-1004034769-3964568363-3058316472-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1004034769-3964568363-3058316472-1000UA.job -> [2011/07/01 23:18:57 | 000,000,908 | ---- | C] ()
 GoogleUpdateTaskUserS-1-5-21-1004034769-3964568363-3058316472-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1004034769-3964568363-3058316472-1000Core.job -> [2011/07/01 23:18:57 | 000,000,856 | ---- | C] ()
 Windows Live Movie Maker.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> [2011/06/30 18:23:40 | 000,001,267 | ---- | C] ()
 Windows Live Photo Gallery.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> [2011/06/30 18:23:27 | 000,001,336 | ---- | C] ()
 Windows Live Mail.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> [2011/06/30 18:23:13 | 000,001,420 | ---- | C] ()
 Windows Live Messenger.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> [2011/06/30 18:22:59 | 000,002,448 | ---- | C] ()
 config.nt -> C:\Windows\SysWow64\config.nt -> [2011/06/29 19:50:59 | 000,000,000 | ---- | C] ()
 ~39575288 -> C:\ProgramData\~39575288 -> [2011/06/29 12:30:48 | 000,000,040 | -H-- | C] ()
 More Great Games.lnk -> C:\Users\Public\Desktop\More Great Games.lnk -> [2011/06/13 22:44:17 | 000,001,326 | ---- | C] ()
 Game Manager.lnk -> C:\Users\Public\Desktop\Game Manager.lnk -> [2011/06/13 22:42:52 | 000,001,700 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Cathy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/12/15 04:45:30 | 000,004,608 | ---- | C] ()
 popcinfo.dat -> C:\Windows\popcinfo.dat -> [2010/08/13 16:40:52 | 000,000,016 | ---- | C] ()
 ezsidmv.dat -> C:\ProgramData\ezsidmv.dat -> [2010/08/01 15:09:08 | 000,000,048 | -H-- | C] ()
 dleacomx.dll -> C:\Windows\SysWow64\dleacomx.dll -> [2010/07/25 16:51:57 | 000,344,064 | ---- | C] ()
 DLEAinst.dll -> C:\Windows\SysWow64\DLEAinst.dll -> [2010/07/25 16:51:57 | 000,331,776 | ---- | C] ()
 dleainsr.dll -> C:\Windows\SysWow64\dleainsr.dll -> [2010/07/25 16:51:56 | 000,106,496 | ---- | C] ()
 dleajswr.dll -> C:\Windows\SysWow64\dleajswr.dll -> [2010/07/25 16:51:56 | 000,057,344 | ---- | C] ()
 dleainsb.dll -> C:\Windows\SysWow64\dleainsb.dll -> [2010/07/25 16:51:55 | 000,262,144 | ---- | C] ()
 dleacur.dll -> C:\Windows\SysWow64\dleacur.dll -> [2010/07/25 16:51:55 | 000,036,864 | ---- | C] ()
 dleains.dll -> C:\Windows\SysWow64\dleains.dll -> [2010/07/25 16:51:54 | 000,323,584 | ---- | C] ()
 dleacu.dll -> C:\Windows\SysWow64\dleacu.dll -> [2010/07/25 16:51:54 | 000,253,952 | ---- | C] ()
 dleacub.dll -> C:\Windows\SysWow64\dleacub.dll -> [2010/07/25 16:51:54 | 000,090,112 | ---- | C] ()
 DLEAcfg.dll -> C:\Windows\SysWow64\DLEAcfg.dll -> [2010/07/25 16:51:49 | 000,086,180 | ---- | C] ()
 DLEAsm.dll -> C:\Windows\SysWow64\DLEAsm.dll -> [2010/07/25 16:50:23 | 000,299,008 | ---- | C] ()
 DLEAsmr.dll -> C:\Windows\SysWow64\DLEAsmr.dll -> [2010/07/25 16:50:23 | 000,028,672 | ---- | C] ()
 CT4CET.bin -> C:\Windows\CT4CET.bin -> [2010/07/17 18:27:26 | 000,000,075 | RHS- | C] ()
 igkrng500.bin -> C:\Windows\SysWow64\igkrng500.bin -> [2010/05/31 04:40:17 | 000,982,220 | ---- | C] ()
 igfcg500.bin -> C:\Windows\SysWow64\igfcg500.bin -> [2010/05/31 04:40:15 | 000,134,592 | ---- | C] ()
 igfcg500m.bin -> C:\Windows\SysWow64\igfcg500m.bin -> [2010/05/31 04:40:15 | 000,092,216 | ---- | C] ()
 igcompkrng500.bin -> C:\Windows\SysWow64\igcompkrng500.bin -> [2010/05/31 04:40:11 | 000,439,300 | ---- | C] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2009/07/14 01:38:36 | 000,067,584 | --S- | C] ()
 NOISE.DAT -> C:\Windows\SysWow64\NOISE.DAT -> [2009/07/13 22:35:51 | 000,000,741 | ---- | C] ()
 dssec.dat -> C:\Windows\SysWow64\dssec.dat -> [2009/07/13 22:34:42 | 000,215,943 | ---- | C] ()
 mib.bin -> C:\Windows\mib.bin -> [2009/07/13 20:10:29 | 000,043,131 | ---- | C] ()
 BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 19:42:10 | 000,064,000 | ---- | C] ()
 msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 17:03:59 | 000,364,544 | ---- | C] ()
 mlang.dat -> C:\Windows\SysWow64\mlang.dat -> [2009/06/10 17:26:10 | 000,673,088 | ---- | C] ()
 missouri.dll -> C:\Windows\SysWow64\missouri.dll -> [2006/11/02 10:12:52 | 000,217,088 | ---- | C] ()
 
[File - Lop Check]
 FixCleaner -> C:\Users\Cathy\AppData\Roaming\FixCleaner -> [2011/07/03 19:16:57 | 000,000,000 | ---D | M]
 FreeFixer -> C:\Users\Cathy\AppData\Roaming\FreeFixer -> [2011/07/04 13:15:12 | 000,000,000 | ---D | M]
 Oberon Media -> C:\Users\Cathy\AppData\Roaming\Oberon Media -> [2011/06/29 19:04:13 | 000,000,000 | ---D | M]
 Playrix Entertainment -> C:\Users\Cathy\AppData\Roaming\Playrix Entertainment -> [2011/01/16 19:46:40 | 000,000,000 | -H-D | M]
 ToolkitCMA -> C:\Users\Cathy\AppData\Roaming\ToolkitCMA -> [2011/06/29 19:04:14 | 000,000,000 | ---D | M]
 Windows Live Writer -> C:\Users\Cathy\AppData\Roaming\Windows Live Writer -> [2011/07/02 15:39:58 | 000,000,000 | ---D | M]
 Xerox -> C:\Users\Cathy\AppData\Roaming\Xerox -> [2011/06/29 19:04:14 | 000,000,000 | ---D | M]
 Xerox -> C:\Users\Tim\AppData\Roaming\Xerox -> [2011/07/06 19:07:43 | 000,000,000 | ---D | M]
 SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2011/07/03 13:58:36 | 000,032,654 | ---- | M] ()
[Custom Scans]
< netsvcs >
< %SYSTEMDRIVE%\*.exe >
< MD5 Scans Start>
< %systemdrive%\EXPLORER.EXE  /md5 /s >
 explorer.exe : MD5=00B0358734CAA32C39D181FE6916B178 -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe -> [2010/07/17 20:52:08 | 002,613,248 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=0862495E0C825893DB75EF44FAEA8E93 -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe -> [2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=0FB9C74046656D1579A64660AD67B746 -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe -> [2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=15BC38A7492BEFE831966ADB477CF76F -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe -> [2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=255CF508D7CFB10E0794D6AC93280BD8 -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe -> [2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=2626FC9755BE22F805D3CFA0CE3EE727 -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe -> [2010/07/17 20:52:21 | 002,614,272 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe -> [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=332FEAB1435662FC6C672E25BEB37BE3 -> C:\Windows\ERDNT\cache86\explorer.exe -> [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=332FEAB1435662FC6C672E25BEB37BE3 -> C:\Windows\explorer.exe -> [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=332FEAB1435662FC6C672E25BEB37BE3 -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe -> [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=3B69712041F3D63605529BD66DC00C48 -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe -> [2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=40D777B7A95E00593EB1568C68514493 -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe -> [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=6D4F9E4B640B413C6F73414327484C80 -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe -> [2010/07/17 20:52:08 | 002,868,736 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=700073016DAC1C3D2E7E2CE4223334B6 -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe -> [2010/07/17 20:52:13 | 002,868,224 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=8B88EBBB05A0E56B7DCC708498C02B3E -> C:\Windows\SysWOW64\explorer.exe -> [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=8B88EBBB05A0E56B7DCC708498C02B3E -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe -> [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=9AAAEC8DAC27AA17B053E6352AD233AE -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe -> [2010/07/17 20:52:21 | 002,870,272 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=9FF6C4C91A3711C0A3B18F87B08B518D -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe -> [2010/07/17 20:52:13 | 002,613,248 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=AC4C51EB24AA95B77F705AB159189E24 -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe -> [2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=B8EC4BD49CE8F6FC457721BFC210B67F -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe -> [2010/07/17 20:52:21 | 002,870,272 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe -> [2010/07/17 20:52:13 | 002,613,248 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe -> [2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=C76153C7ECA00FA852BB0C193378F917 -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe -> [2010/07/17 20:52:21 | 002,614,272 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=CA17F8620815267DC838E30B68CB5052 -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe -> [2010/07/17 20:52:08 | 002,868,736 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=E38899074D4951D31B4040E994DD7C8D -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe -> [2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=F170B4A061C9E026437B193B4D571799 -> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe -> [2010/07/17 20:52:13 | 002,868,224 | ---- | M] (Microsoft Corporation)
 explorer.exe : MD5=FC89FACA0473641CB625EDA9277D0885 -> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe -> [2010/07/17 20:52:08 | 002,613,248 | ---- | M] (Microsoft Corporation)
< %systemdrive%\SVCHOST.EXE  /md5 /s >
 svchost.exe : MD5=54A47F6B5E09A77E61649109C6A08866 -> C:\Windows\ERDNT\cache86\svchost.exe -> [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
 svchost.exe : MD5=54A47F6B5E09A77E61649109C6A08866 -> C:\Windows\SysWOW64\svchost.exe -> [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
 svchost.exe : MD5=54A47F6B5E09A77E61649109C6A08866 -> C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe -> [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
 svchost.exe : MD5=C78655BC80301D76ED4FEF1C1EA40A7D -> C:\Windows\ERDNT\cache64\svchost.exe -> [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation)
 svchost.exe : MD5=C78655BC80301D76ED4FEF1C1EA40A7D -> C:\Windows\SysNative\svchost.exe -> [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation)
 svchost.exe : MD5=C78655BC80301D76ED4FEF1C1EA40A7D -> C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe -> [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation)
< %systemdrive%\USERINIT.EXE  /md5 /s >
 userinit.exe : MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -> C:\Windows\ERDNT\cache86\userinit.exe -> [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation)
 userinit.exe : MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -> C:\Windows\SysWOW64\userinit.exe -> [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation)
 userinit.exe : MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -> C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe -> [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation)
 userinit.exe : MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -> C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe -> [2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation)
 userinit.exe : MD5=6F8F1376A13114CC10C0E69274F5A4DE -> C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe -> [2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation)
 userinit.exe : MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -> C:\Windows\ERDNT\cache64\userinit.exe -> [2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation)
 userinit.exe : MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -> C:\Windows\SysNative\userinit.exe -> [2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation)
 userinit.exe : MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -> C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe -> [2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation)
< %systemdrive%\VOLSNAP.INF  /md5 /s >
 volsnap.inf : MD5=593691C1DC069091778C2FD849031976 -> C:\Windows\inf\volsnap.inf -> [2009/07/14 01:31:48 | 000,001,686 | ---- | M] ()
 volsnap.inf : MD5=593691C1DC069091778C2FD849031976 -> C:\Windows\SysNative\DriverStore\FileRepository\volsnap.inf_amd64_neutral_7499a4fac85b39fc\volsnap.inf -> [2009/07/13 16:17:30 | 000,001,686 | ---- | M] ()
 volsnap.inf : MD5=593691C1DC069091778C2FD849031976 -> C:\Windows\winsxs\amd64_volsnap.inf_31bf3856ad364e35_6.1.7600.16385_none_c994a0d049937743\volsnap.inf -> [2009/07/13 16:17:30 | 000,001,686 | ---- | M] ()
< %systemdrive%\VOLSNAP.INF_LOC  /md5 /s >
 volsnap.inf_loc : MD5=F040058B592FE682204B2FC15DDEAC0D -> C:\Windows\SysNative\DriverStore\en-US\volsnap.inf_loc -> [2009/07/13 22:28:02 | 000,000,198 | ---- | M] ()
 volsnap.inf_loc : MD5=F040058B592FE682204B2FC15DDEAC0D -> C:\Windows\winsxs\amd64_volsnap.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6f581c9c9aef0771\volsnap.inf_loc -> [2009/07/13 22:28:02 | 000,000,198 | ---- | M] ()
< %systemdrive%\VOLSNAP.PNF  /md5 /s >
 volsnap.PNF : MD5=54353746A0A6B4B9AC86EB7C43F16D0F -> C:\Windows\inf\volsnap.PNF -> [2010/07/17 18:20:08 | 000,005,120 | ---- | M] ()
 volsnap.PNF : MD5=EAD92392723316801433419E3B0F4B32 -> C:\Windows\SysNative\DriverStore\FileRepository\volsnap.inf_amd64_neutral_7499a4fac85b39fc\volsnap.PNF -> [2010/07/17 18:20:07 | 000,005,120 | ---- | M] ()
< %systemdrive%\VOLSNAP.SYS  /md5 /s >
 volsnap.sys : MD5=0D08D2F3B3FF84E433346669B5E0F639 -> C:\Windows\SysNative\drivers\volsnap.sys -> [2010/11/20 09:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation)
 volsnap.sys : MD5=0D08D2F3B3FF84E433346669B5E0F639 -> C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys -> [2010/11/20 09:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation)
 volsnap.sys : MD5=0D08D2F3B3FF84E433346669B5E0F639 -> C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys -> [2010/11/20 09:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation)
 volsnap.sys : MD5=58F82EED8CA24B461441F9C3E4F0BF5C -> C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys -> [2009/07/13 21:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation)
< %systemdrive%\VOLSNAP.SYS.MUI  /md5 /s >
 volsnap.sys.mui : MD5=308E04CFA8407B0C7099C9D40BC19023 -> C:\Windows\SysNative\drivers\en-US\volsnap.sys.mui -> [2009/07/13 22:28:14 | 000,023,552 | ---- | M] (Microsoft Corporation)
 volsnap.sys.mui : MD5=308E04CFA8407B0C7099C9D40BC19023 -> C:\Windows\winsxs\amd64_volume.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d71b3bdfd9a663dc\volsnap.sys.mui -> [2009/07/13 22:28:14 | 000,023,552 | ---- | M] (Microsoft Corporation)
< %systemdrive%\WINLOGON.EXE  /md5 /s >
 winlogon.exe : MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -> C:\Windows\ERDNT\cache64\winlogon.exe -> [2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation)
 winlogon.exe : MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -> C:\Windows\SysNative\winlogon.exe -> [2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation)
 winlogon.exe : MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe -> [2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation)
 winlogon.exe : MD5=132328DF455B0028F13BF0ABEE51A63A -> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe -> [2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation)
 winlogon.exe : MD5=A93D41A4D4B0D91C072D11DD8AF266DE -> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe -> [2010/07/17 20:52:21 | 000,389,632 | ---- | M] (Microsoft Corporation)
 winlogon.exe : MD5=DA3E2A6FA9660CC75B471530CE88453A -> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe -> [2010/07/17 20:52:21 | 000,389,632 | ---- | M] (Microsoft Corporation)
< MD5 Scans End>
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS] -> [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS] -> [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL] -> [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\ -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE] -> [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES] -> [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE] -> [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand -> C:\Windows\SysWow64\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW] -> [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand -> C:\Windows\SysWow64\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL] -> [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand -> C:\Windows\SysWow64\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE] -> [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\ -> C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF] -> [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\ -> C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE"] -> [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS] -> [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS] -> [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL] -> [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\ -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE] -> [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES] -> [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE] -> [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand -> C:\Windows\SysNative\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW] -> [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand -> C:\Windows\SysNative\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL] -> [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand -> C:\Windows\SysNative\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE] -> [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\ -> C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF] -> [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\ -> C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE"] -> [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTS Restore Point
 
[Alternate Data Streams]
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:38C4D9C2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F141B68
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:813B8EB6
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >

Jacee · Jul 10, 2011

@ trie66, First... update Java. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says "Java Runtime Environment (JRE) 6u26 allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u26-windows-i586-p.exe to install the newest version.

Next, I'd like you to reset your router and change your password using a "strong" password. Change Passwords | Create Strong Passwords | Microsoft Security

Please let me know if you're still being redirected.

trie66 · Jul 10, 2011

OTS Log

Removed, rebooted, and updated Java. Changed modem password.
Unfortunately, still getting redirected.

I ran the OTS this time while disconnected and have attached the log.

thank you

Browser search links hijacked

New member

My Computer

New member

My Computer

000

My Computer

Consumer Security

My Computer

New member

My Computer

Consumer Security

My Computer

New member

Attachments

My Computer

Consumer Security

My Computer

New member

My Computer

Consumer Security

My Computer

New member

My Computer

Consumer Security

My Computer

Consumer Security

My Computer

New member

My Computer

Consumer Security

My Computer

New member

Attachments

My Computer

Consumer Security

My Computer

New member

My Computer

Consumer Security

My Computer

New member

Attachments

My Computer

Similar threads