Jump to content

ArieS

Honorary Members
  • Posts

    24
  • Joined

  • Last visited

Everything posted by ArieS

  1. And one thing for sure, I won't reinstall Google Chrome. After reading around it seems a lot of Malwares come from Chrome...
  2. ali, I tried a few times to run the fix in OTL and everytime it says Windows has encountered an error. Each time I reboot it's the same. So I decided I'm just gonna format and reinstall Windows. Plus my roommates put a bunch of junk on my PC so... It should take care of everything, right? Thanks a lot for the time you invested trying to help me.
  3. When I zip them it says they are corrupted so I'm not sure you can use them but here they are: detected.zip report.zip
  4. And here's what's in the Report folder: Uploaded with ImageShack.us
  5. This is what I have in the directory and the result pic of the scan... Uploaded with ImageShack.us
  6. Hello ali, I did the full scan, went to C:\ProgramData\Kaspersky Lab\KSS2\DataRoot but I don't see a Htmlreport folder.
  7. OTL logfile created on: 8/17/2012 12:33:37 PM - Run 4 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\ArieS\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.98 Gb Total Physical Memory | 6.51 Gb Available Physical Memory | 81.55% Memory free 15.97 Gb Paging File | 14.28 Gb Available in Paging File | 89.45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119.24 Gb Total Space | 57.46 Gb Free Space | 48.19% Space Free | Partition Type: NTFS Drive D: | 931.51 Gb Total Space | 75.09 Gb Free Space | 8.06% Space Free | Partition Type: NTFS Drive G: | 1863.01 Gb Total Space | 35.39 Gb Free Space | 1.90% Space Free | Partition Type: NTFS Drive I: | 1863.01 Gb Total Space | 82.31 Gb Free Space | 4.42% Space Free | Partition Type: NTFS Drive K: | 1863.01 Gb Total Space | 107.67 Gb Free Space | 5.78% Space Free | Partition Type: NTFS Drive L: | 1863.01 Gb Total Space | 2.33 Gb Free Space | 0.13% Space Free | Partition Type: NTFS Drive M: | 1863.01 Gb Total Space | 102.17 Gb Free Space | 5.48% Space Free | Partition Type: NTFS Drive N: | 2794.39 Gb Total Space | 1.67 Gb Free Space | 0.06% Space Free | Partition Type: NTFS Drive O: | 2794.39 Gb Total Space | 87.67 Gb Free Space | 3.14% Space Free | Partition Type: NTFS Drive P: | 2794.39 Gb Total Space | 153.23 Gb Free Space | 5.48% Space Free | Partition Type: NTFS Computer Name: ARIES-PC | User Name: ArieS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/17 03:38:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\ArieS\Desktop\OTL.exe PRC - [2012/07/30 09:14:34 | 006,241,952 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/07/25 07:29:02 | 001,890,744 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe PRC - [2012/07/20 15:17:14 | 012,218,904 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe PRC - [2012/07/15 02:03:34 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe PRC - [2012/05/24 15:23:28 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe PRC - [2012/01/09 01:18:40 | 000,208,896 | ---- | M] (Kindel Systems) -- C:\Program Files (x86)\Kindel Systems\MCE Controller\MCEControl.exe PRC - [2011/11/28 11:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011/11/28 11:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2009/12/21 09:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe PRC - [2009/11/11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe ========== Modules (No Company Name) ========== MOD - [2012/08/17 12:31:44 | 001,169,408 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\wx._core_.pyd MOD - [2012/08/17 12:31:44 | 001,056,256 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\wx._controls_.pyd MOD - [2012/08/17 12:31:44 | 001,018,368 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\windows._cacheinvalidation.pyd MOD - [2012/08/17 12:31:44 | 000,807,424 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\wx._windows_.pyd MOD - [2012/08/17 12:31:44 | 000,792,576 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\wx._gdi_.pyd MOD - [2012/08/17 12:31:44 | 000,731,136 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\wx._misc_.pyd MOD - [2012/08/17 12:31:44 | 000,645,120 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\_ssl.pyd MOD - [2012/08/17 12:31:44 | 000,585,728 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\unicodedata.pyd MOD - [2012/08/17 12:31:44 | 000,571,392 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\pysqlite2._sqlite.pyd MOD - [2012/08/17 12:31:44 | 000,354,304 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\pythoncom26.dll MOD - [2012/08/17 12:31:44 | 000,311,808 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\_hashlib.pyd MOD - [2012/08/17 12:31:44 | 000,263,168 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\win32com.shell.shell.pyd MOD - [2012/08/17 12:31:44 | 000,153,088 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\pyexpat.pyd MOD - [2012/08/17 12:31:44 | 000,121,856 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\wx._wizard.pyd MOD - [2012/08/17 12:31:44 | 000,111,104 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\win32file.pyd MOD - [2012/08/17 12:31:44 | 000,110,592 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\PyWinTypes26.dll MOD - [2012/08/17 12:31:44 | 000,096,256 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\win32api.pyd MOD - [2012/08/17 12:31:44 | 000,086,016 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\_elementtree.pyd MOD - [2012/08/17 12:31:44 | 000,073,728 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\_ctypes.pyd MOD - [2012/08/17 12:31:44 | 000,070,656 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\wx._html2.pyd MOD - [2012/08/17 12:31:44 | 000,040,448 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\_socket.pyd MOD - [2012/08/17 12:31:44 | 000,039,424 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\win32inet.pyd MOD - [2012/08/17 12:31:44 | 000,036,352 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\win32process.pyd MOD - [2012/08/17 12:31:44 | 000,022,528 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\win32pdh.pyd MOD - [2012/08/17 12:31:44 | 000,017,920 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\win32event.pyd MOD - [2012/08/17 12:31:44 | 000,011,776 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\win32crypt.pyd MOD - [2012/08/17 12:31:44 | 000,011,776 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI10482\select.pyd MOD - [2012/06/14 09:57:34 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/14 09:57:30 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll MOD - [2012/06/14 03:01:14 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/05/12 00:01:13 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll MOD - [2012/05/11 23:58:36 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/11 23:58:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/11 23:58:33 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/11 23:58:30 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/05/24 15:23:28 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV:64bit: - [2012/03/08 22:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/11/28 11:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2010/12/28 01:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE) SRV:64bit: - [2010/04/06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/08/14 20:46:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/05/01 16:35:23 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2012/03/08 23:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/03/08 20:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/12/02 19:38:08 | 000,239,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2011/11/28 10:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2011/11/28 10:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2011/11/28 10:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) DRV:64bit: - [2011/11/28 10:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2011/11/28 10:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2011/11/28 10:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2011/10/17 10:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/07 02:22:00 | 000,065,280 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011/03/07 02:22:00 | 000,040,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2011/01/15 09:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2011/01/13 04:58:00 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/01/10 19:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010/11/20 20:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 20:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010/11/20 20:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/20 20:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/09/21 10:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2012/05/01 16:35:23 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008/11/14 03:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility) DRV - [2008/07/26 22:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- D:\Stuff from XP\RealTemp_360\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0DzyyC0CzztC0CtA0BtDtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=684643346 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0DzyyC0CzztC0CtA0BtDtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=684643346 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0DzyyC0CzztC0CtA0BtDtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=684643346 IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0DzyyC0CzztC0CtA0BtDtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=684643346 IE - HKLM\..\SearchScopes\{6948A73E-7547-7097-31B0-4A719654C8CF}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.babylon.com/?affID=113959&tt=010812_ctrl_3112_3&babsrc=HP_ss&mntrId=d877c3b00000000000001c6f65d96c81 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D1 1F ED 85 04 E7 CC 01 [binary data] IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0DzyyC0CzztC0CtA0BtDtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=684643346 IE - HKCU\..\SearchScopes\{6948A73E-7547-7097-31B0-4A719654C8CF}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113959&tt=010812_ctrl_3112_3&babsrc=SP_ss&mntrId=d877c3b00000000000001c6f65d96c81 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb161/?search={searchTerms}&loc=IB_DS&a=6PQAM7umOE&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.com" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/06/17 12:14:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/06/17 12:14:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.11\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2012/07/20 15:41:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.11\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins [2012/02/09 02:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArieS\AppData\Roaming\Mozilla\Extensions [2012/06/14 10:28:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArieS\AppData\Roaming\Mozilla\SeaMonkey\Profiles\7u709t5g.default\extensions [2012/04/12 15:40:19 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\ArieS\AppData\Roaming\Mozilla\SeaMonkey\Profiles\7u709t5g.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2012/06/14 10:28:38 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\ArieS\AppData\Roaming\Mozilla\SeaMonkey\Profiles\7u709t5g.default\extensions\inspector@mozilla.org [2012/06/17 12:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/03/26 13:24:04 | 000,210,138 | ---- | M] () (No name found) -- C:\USERS\ARIES\APPDATA\ROAMING\MOZILLA\SEAMONKEY\PROFILES\7U709T5G.DEFAULT\EXTENSIONS\{F13B157F-B174-47E7-A34D-4815DDFDFEB8}.XPI ========== Chrome ========== CHR - homepage: http://www.google.com CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=139&systemid=406&sr=0&q={searchTerms} CHR - default_search_provider: suggest_url = , CHR - homepage: http://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: YouTube = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: SpeedDial = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\ CHR - Extension: Google Search = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Babylon Toolbar = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\ CHR - Extension: Web Assistant = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.445_0\ CHR - Extension: avast! WebRep = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\ CHR - Extension: Gmail = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/08/17 12:26:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll File not found O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - Startup: C:\Users\ArieS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MCEControl.exe - Shortcut.lnk = C:\Program Files (x86)\Kindel Systems\MCE Controller\MCEControl.exe (Kindel Systems) O4 - Startup: C:\Users\ArieS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RealTempGT.exe - Shortcut.lnk = D:\Stuff from XP\RealTemp_360\RealTempGT.exe (uWebb Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EDF4867-E3C3-4A9B-AA92-BE130AE133F3}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/03/25 02:25:06 | 000,000,000 | R--D | M] - D:\autorun -- [ NTFS ] O32 - AutoRun File - [2011/07/15 15:57:53 | 000,000,000 | R--D | M] - I:\autorun -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/17 12:26:01 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012/08/17 10:08:57 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\ArieS\Desktop\FSS.exe [2012/08/17 10:01:15 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012/08/17 09:53:29 | 000,000,000 | ---D | C] -- C:\_OTL [2012/08/17 03:38:10 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\ArieS\Desktop\OTL.exe [2012/08/17 03:37:14 | 002,208,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ArieS\Desktop\tdsskiller.exe [2012/08/17 02:10:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/08/17 02:10:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/08/17 02:10:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/08/17 01:59:01 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/08/17 01:58:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/08/17 01:56:43 | 004,732,214 | R--- | C] (Swearware) -- C:\Users\ArieS\Desktop\ComboFix.exe [2012/08/17 01:40:03 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\ArieS\Desktop\dds.scr [2012/08/16 12:58:37 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Local\ElevatedDiagnostics [2012/08/15 15:33:34 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\Wallpapers [2012/08/14 02:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/08/14 02:37:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012/08/14 02:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/08/13 12:44:47 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\-Aeon Nox-Backup [2012/08/12 16:12:26 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\Jaws.1975.BD25.REENCODED.VIDEO.DTSHD [2012/08/10 16:01:14 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\Pics [2012/08/09 02:56:02 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\Drivers [2012/08/07 02:44:46 | 000,049,206 | ---- | C] (SAD) -- C:\Windows\SysWow64\usbpadff.dll [2012/08/07 02:30:39 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\Glide64_Napalm_PR1_2_2 [2012/08/07 02:30:24 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\Roms [2012/08/07 01:58:27 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6 [2012/08/07 01:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project64 1.6 [2012/08/07 01:53:27 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\MameUI64_0.146 [2012/08/07 01:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mame [2012/08/06 12:39:55 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\mupen64plus-bundle-win32-1.99.5 [2012/08/03 01:15:53 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Local\Ilivid Player [2012/08/03 01:15:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Searchqu Toolbar [2012/08/03 01:09:53 | 000,000,000 | ---D | C] -- C:\Win 7 [2012/08/02 16:08:04 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Roaming\ImgBurn [2012/08/02 16:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2012/08/02 16:03:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2012/08/02 15:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012/08/02 15:57:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012/08/02 15:56:54 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Roaming\BabylonToolbar [2012/08/02 15:56:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar [2012/08/02 15:56:40 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Roaming\Babylon [2012/08/02 15:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012/08/02 15:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012/08/02 15:53:36 | 000,045,056 | ---- | C] (Adaptec) -- C:\Windows\SysWow64\WNASPI32.DLL [2012/08/02 15:53:36 | 000,025,244 | ---- | C] (Adaptec) -- C:\Windows\SysWow64\drivers\ASPI32.SYS [2012/08/02 15:53:36 | 000,005,600 | ---- | C] (Adaptec) -- C:\Windows\System\WINASPI.DLL [2012/08/02 15:53:36 | 000,004,672 | ---- | C] (Adaptec) -- C:\Windows\System\WOWPOST.EXE [2012/07/29 16:00:44 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake ========== Files - Modified Within 30 Days ========== [2012/08/17 12:31:49 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/17 12:31:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/17 12:31:14 | 2134,204,415 | -HS- | M] () -- C:\hiberfil.sys [2012/08/17 12:28:29 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/17 12:28:29 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/17 12:26:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/08/17 12:08:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/17 11:46:12 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/17 11:46:12 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/17 11:46:12 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/17 11:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/17 11:08:38 | 000,006,288 | ---- | M] () -- C:\Users\ArieS\Desktop\BITS.reg [2012/08/17 10:08:59 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\ArieS\Desktop\FSS.exe [2012/08/17 03:38:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\ArieS\Desktop\OTL.exe [2012/08/17 03:37:19 | 002,208,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ArieS\Desktop\tdsskiller.exe [2012/08/17 01:56:44 | 004,732,214 | R--- | M] (Swearware) -- C:\Users\ArieS\Desktop\ComboFix.exe [2012/08/17 01:40:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\ArieS\Desktop\dds.scr [2012/08/16 13:40:30 | 000,226,744 | ---- | M] () -- C:\Users\ArieS\Desktop\Network Sharing Set Up.pdf [2012/08/16 11:23:15 | 004,835,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/08/13 13:07:37 | 000,000,132 | ---- | M] () -- C:\Users\ArieS\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012/08/13 12:44:24 | 067,402,113 | ---- | M] () -- C:\Users\ArieS\Desktop\BigNoid-Aeon-Nox-69cd9e0.zip [2012/08/12 16:11:53 | 000,132,087 | ---- | M] () -- C:\Users\ArieS\Desktop\Jaws.1975.BD25.REENCODED.VIDEO.DTSHD.rar [2012/08/07 12:35:09 | 007,479,025 | ---- | M] () -- C:\Users\ArieS\Desktop\Duke Nukem 64.zip [2012/08/07 02:30:10 | 000,982,928 | ---- | M] () -- C:\Users\ArieS\Desktop\Glide64_Napalm_PR1_2_2.zip [2012/08/07 01:43:28 | 014,929,196 | ---- | M] () -- C:\Users\ArieS\Desktop\mame0146b.exe [2012/08/05 11:37:28 | 060,517,176 | ---- | M] () -- C:\Users\ArieS\Desktop\tektagt.zip [2012/08/03 11:19:58 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2012/08/03 11:19:58 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2012/08/02 16:03:08 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012/08/02 15:59:07 | 000,384,844 | ---- | M] () -- C:\Users\ArieS\AppData\Local\funmoods-speeddial.crx [2012/08/02 15:56:52 | 000,000,764 | ---- | M] () -- C:\user.js [2012/07/26 16:05:22 | 001,029,080 | ---- | M] () -- C:\Users\ArieS\Desktop\Nexus 7.irl [2012/07/24 15:49:52 | 001,327,376 | ---- | M] () -- C:\Users\ArieS\Desktop\iRule iPod HTTP Nexus 232.irl [2012/07/23 11:22:40 | 001,230,632 | ---- | M] () -- C:\Users\ArieS\Desktop\iRule iPod 232 Nexus 232.irl [2012/07/20 15:41:00 | 000,002,022 | ---- | M] () -- C:\Users\ArieS\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk [2012/07/19 10:33:39 | 001,225,984 | ---- | M] () -- C:\Users\ArieS\Desktop\iRule Builder Backup Final (Nexus 7 & iPod).irl ========== Files Created - No Company Name ========== [2012/08/17 11:08:37 | 000,006,288 | ---- | C] () -- C:\Users\ArieS\Desktop\BITS.reg [2012/08/17 02:10:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/08/17 02:10:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/08/17 02:10:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/08/17 02:10:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/08/17 02:10:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/08/16 13:40:29 | 000,226,744 | ---- | C] () -- C:\Users\ArieS\Desktop\Network Sharing Set Up.pdf [2012/08/13 12:44:23 | 067,402,113 | ---- | C] () -- C:\Users\ArieS\Desktop\BigNoid-Aeon-Nox-69cd9e0.zip [2012/08/12 16:11:53 | 000,132,087 | ---- | C] () -- C:\Users\ArieS\Desktop\Jaws.1975.BD25.REENCODED.VIDEO.DTSHD.rar [2012/08/07 12:34:43 | 007,479,025 | ---- | C] () -- C:\Users\ArieS\Desktop\Duke Nukem 64.zip [2012/08/07 02:44:46 | 000,851,968 | ---- | C] () -- C:\Windows\SysWow64\usbpadcp.dll [2012/08/07 02:30:10 | 000,982,928 | ---- | C] () -- C:\Users\ArieS\Desktop\Glide64_Napalm_PR1_2_2.zip [2012/08/07 01:43:25 | 014,929,196 | ---- | C] () -- C:\Users\ArieS\Desktop\mame0146b.exe [2012/08/06 12:55:54 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/05 11:33:56 | 060,517,176 | ---- | C] () -- C:\Users\ArieS\Desktop\tektagt.zip [2012/08/02 16:05:12 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml [2012/08/02 16:05:12 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2012/08/02 16:03:08 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk [2012/08/02 16:03:08 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012/08/02 15:59:11 | 000,384,844 | ---- | C] () -- C:\Users\ArieS\AppData\Local\funmoods-speeddial.crx [2012/08/02 15:57:06 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll [2012/07/29 20:52:57 | 000,000,673 | ---- | C] () -- C:\Users\ArieS\AppData\Local\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\L\00000004.@ [2012/07/25 13:32:45 | 001,029,080 | ---- | C] () -- C:\Users\ArieS\Desktop\Nexus 7.irl [2012/07/23 11:22:40 | 001,230,632 | ---- | C] () -- C:\Users\ArieS\Desktop\iRule iPod 232 Nexus 232.irl [2012/07/23 11:00:24 | 001,327,376 | ---- | C] () -- C:\Users\ArieS\Desktop\iRule iPod HTTP Nexus 232.irl [2012/07/19 10:33:39 | 001,225,984 | ---- | C] () -- C:\Users\ArieS\Desktop\iRule Builder Backup Final (Nexus 7 & iPod).irl [2012/07/15 01:47:11 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012/05/30 03:10:17 | 000,000,132 | ---- | C] () -- C:\Users\ArieS\AppData\Roaming\Adobe BMP Format CS5 Prefs [2012/03/26 13:42:04 | 000,772,214 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/03/09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012/03/08 21:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/03/08 21:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/02/19 14:15:46 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012/02/14 14:52:39 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2012/02/13 14:33:43 | 000,917,504 | ---- | C] () -- C:\Windows\SysWow64\dtsdecoderdll.dll [2012/02/13 14:33:43 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll [2012/02/12 14:35:29 | 000,000,132 | ---- | C] () -- C:\Users\ArieS\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012/02/09 01:24:29 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2012/02/09 01:20:51 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012/02/09 01:11:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012/02/09 00:58:22 | 000,000,092 | ---- | C] () -- C:\Windows\VSWizard.ini [2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012/06/20 12:35:51 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\Audacity [2012/08/02 15:56:40 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\Babylon [2012/08/02 15:56:54 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\BabylonToolbar [2012/08/10 23:26:20 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\BitComet [2012/02/09 02:39:28 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\CometPlayer [2012/07/29 15:43:27 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\DVDVideoSoft [2012/07/31 11:17:48 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\HandBrake [2012/08/03 11:04:48 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\ImgBurn [2012/02/09 15:36:14 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\Kindel Systems [2012/02/11 11:06:01 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\mkvtoolnix [2012/07/01 17:15:19 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\MusicBrainz [2012/02/09 13:58:43 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\Notepad++ [2012/06/25 02:40:33 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012/02/09 13:11:38 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\tigerplayer [2012/02/09 14:04:01 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\Unzbin [2012/02/09 02:30:06 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\userdata [2012/08/16 23:50:06 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\XBMC [2009/07/13 22:08:49 | 000,015,160 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >
  8. ComboFix 12-08-17.01 - ArieS 08/17/2012 12:20:24.2.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.6490 [GMT -7:00] Running from: c:\users\ArieS\Desktop\ComboFix.exe Command switches used :: c:\users\ArieS\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\ArieS\AppData\Local\Temp\_MEI11042\_ctypes.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\_elementtree.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\_hashlib.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\_socket.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\_ssl.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\pyexpat.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\pysqlite2._sqlite.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\python26.dll c:\users\ArieS\AppData\Local\Temp\_MEI11042\pythoncom26.dll c:\users\ArieS\AppData\Local\Temp\_MEI11042\PyWinTypes26.dll c:\users\ArieS\AppData\Local\Temp\_MEI11042\select.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\unicodedata.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\win32api.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\win32com.shell.shell.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\win32crypt.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\win32event.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\win32file.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\win32inet.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\win32pdh.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\win32process.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\windows._cacheinvalidation.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\wx._controls_.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\wx._core_.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\wx._gdi_.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\wx._html2.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\wx._misc_.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\wx._windows_.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\wx._wizard.pyd c:\users\ArieS\AppData\Local\Temp\_MEI11042\wxbase293u_net_vc.dll c:\users\ArieS\AppData\Local\Temp\_MEI11042\wxbase293u_vc.dll c:\users\ArieS\AppData\Local\Temp\_MEI11042\wxmsw293u_adv_vc.dll c:\users\ArieS\AppData\Local\Temp\_MEI11042\wxmsw293u_core_vc.dll c:\users\ArieS\AppData\Local\Temp\_MEI11042\wxmsw293u_html_vc.dll c:\users\ArieS\AppData\Local\Temp\_MEI11042\wxmsw293u_webview_vc.dll c:\users\ArieS\AppData\Local\Temp\_MEI5362 c:\users\ArieS\AppData\Local\Temp\_MEI5362\_ctypes.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\_elementtree.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\_hashlib.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\_socket.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\_ssl.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\_win32sysloader.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\id\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\it\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\ja\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\ko\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\lt\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\lv\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\nl\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\no\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\pl\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\pt\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\pt_BR\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\pt_PT\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\ro\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\ru\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\sk\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\sl\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\sr\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\sv\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\th\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\tr\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\uk\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\vi\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\zh-Hans\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\zh-Hant\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\zh\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\zh_CN\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\zh_HK\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\i18n\locale\zh_TW\LC_MESSAGES\syncclient.mo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\__init__.py c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\__init__.pyo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\drive-logo.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\exclaim.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\file.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\folder-mac.icns c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\folder-winseven.ico c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\folder-winxp.ico c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\folder.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\gdoc.icns c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\gdoc.ico c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\gdraw.icns c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\gdraw.ico c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\gform.icns c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\gform.ico c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\glink.icns c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\glink.ico c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\gsheet.icns c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\gsheet.ico c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\gslides.icns c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\gslides.ico c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\gtable.icns c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\gtable.ico c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\image_resources.py c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\image_resources.pyo c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\info1-mac.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\info1-windows7.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\info1-windowsxp.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\info2-default.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\info2-mac.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\info2-win7.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\info2-winxp.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\mac-animate1-inverse.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\mac-animate1.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\mac-animate2-inverse.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\mac-animate2.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\mac-animate3-inverse.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\mac-animate3.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\mac-animate4-inverse.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\mac-animate4.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\mac-animate5-inverse.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\mac-animate5.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\mac-animate6-inverse.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\mac-animate6.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\mac-animate7-inverse.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\mac-animate7.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\mac-animate8-inverse.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\mac-animate8.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\mac-error-inverse.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\mac-error.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\mac-inactive-inverse.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\mac-inactive.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\mac-normal-inverse.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\mac-normal.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\mac-paused-inverse.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\mac-paused.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\menu_warning.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\overlays\Blacklisted.ico c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\overlays\Shared.ico c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\overlays\Synced.ico c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\overlays\Syncing.ico c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\sharedfolder-mac.icns c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\sharedfolder-winseven.ico c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\sharedfolder-winxp.ico c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\shareguyicon.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\sync.icns c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\sync.ico c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\sync.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\sync_128.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\toprighticon.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\win-animate1.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\win-animate2.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\win-animate3.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\win-animate4.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\win-animate5.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\win-animate6.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\win-animate7.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\win-animate8.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\win-normal.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\win7-error.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\win7-inactive.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\win7-paused.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\winxp-error.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\winxp-inactive.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\resources\images\winxp-paused.png c:\users\ArieS\AppData\Local\Temp\_MEI5362\select.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\support\gen_py\__init__.py c:\users\ArieS\AppData\Local\Temp\_MEI5362\unicodedata.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\win32api.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\win32com.shell.shell.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\win32crypt.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\win32event.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\win32evtlog.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\win32file.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\win32inet.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\win32pdh.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\win32pipe.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\win32process.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\win32trace.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\win32ui.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\win32wnet.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\windows._cacheinvalidation.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\wx._controls_.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\wx._core_.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\wx._gdi_.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\wx._html2.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\wx._misc_.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\wx._windows_.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\wx._wizard.pyd c:\users\ArieS\AppData\Local\Temp\_MEI5362\wxbase293u_net_vc.dll c:\users\ArieS\AppData\Local\Temp\_MEI5362\wxbase293u_vc.dll c:\users\ArieS\AppData\Local\Temp\_MEI5362\wxmsw293u_adv_vc.dll c:\users\ArieS\AppData\Local\Temp\_MEI5362\wxmsw293u_core_vc.dll c:\users\ArieS\AppData\Local\Temp\_MEI5362\wxmsw293u_html_vc.dll c:\users\ArieS\AppData\Local\Temp\_MEI5362\wxmsw293u_webview_vc.dll . . ((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 ))))))))))))))))))))))))))))))) . . 2012-08-17 19:23 . 2012-08-17 19:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-17 16:53 . 2012-08-17 16:53 -------- d-----w- C:\_OTL 2012-08-17 11:23 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39E18CF0-1419-48F7-8F1E-8E8DF21653C1}\mpengine.dll 2012-08-16 19:58 . 2012-08-16 19:58 -------- d-----w- c:\users\ArieS\AppData\Local\ElevatedDiagnostics 2012-08-14 09:38 . 2012-08-14 09:38 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-08-14 09:37 . 2012-08-14 09:37 -------- d-----w- c:\program files (x86)\Oracle 2012-08-14 09:37 . 2012-07-06 05:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-08-14 09:37 . 2012-08-14 09:37 -------- d-----w- c:\program files (x86)\Java 2012-08-07 09:44 . 2001-11-07 16:27 851968 ----a-w- c:\windows\SysWow64\usbpadcp.dll 2012-08-07 09:44 . 2001-09-24 07:32 49206 ----a-w- c:\windows\SysWow64\usbpadff.dll 2012-08-07 08:58 . 2012-08-07 09:09 -------- d-----w- c:\program files (x86)\Project64 1.6 2012-08-07 08:58 . 2012-08-07 08:58 40960 ----a-r- c:\users\ArieS\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe 2012-08-07 08:58 . 2012-08-07 08:58 40960 ----a-r- c:\users\ArieS\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe 2012-08-07 08:43 . 2012-08-07 08:43 -------- d-----w- c:\program files\Mame 2012-08-03 08:15 . 2012-08-03 08:15 -------- d-----w- c:\users\ArieS\AppData\Local\Ilivid Player 2012-08-03 08:15 . 2012-08-03 08:15 -------- d-----w- c:\program files (x86)\Searchqu Toolbar 2012-08-03 08:09 . 2012-08-03 08:11 -------- d-----w- C:\Win 7 2012-08-02 23:08 . 2012-08-03 18:04 -------- d-----w- c:\users\ArieS\AppData\Roaming\ImgBurn 2012-08-02 23:03 . 2012-08-02 23:03 -------- d-----w- c:\program files (x86)\ImgBurn 2012-08-02 22:57 . 2005-04-16 02:58 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2012-08-02 22:57 . 2005-03-12 07:07 87040 ----a-w- c:\windows\system32\pdfcmnnt.dll 2012-08-02 22:57 . 2004-03-09 07:00 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX 2012-08-02 22:57 . 1998-06-24 07:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX 2012-08-02 22:57 . 2012-08-02 22:59 -------- d-----w- c:\program files (x86)\PDFCreator 2012-08-02 22:57 . 1998-07-06 07:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL 2012-08-02 22:56 . 2012-08-02 22:56 -------- d-----w- c:\program files (x86)\BabylonToolbar 2012-08-02 22:56 . 2012-08-02 22:56 -------- d-----w- c:\users\ArieS\AppData\Roaming\Babylon 2012-08-02 22:56 . 2012-08-02 22:56 -------- d-----w- c:\programdata\Babylon 2012-08-02 22:53 . 1999-09-10 19:06 5600 ----a-w- c:\windows\system\WINASPI.DLL 2012-08-02 22:53 . 1999-09-10 19:06 4672 ----a-w- c:\windows\system\WOWPOST.EXE 2012-08-02 22:53 . 1999-09-10 19:06 45056 ----a-w- c:\windows\SysWow64\WNASPI32.DLL 2012-08-02 22:53 . 1999-09-10 19:06 25244 ----a-w- c:\windows\SysWow64\drivers\ASPI32.SYS 2012-08-01 06:09 . 2012-08-01 06:09 -------- d-----w- c:\users\Default\AppData\Local\Google . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-16 10:01 . 2012-02-12 07:31 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-08-15 03:46 . 2012-05-12 19:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-15 03:46 . 2012-02-09 09:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-06 05:06 . 2012-02-19 21:16 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-07-03 20:46 . 2012-07-15 09:00 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-09 05:43 . 2012-07-11 01:54 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 06:06 . 2012-07-11 01:54 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-11 01:54 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-11 01:54 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-11 01:54 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-11 01:54 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-11 01:54 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-06-19 04:55 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-19 04:55 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-19 04:55 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-19 04:55 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-19 04:55 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 22:19 . 2012-06-19 04:55 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-19 04:55 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-19 04:55 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 22:15 . 2012-06-19 04:55 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 05:50 . 2012-07-11 01:54 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-11 01:54 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:48 . 2012-07-11 01:54 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:45 . 2012-07-11 01:54 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-11 01:54 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-11 01:54 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-11 01:54 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-11 01:54 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-11 01:54 96768 ----a-w- c:\windows\SysWow64\sspicli.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-08-17_09.29.38 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-08-17 09:29 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-08-17 19:25 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-08-17 09:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-08-17 19:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-11-21 03:09 . 2012-08-17 18:13 33898 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-17 18:13 35240 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-02-09 07:51 . 2012-08-17 11:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-02-09 07:51 . 2012-08-16 18:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-08-16 18:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-08-17 11:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-02-09 18:38 . 2012-08-17 09:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-02-09 18:38 . 2012-08-17 19:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-02-09 18:38 . 2012-08-17 19:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-02-09 18:38 . 2012-08-17 09:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-02-09 08:12 . 2012-08-17 18:02 3392 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3604902974-1328642687-2133515880-1000_UserData.bin - 2012-08-17 09:29 . 2012-08-17 09:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-08-17 19:25 . 2012-08-17 19:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 04:54 . 2012-08-17 09:29 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-08-17 19:25 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 02:36 . 2012-08-17 18:46 660068 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-08-17 09:21 660068 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-08-17 18:46 120996 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-08-17 09:21 120996 c:\windows\system32\perfc009.dat + 2009-07-14 05:01 . 2012-08-17 19:23 318072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-08-17 09:26 318072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-06-06 20:55 . 2011-06-06 20:55 686464 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JP2KLib.dll + 2012-01-03 13:10 . 2012-01-03 13:10 320456 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearmhelper.exe - 2012-02-09 08:49 . 2012-08-17 09:26 1506208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2012-02-09 08:49 . 2012-08-17 19:23 1506208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-06-06 20:55 . 2011-06-06 20:55 5509512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AGM.dll + 2012-02-09 19:09 . 2012-08-17 19:23 22122292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3604902974-1328642687-2133515880-1000-8192.dat + 2012-08-17 17:01 . 2012-08-17 17:01 13123584 c:\windows\Installer\14032.msp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-07-30 6241952] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-07-20 12218904] "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-08-26 393216] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032] "AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\users\ArieS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MCEControl.exe - Shortcut.lnk - c:\program files (x86)\Kindel Systems\MCE Controller\MCEControl.exe [2012-1-9 208896] RealTempGT.exe - Shortcut.lnk - d:\stuff from xp\RealTemp_360\RealTempGT.exe [2011-4-19 221056] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2012-2-9 29310] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\datamngr.dll c:\progra~2\SEARCH~1\Datamngr\IEBHO.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-09 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-07 31272] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712] R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-09 136176] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-10 1255736] R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\stuff from xp\RealTemp_360\WinRing0x64.sys [2008-07-27 14544] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-11 21104] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 235520] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 66904] S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512] S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-24 185856] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-03-09 10857984] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-03-09 328704] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-03-07 40832] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-03-07 65280] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800] . . Contents of the 'Scheduled Tasks' folder . 2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 03:46] . 2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-09 08:43] . 2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-09 08:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-07-20 22:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-07-20 22:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-07-20 22:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-07-20 22:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-14 13374568] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\x64\datamngr.dll c:\progra~2\SEARCH~1\Datamngr\x64\IEBHO.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.searchnu.com/406 mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0DzyyC0CzztC0CtA0BtDtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=684643346 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe . ************************************************************************** . Completion time: 2012-08-17 12:27:10 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-17 19:27 ComboFix2.txt 2012-08-17 09:31 . Pre-Run: 61,796,425,728 bytes free Post-Run: 61,579,886,592 bytes free . - - End Of File - - D98992391EB4E988E029FD62DD7D1EA8
  9. Farbar Service Scanner Version: 06-08-2012 Ran by ArieS (administrator) on 17-08-2012 at 11:14:41 Running from "C:\Users\ArieS\Desktop" Microsoft Windows 7 Ultimate Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  10. OTL logfile created on: 8/17/2012 11:04:29 AM - Run 3 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\ArieS\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.98 Gb Total Physical Memory | 6.31 Gb Available Physical Memory | 79.07% Memory free 15.97 Gb Paging File | 14.01 Gb Available in Paging File | 87.74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119.24 Gb Total Space | 57.60 Gb Free Space | 48.31% Space Free | Partition Type: NTFS Drive D: | 931.51 Gb Total Space | 75.09 Gb Free Space | 8.06% Space Free | Partition Type: NTFS Drive G: | 1863.01 Gb Total Space | 35.39 Gb Free Space | 1.90% Space Free | Partition Type: NTFS Drive I: | 1863.01 Gb Total Space | 82.31 Gb Free Space | 4.42% Space Free | Partition Type: NTFS Drive K: | 1863.01 Gb Total Space | 107.67 Gb Free Space | 5.78% Space Free | Partition Type: NTFS Drive L: | 1863.01 Gb Total Space | 2.33 Gb Free Space | 0.13% Space Free | Partition Type: NTFS Drive M: | 1863.01 Gb Total Space | 102.17 Gb Free Space | 5.48% Space Free | Partition Type: NTFS Drive N: | 2794.39 Gb Total Space | 1.67 Gb Free Space | 0.06% Space Free | Partition Type: NTFS Drive O: | 2794.39 Gb Total Space | 87.67 Gb Free Space | 3.14% Space Free | Partition Type: NTFS Drive P: | 2794.39 Gb Total Space | 153.23 Gb Free Space | 5.48% Space Free | Partition Type: NTFS Computer Name: ARIES-PC | User Name: ArieS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/17 03:38:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\ArieS\Desktop\OTL.exe PRC - [2012/07/30 09:14:34 | 006,241,952 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/07/25 07:29:02 | 001,890,744 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe PRC - [2012/07/20 15:41:00 | 000,081,920 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\SeaMonkey\seamonkey.exe PRC - [2012/07/20 15:17:14 | 012,218,904 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe PRC - [2012/07/15 02:03:34 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe PRC - [2012/05/24 15:23:28 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe PRC - [2012/01/09 01:18:40 | 000,208,896 | ---- | M] (Kindel Systems) -- C:\Program Files (x86)\Kindel Systems\MCE Controller\MCEControl.exe PRC - [2011/11/28 11:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011/11/28 11:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2009/12/21 09:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe PRC - [2009/11/11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe ========== Modules (No Company Name) ========== MOD - [2012/08/17 11:03:02 | 001,169,408 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\wx._core_.pyd MOD - [2012/08/17 11:03:02 | 001,018,368 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\windows._cacheinvalidation.pyd MOD - [2012/08/17 11:03:02 | 000,792,576 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\wx._gdi_.pyd MOD - [2012/08/17 11:03:02 | 000,731,136 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\wx._misc_.pyd MOD - [2012/08/17 11:03:02 | 000,645,120 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\_ssl.pyd MOD - [2012/08/17 11:03:02 | 000,571,392 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\pysqlite2._sqlite.pyd MOD - [2012/08/17 11:03:02 | 000,354,304 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\pythoncom26.dll MOD - [2012/08/17 11:03:02 | 000,263,168 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\win32com.shell.shell.pyd MOD - [2012/08/17 11:03:02 | 000,153,088 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\pyexpat.pyd MOD - [2012/08/17 11:03:02 | 000,110,592 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\PyWinTypes26.dll MOD - [2012/08/17 11:03:02 | 000,096,256 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\win32api.pyd MOD - [2012/08/17 11:03:02 | 000,086,016 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\_elementtree.pyd MOD - [2012/08/17 11:03:02 | 000,073,728 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\_ctypes.pyd MOD - [2012/08/17 11:03:02 | 000,070,656 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\wx._html2.pyd MOD - [2012/08/17 11:03:02 | 000,040,448 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\_socket.pyd MOD - [2012/08/17 11:03:02 | 000,036,352 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\win32process.pyd MOD - [2012/08/17 11:03:02 | 000,022,528 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\win32pdh.pyd MOD - [2012/08/17 11:03:02 | 000,011,776 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\win32crypt.pyd MOD - [2012/08/17 11:03:01 | 001,056,256 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\wx._controls_.pyd MOD - [2012/08/17 11:03:01 | 000,807,424 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\wx._windows_.pyd MOD - [2012/08/17 11:03:01 | 000,585,728 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\unicodedata.pyd MOD - [2012/08/17 11:03:01 | 000,311,808 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\_hashlib.pyd MOD - [2012/08/17 11:03:01 | 000,121,856 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\wx._wizard.pyd MOD - [2012/08/17 11:03:01 | 000,111,104 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\win32file.pyd MOD - [2012/08/17 11:03:01 | 000,039,424 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\win32inet.pyd MOD - [2012/08/17 11:03:01 | 000,017,920 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\win32event.pyd MOD - [2012/08/17 11:03:01 | 000,011,776 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI5362\select.pyd MOD - [2012/07/20 15:41:00 | 001,929,216 | ---- | M] () -- C:\Program Files (x86)\SeaMonkey\mozjs.dll MOD - [2012/07/20 15:41:00 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\SeaMonkey\nsldap32v60.dll MOD - [2012/07/20 15:41:00 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\SeaMonkey\nsldappr32v60.dll MOD - [2012/06/14 09:57:34 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/14 09:57:30 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll MOD - [2012/06/14 03:01:14 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/05/12 00:01:13 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll MOD - [2012/05/11 23:58:36 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/11 23:58:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/11 23:58:33 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/11 23:58:30 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/05/24 15:23:28 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV:64bit: - [2012/03/08 22:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/11/28 11:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2010/12/28 01:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE) SRV:64bit: - [2010/04/06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/08/14 20:46:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/05/01 16:35:23 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2012/03/08 23:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/03/08 20:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/12/02 19:38:08 | 000,239,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2011/11/28 10:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2011/11/28 10:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2011/11/28 10:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) DRV:64bit: - [2011/11/28 10:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2011/11/28 10:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2011/11/28 10:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2011/10/17 10:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/07 02:22:00 | 000,065,280 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011/03/07 02:22:00 | 000,040,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2011/01/15 09:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2011/01/13 04:58:00 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/01/10 19:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010/11/20 20:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 20:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010/11/20 20:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/20 20:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/09/21 10:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2012/05/01 16:35:23 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008/11/14 03:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility) DRV - [2008/07/26 22:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- D:\Stuff from XP\RealTemp_360\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0DzyyC0CzztC0CtA0BtDtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=684643346 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0DzyyC0CzztC0CtA0BtDtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=684643346 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0DzyyC0CzztC0CtA0BtDtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=684643346 IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0DzyyC0CzztC0CtA0BtDtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=684643346 IE - HKLM\..\SearchScopes\{6948A73E-7547-7097-31B0-4A719654C8CF}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.babylon.com/?affID=113959&tt=010812_ctrl_3112_3&babsrc=HP_ss&mntrId=d877c3b00000000000001c6f65d96c81 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D1 1F ED 85 04 E7 CC 01 [binary data] IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0DzyyC0CzztC0CtA0BtDtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=684643346 IE - HKCU\..\SearchScopes\{6948A73E-7547-7097-31B0-4A719654C8CF}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113959&tt=010812_ctrl_3112_3&babsrc=SP_ss&mntrId=d877c3b00000000000001c6f65d96c81 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb161/?search={searchTerms}&loc=IB_DS&a=6PQAM7umOE&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.com" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/06/17 12:14:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/06/17 12:14:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.11\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2012/07/20 15:41:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.11\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins [2012/02/09 02:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArieS\AppData\Roaming\Mozilla\Extensions [2012/06/14 10:28:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArieS\AppData\Roaming\Mozilla\SeaMonkey\Profiles\7u709t5g.default\extensions [2012/04/12 15:40:19 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\ArieS\AppData\Roaming\Mozilla\SeaMonkey\Profiles\7u709t5g.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2012/06/14 10:28:38 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\ArieS\AppData\Roaming\Mozilla\SeaMonkey\Profiles\7u709t5g.default\extensions\inspector@mozilla.org [2012/06/17 12:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/03/26 13:24:04 | 000,210,138 | ---- | M] () (No name found) -- C:\USERS\ARIES\APPDATA\ROAMING\MOZILLA\SEAMONKEY\PROFILES\7U709T5G.DEFAULT\EXTENSIONS\{F13B157F-B174-47E7-A34D-4815DDFDFEB8}.XPI ========== Chrome ========== CHR - homepage: http://www.google.com CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=139&systemid=406&sr=0&q={searchTerms} CHR - default_search_provider: suggest_url = , CHR - homepage: http://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: YouTube = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: SpeedDial = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\ CHR - Extension: Google Search = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Babylon Toolbar = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\ CHR - Extension: Web Assistant = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.445_0\ CHR - Extension: avast! WebRep = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\ CHR - Extension: Gmail = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/08/17 02:29:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll File not found O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - Startup: C:\Users\ArieS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MCEControl.exe - Shortcut.lnk = C:\Program Files (x86)\Kindel Systems\MCE Controller\MCEControl.exe (Kindel Systems) O4 - Startup: C:\Users\ArieS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RealTempGT.exe - Shortcut.lnk = D:\Stuff from XP\RealTemp_360\RealTempGT.exe (uWebb Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EDF4867-E3C3-4A9B-AA92-BE130AE133F3}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/03/25 02:25:06 | 000,000,000 | R--D | M] - D:\autorun -- [ NTFS ] O32 - AutoRun File - [2011/07/15 15:57:53 | 000,000,000 | R--D | M] - I:\autorun -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/17 10:08:57 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\ArieS\Desktop\FSS.exe [2012/08/17 10:01:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/08/17 09:53:29 | 000,000,000 | ---D | C] -- C:\_OTL [2012/08/17 03:38:10 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\ArieS\Desktop\OTL.exe [2012/08/17 03:37:14 | 002,208,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ArieS\Desktop\tdsskiller.exe [2012/08/17 02:35:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/08/17 02:10:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/08/17 02:10:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/08/17 02:10:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/08/17 01:59:01 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/08/17 01:58:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/08/17 01:56:43 | 004,732,214 | R--- | C] (Swearware) -- C:\Users\ArieS\Desktop\ComboFix.exe [2012/08/17 01:40:03 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\ArieS\Desktop\dds.scr [2012/08/16 12:58:37 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Local\ElevatedDiagnostics [2012/08/15 15:33:34 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\Wallpapers [2012/08/14 02:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/08/14 02:37:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012/08/14 02:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/08/13 12:44:47 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\-Aeon Nox-Backup [2012/08/12 16:12:26 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\Jaws.1975.BD25.REENCODED.VIDEO.DTSHD [2012/08/10 16:01:14 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\Pics [2012/08/09 02:56:02 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\Drivers [2012/08/07 02:44:46 | 000,049,206 | ---- | C] (SAD) -- C:\Windows\SysWow64\usbpadff.dll [2012/08/07 02:30:39 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\Glide64_Napalm_PR1_2_2 [2012/08/07 02:30:24 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\Roms [2012/08/07 01:58:27 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6 [2012/08/07 01:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project64 1.6 [2012/08/07 01:53:27 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\MameUI64_0.146 [2012/08/07 01:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mame [2012/08/06 12:39:55 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\mupen64plus-bundle-win32-1.99.5 [2012/08/03 01:15:53 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Local\Ilivid Player [2012/08/03 01:15:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Searchqu Toolbar [2012/08/03 01:09:53 | 000,000,000 | ---D | C] -- C:\Win 7 [2012/08/02 16:08:04 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Roaming\ImgBurn [2012/08/02 16:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2012/08/02 16:03:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2012/08/02 15:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012/08/02 15:57:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012/08/02 15:56:54 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Roaming\BabylonToolbar [2012/08/02 15:56:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar [2012/08/02 15:56:40 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Roaming\Babylon [2012/08/02 15:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012/08/02 15:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012/08/02 15:53:36 | 000,045,056 | ---- | C] (Adaptec) -- C:\Windows\SysWow64\WNASPI32.DLL [2012/08/02 15:53:36 | 000,025,244 | ---- | C] (Adaptec) -- C:\Windows\SysWow64\drivers\ASPI32.SYS [2012/08/02 15:53:36 | 000,005,600 | ---- | C] (Adaptec) -- C:\Windows\System\WINASPI.DLL [2012/08/02 15:53:36 | 000,004,672 | ---- | C] (Adaptec) -- C:\Windows\System\WOWPOST.EXE [2012/07/29 16:00:44 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake ========== Files - Modified Within 30 Days ========== [2012/08/17 11:01:11 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/17 11:01:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/17 11:00:54 | 2134,204,415 | -HS- | M] () -- C:\hiberfil.sys [2012/08/17 10:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/17 10:08:59 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\ArieS\Desktop\FSS.exe [2012/08/17 10:08:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/17 10:07:32 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/17 10:07:32 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/17 10:07:23 | 000,778,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/17 10:07:23 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/17 10:07:23 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/17 03:38:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\ArieS\Desktop\OTL.exe [2012/08/17 03:37:19 | 002,208,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ArieS\Desktop\tdsskiller.exe [2012/08/17 02:29:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/08/17 01:56:44 | 004,732,214 | R--- | M] (Swearware) -- C:\Users\ArieS\Desktop\ComboFix.exe [2012/08/17 01:40:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\ArieS\Desktop\dds.scr [2012/08/16 13:40:30 | 000,226,744 | ---- | M] () -- C:\Users\ArieS\Desktop\Network Sharing Set Up.pdf [2012/08/16 11:23:15 | 004,835,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/08/13 13:07:37 | 000,000,132 | ---- | M] () -- C:\Users\ArieS\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012/08/13 12:44:24 | 067,402,113 | ---- | M] () -- C:\Users\ArieS\Desktop\BigNoid-Aeon-Nox-69cd9e0.zip [2012/08/12 16:11:53 | 000,132,087 | ---- | M] () -- C:\Users\ArieS\Desktop\Jaws.1975.BD25.REENCODED.VIDEO.DTSHD.rar [2012/08/07 12:35:09 | 007,479,025 | ---- | M] () -- C:\Users\ArieS\Desktop\Duke Nukem 64.zip [2012/08/07 02:30:10 | 000,982,928 | ---- | M] () -- C:\Users\ArieS\Desktop\Glide64_Napalm_PR1_2_2.zip [2012/08/07 01:43:28 | 014,929,196 | ---- | M] () -- C:\Users\ArieS\Desktop\mame0146b.exe [2012/08/05 11:37:28 | 060,517,176 | ---- | M] () -- C:\Users\ArieS\Desktop\tektagt.zip [2012/08/03 11:19:58 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2012/08/03 11:19:58 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2012/08/02 16:03:08 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012/08/02 15:59:07 | 000,384,844 | ---- | M] () -- C:\Users\ArieS\AppData\Local\funmoods-speeddial.crx [2012/08/02 15:56:52 | 000,000,764 | ---- | M] () -- C:\user.js [2012/07/26 16:05:22 | 001,029,080 | ---- | M] () -- C:\Users\ArieS\Desktop\Nexus 7.irl [2012/07/24 15:49:52 | 001,327,376 | ---- | M] () -- C:\Users\ArieS\Desktop\iRule iPod HTTP Nexus 232.irl [2012/07/23 11:22:40 | 001,230,632 | ---- | M] () -- C:\Users\ArieS\Desktop\iRule iPod 232 Nexus 232.irl [2012/07/20 15:41:00 | 000,002,022 | ---- | M] () -- C:\Users\ArieS\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk [2012/07/19 10:33:39 | 001,225,984 | ---- | M] () -- C:\Users\ArieS\Desktop\iRule Builder Backup Final (Nexus 7 & iPod).irl ========== Files Created - No Company Name ========== [2012/08/17 02:10:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/08/17 02:10:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/08/17 02:10:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/08/17 02:10:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/08/17 02:10:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/08/16 13:40:29 | 000,226,744 | ---- | C] () -- C:\Users\ArieS\Desktop\Network Sharing Set Up.pdf [2012/08/13 12:44:23 | 067,402,113 | ---- | C] () -- C:\Users\ArieS\Desktop\BigNoid-Aeon-Nox-69cd9e0.zip [2012/08/12 16:11:53 | 000,132,087 | ---- | C] () -- C:\Users\ArieS\Desktop\Jaws.1975.BD25.REENCODED.VIDEO.DTSHD.rar [2012/08/07 12:34:43 | 007,479,025 | ---- | C] () -- C:\Users\ArieS\Desktop\Duke Nukem 64.zip [2012/08/07 02:44:46 | 000,851,968 | ---- | C] () -- C:\Windows\SysWow64\usbpadcp.dll [2012/08/07 02:30:10 | 000,982,928 | ---- | C] () -- C:\Users\ArieS\Desktop\Glide64_Napalm_PR1_2_2.zip [2012/08/07 01:43:25 | 014,929,196 | ---- | C] () -- C:\Users\ArieS\Desktop\mame0146b.exe [2012/08/06 12:55:54 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/05 11:33:56 | 060,517,176 | ---- | C] () -- C:\Users\ArieS\Desktop\tektagt.zip [2012/08/02 16:05:12 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml [2012/08/02 16:05:12 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2012/08/02 16:03:08 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk [2012/08/02 16:03:08 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012/08/02 15:59:11 | 000,384,844 | ---- | C] () -- C:\Users\ArieS\AppData\Local\funmoods-speeddial.crx [2012/08/02 15:57:06 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll [2012/07/29 20:52:57 | 000,000,673 | ---- | C] () -- C:\Users\ArieS\AppData\Local\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\L\00000004.@ [2012/07/25 13:32:45 | 001,029,080 | ---- | C] () -- C:\Users\ArieS\Desktop\Nexus 7.irl [2012/07/23 11:22:40 | 001,230,632 | ---- | C] () -- C:\Users\ArieS\Desktop\iRule iPod 232 Nexus 232.irl [2012/07/23 11:00:24 | 001,327,376 | ---- | C] () -- C:\Users\ArieS\Desktop\iRule iPod HTTP Nexus 232.irl [2012/07/19 10:33:39 | 001,225,984 | ---- | C] () -- C:\Users\ArieS\Desktop\iRule Builder Backup Final (Nexus 7 & iPod).irl [2012/07/15 01:47:11 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012/05/30 03:10:17 | 000,000,132 | ---- | C] () -- C:\Users\ArieS\AppData\Roaming\Adobe BMP Format CS5 Prefs [2012/03/26 13:42:04 | 000,772,214 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/03/09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012/03/08 21:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/03/08 21:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/02/19 14:15:46 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012/02/14 14:52:39 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2012/02/13 14:33:43 | 000,917,504 | ---- | C] () -- C:\Windows\SysWow64\dtsdecoderdll.dll [2012/02/13 14:33:43 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll [2012/02/12 14:35:29 | 000,000,132 | ---- | C] () -- C:\Users\ArieS\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012/02/09 01:24:29 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2012/02/09 01:20:51 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012/02/09 01:11:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012/02/09 00:58:22 | 000,000,092 | ---- | C] () -- C:\Windows\VSWizard.ini [2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012/06/20 12:35:51 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\Audacity [2012/08/02 15:56:40 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\Babylon [2012/08/02 15:56:54 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\BabylonToolbar [2012/08/10 23:26:20 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\BitComet [2012/02/09 02:39:28 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\CometPlayer [2012/07/29 15:43:27 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\DVDVideoSoft [2012/07/31 11:17:48 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\HandBrake [2012/08/03 11:04:48 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\ImgBurn [2012/02/09 15:36:14 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\Kindel Systems [2012/02/11 11:06:01 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\mkvtoolnix [2012/07/01 17:15:19 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\MusicBrainz [2012/02/09 13:58:43 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\Notepad++ [2012/06/25 02:40:33 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012/02/09 13:11:38 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\tigerplayer [2012/02/09 14:04:01 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\Unzbin [2012/02/09 02:30:06 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\userdata [2012/08/16 23:50:06 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\XBMC [2009/07/13 22:08:49 | 000,014,404 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >
  11. Farbar Service Scanner Version: 06-08-2012 Ran by ArieS (administrator) on 17-08-2012 at 10:09:36 Running from "C:\Users\ArieS\Desktop" Microsoft Windows 7 Ultimate Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ BITS Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  12. OTL logfile created on: 8/17/2012 10:02:47 AM - Run 2 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\ArieS\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.98 Gb Total Physical Memory | 6.43 Gb Available Physical Memory | 80.58% Memory free 15.97 Gb Paging File | 14.22 Gb Available in Paging File | 89.08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119.24 Gb Total Space | 57.55 Gb Free Space | 48.27% Space Free | Partition Type: NTFS Drive D: | 931.51 Gb Total Space | 75.09 Gb Free Space | 8.06% Space Free | Partition Type: NTFS Drive G: | 1863.01 Gb Total Space | 35.39 Gb Free Space | 1.90% Space Free | Partition Type: NTFS Drive I: | 1863.01 Gb Total Space | 82.31 Gb Free Space | 4.42% Space Free | Partition Type: NTFS Drive K: | 1863.01 Gb Total Space | 107.67 Gb Free Space | 5.78% Space Free | Partition Type: NTFS Drive L: | 1863.01 Gb Total Space | 2.33 Gb Free Space | 0.13% Space Free | Partition Type: NTFS Drive M: | 1863.01 Gb Total Space | 102.17 Gb Free Space | 5.48% Space Free | Partition Type: NTFS Drive N: | 2794.39 Gb Total Space | 1.67 Gb Free Space | 0.06% Space Free | Partition Type: NTFS Drive O: | 2794.39 Gb Total Space | 87.67 Gb Free Space | 3.14% Space Free | Partition Type: NTFS Drive P: | 2794.39 Gb Total Space | 153.23 Gb Free Space | 5.48% Space Free | Partition Type: NTFS Computer Name: ARIES-PC | User Name: ArieS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/17 03:38:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\ArieS\Desktop\OTL.exe PRC - [2012/07/30 09:14:34 | 006,241,952 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe PRC - [2012/07/25 07:29:02 | 001,890,744 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe PRC - [2012/07/20 15:17:14 | 012,218,904 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe PRC - [2012/07/15 02:03:34 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe PRC - [2012/05/24 15:23:28 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe PRC - [2012/01/09 01:18:40 | 000,208,896 | ---- | M] (Kindel Systems) -- C:\Program Files (x86)\Kindel Systems\MCE Controller\MCEControl.exe PRC - [2011/11/28 11:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011/11/28 11:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2010/08/25 22:35:22 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe PRC - [2009/12/21 09:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe PRC - [2009/11/11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe ========== Modules (No Company Name) ========== MOD - [2012/08/17 10:01:05 | 001,169,408 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\wx._core_.pyd MOD - [2012/08/17 10:01:05 | 001,056,256 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\wx._controls_.pyd MOD - [2012/08/17 10:01:05 | 001,018,368 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\windows._cacheinvalidation.pyd MOD - [2012/08/17 10:01:05 | 000,807,424 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\wx._windows_.pyd MOD - [2012/08/17 10:01:05 | 000,792,576 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\wx._gdi_.pyd MOD - [2012/08/17 10:01:05 | 000,731,136 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\wx._misc_.pyd MOD - [2012/08/17 10:01:05 | 000,645,120 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\_ssl.pyd MOD - [2012/08/17 10:01:05 | 000,585,728 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\unicodedata.pyd MOD - [2012/08/17 10:01:05 | 000,571,392 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\pysqlite2._sqlite.pyd MOD - [2012/08/17 10:01:05 | 000,354,304 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\pythoncom26.dll MOD - [2012/08/17 10:01:05 | 000,311,808 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\_hashlib.pyd MOD - [2012/08/17 10:01:05 | 000,263,168 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\win32com.shell.shell.pyd MOD - [2012/08/17 10:01:05 | 000,153,088 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\pyexpat.pyd MOD - [2012/08/17 10:01:05 | 000,121,856 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\wx._wizard.pyd MOD - [2012/08/17 10:01:05 | 000,111,104 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\win32file.pyd MOD - [2012/08/17 10:01:05 | 000,110,592 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\PyWinTypes26.dll MOD - [2012/08/17 10:01:05 | 000,096,256 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\win32api.pyd MOD - [2012/08/17 10:01:05 | 000,086,016 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\_elementtree.pyd MOD - [2012/08/17 10:01:05 | 000,073,728 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\_ctypes.pyd MOD - [2012/08/17 10:01:05 | 000,070,656 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\wx._html2.pyd MOD - [2012/08/17 10:01:05 | 000,040,448 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\_socket.pyd MOD - [2012/08/17 10:01:05 | 000,039,424 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\win32inet.pyd MOD - [2012/08/17 10:01:05 | 000,036,352 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\win32process.pyd MOD - [2012/08/17 10:01:05 | 000,022,528 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\win32pdh.pyd MOD - [2012/08/17 10:01:05 | 000,017,920 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\win32event.pyd MOD - [2012/08/17 10:01:05 | 000,011,776 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\win32crypt.pyd MOD - [2012/08/17 10:01:05 | 000,011,776 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI32362\select.pyd MOD - [2012/06/14 09:57:34 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/14 09:57:30 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll MOD - [2012/06/14 03:01:14 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/05/12 00:01:13 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll MOD - [2012/05/11 23:58:36 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/11 23:58:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/11 23:58:33 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/11 23:58:30 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/05/24 15:23:28 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV:64bit: - [2012/03/08 22:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/11/28 11:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2010/12/28 01:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE) SRV:64bit: - [2010/04/06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/08/14 20:46:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/05/01 16:35:23 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2012/03/08 23:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/03/08 20:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/12/02 19:38:08 | 000,239,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2011/11/28 10:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2011/11/28 10:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2011/11/28 10:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) DRV:64bit: - [2011/11/28 10:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2011/11/28 10:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2011/11/28 10:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2011/10/17 10:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/07 02:22:00 | 000,065,280 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011/03/07 02:22:00 | 000,040,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2011/01/15 09:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2011/01/13 04:58:00 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/01/10 19:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010/11/20 20:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 20:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010/11/20 20:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/20 20:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/09/21 10:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2012/05/01 16:35:23 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008/11/14 03:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility) DRV - [2008/07/26 22:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- D:\Stuff from XP\RealTemp_360\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0DzyyC0CzztC0CtA0BtDtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=684643346 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0DzyyC0CzztC0CtA0BtDtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=684643346 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0DzyyC0CzztC0CtA0BtDtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=684643346 IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0DzyyC0CzztC0CtA0BtDtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=684643346 IE - HKLM\..\SearchScopes\{6948A73E-7547-7097-31B0-4A719654C8CF}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.babylon.com/?affID=113959&tt=010812_ctrl_3112_3&babsrc=HP_ss&mntrId=d877c3b00000000000001c6f65d96c81 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D1 1F ED 85 04 E7 CC 01 [binary data] IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0DzyyC0CzztC0CtA0BtDtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=684643346 IE - HKCU\..\SearchScopes\{6948A73E-7547-7097-31B0-4A719654C8CF}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113959&tt=010812_ctrl_3112_3&babsrc=SP_ss&mntrId=d877c3b00000000000001c6f65d96c81 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb161/?search={searchTerms}&loc=IB_DS&a=6PQAM7umOE&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.com" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/06/17 12:14:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/06/17 12:14:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.11\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2012/07/20 15:41:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.11\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins [2012/02/09 02:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArieS\AppData\Roaming\Mozilla\Extensions [2012/06/14 10:28:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArieS\AppData\Roaming\Mozilla\SeaMonkey\Profiles\7u709t5g.default\extensions [2012/04/12 15:40:19 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\ArieS\AppData\Roaming\Mozilla\SeaMonkey\Profiles\7u709t5g.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2012/06/14 10:28:38 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\ArieS\AppData\Roaming\Mozilla\SeaMonkey\Profiles\7u709t5g.default\extensions\inspector@mozilla.org [2012/06/17 12:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/03/26 13:24:04 | 000,210,138 | ---- | M] () (No name found) -- C:\USERS\ARIES\APPDATA\ROAMING\MOZILLA\SEAMONKEY\PROFILES\7U709T5G.DEFAULT\EXTENSIONS\{F13B157F-B174-47E7-A34D-4815DDFDFEB8}.XPI ========== Chrome ========== CHR - homepage: http://www.google.com CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=139&systemid=406&sr=0&q={searchTerms} CHR - default_search_provider: suggest_url = , CHR - homepage: http://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: YouTube = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: SpeedDial = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\ CHR - Extension: Google Search = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Babylon Toolbar = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\ CHR - Extension: Web Assistant = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.445_0\ CHR - Extension: avast! WebRep = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\ CHR - Extension: Gmail = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/08/17 02:29:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll File not found O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - Startup: C:\Users\ArieS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MCEControl.exe - Shortcut.lnk = C:\Program Files (x86)\Kindel Systems\MCE Controller\MCEControl.exe (Kindel Systems) O4 - Startup: C:\Users\ArieS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RealTempGT.exe - Shortcut.lnk = D:\Stuff from XP\RealTemp_360\RealTempGT.exe (uWebb Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EDF4867-E3C3-4A9B-AA92-BE130AE133F3}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/03/25 02:25:06 | 000,000,000 | R--D | M] - D:\autorun -- [ NTFS ] O32 - AutoRun File - [2011/07/15 15:57:53 | 000,000,000 | R--D | M] - I:\autorun -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/17 10:01:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/08/17 09:53:29 | 000,000,000 | ---D | C] -- C:\_OTL [2012/08/17 03:38:10 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\ArieS\Desktop\OTL.exe [2012/08/17 03:37:14 | 002,208,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ArieS\Desktop\tdsskiller.exe [2012/08/17 02:35:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/08/17 02:10:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/08/17 02:10:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/08/17 02:10:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/08/17 01:59:01 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/08/17 01:58:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/08/17 01:56:43 | 004,732,214 | R--- | C] (Swearware) -- C:\Users\ArieS\Desktop\ComboFix.exe [2012/08/17 01:40:03 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\ArieS\Desktop\dds.scr [2012/08/16 12:58:37 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Local\ElevatedDiagnostics [2012/08/15 15:33:34 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\Wallpapers [2012/08/14 02:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/08/14 02:37:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012/08/14 02:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/08/13 12:44:47 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\-Aeon Nox-Backup [2012/08/12 16:12:26 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\Jaws.1975.BD25.REENCODED.VIDEO.DTSHD [2012/08/10 16:01:14 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\Pics [2012/08/09 02:56:02 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\Drivers [2012/08/07 02:44:46 | 000,049,206 | ---- | C] (SAD) -- C:\Windows\SysWow64\usbpadff.dll [2012/08/07 02:30:39 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\Glide64_Napalm_PR1_2_2 [2012/08/07 02:30:24 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\Roms [2012/08/07 01:58:27 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6 [2012/08/07 01:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project64 1.6 [2012/08/07 01:53:27 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\MameUI64_0.146 [2012/08/07 01:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mame [2012/08/06 12:39:55 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\mupen64plus-bundle-win32-1.99.5 [2012/08/03 01:15:53 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Local\Ilivid Player [2012/08/03 01:15:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Searchqu Toolbar [2012/08/03 01:09:53 | 000,000,000 | ---D | C] -- C:\Win 7 [2012/08/02 16:08:04 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Roaming\ImgBurn [2012/08/02 16:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2012/08/02 16:03:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2012/08/02 15:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012/08/02 15:57:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012/08/02 15:56:54 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Roaming\BabylonToolbar [2012/08/02 15:56:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar [2012/08/02 15:56:40 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Roaming\Babylon [2012/08/02 15:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012/08/02 15:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012/08/02 15:53:36 | 000,045,056 | ---- | C] (Adaptec) -- C:\Windows\SysWow64\WNASPI32.DLL [2012/08/02 15:53:36 | 000,025,244 | ---- | C] (Adaptec) -- C:\Windows\SysWow64\drivers\ASPI32.SYS [2012/08/02 15:53:36 | 000,005,600 | ---- | C] (Adaptec) -- C:\Windows\System\WINASPI.DLL [2012/08/02 15:53:36 | 000,004,672 | ---- | C] (Adaptec) -- C:\Windows\System\WOWPOST.EXE [2012/07/29 16:00:44 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake ========== Files - Modified Within 30 Days ========== [2012/08/17 10:00:29 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/17 10:00:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/17 09:59:56 | 2134,204,415 | -HS- | M] () -- C:\hiberfil.sys [2012/08/17 09:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/17 09:08:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/17 04:06:56 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/17 04:06:56 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/17 04:06:47 | 000,778,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/17 04:06:47 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/17 04:06:47 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/17 03:38:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\ArieS\Desktop\OTL.exe [2012/08/17 03:37:19 | 002,208,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ArieS\Desktop\tdsskiller.exe [2012/08/17 02:29:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/08/17 01:56:44 | 004,732,214 | R--- | M] (Swearware) -- C:\Users\ArieS\Desktop\ComboFix.exe [2012/08/17 01:40:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\ArieS\Desktop\dds.scr [2012/08/16 13:40:30 | 000,226,744 | ---- | M] () -- C:\Users\ArieS\Desktop\Network Sharing Set Up.pdf [2012/08/16 11:23:15 | 004,835,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/08/13 13:07:37 | 000,000,132 | ---- | M] () -- C:\Users\ArieS\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012/08/13 12:44:24 | 067,402,113 | ---- | M] () -- C:\Users\ArieS\Desktop\BigNoid-Aeon-Nox-69cd9e0.zip [2012/08/12 16:11:53 | 000,132,087 | ---- | M] () -- C:\Users\ArieS\Desktop\Jaws.1975.BD25.REENCODED.VIDEO.DTSHD.rar [2012/08/07 12:35:09 | 007,479,025 | ---- | M] () -- C:\Users\ArieS\Desktop\Duke Nukem 64.zip [2012/08/07 02:30:10 | 000,982,928 | ---- | M] () -- C:\Users\ArieS\Desktop\Glide64_Napalm_PR1_2_2.zip [2012/08/07 01:43:28 | 014,929,196 | ---- | M] () -- C:\Users\ArieS\Desktop\mame0146b.exe [2012/08/05 11:37:28 | 060,517,176 | ---- | M] () -- C:\Users\ArieS\Desktop\tektagt.zip [2012/08/03 11:19:58 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2012/08/03 11:19:58 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2012/08/02 16:03:08 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012/08/02 15:59:07 | 000,384,844 | ---- | M] () -- C:\Users\ArieS\AppData\Local\funmoods-speeddial.crx [2012/08/02 15:56:52 | 000,000,764 | ---- | M] () -- C:\user.js [2012/07/26 16:05:22 | 001,029,080 | ---- | M] () -- C:\Users\ArieS\Desktop\Nexus 7.irl [2012/07/24 15:49:52 | 001,327,376 | ---- | M] () -- C:\Users\ArieS\Desktop\iRule iPod HTTP Nexus 232.irl [2012/07/23 11:22:40 | 001,230,632 | ---- | M] () -- C:\Users\ArieS\Desktop\iRule iPod 232 Nexus 232.irl [2012/07/20 15:41:00 | 000,002,022 | ---- | M] () -- C:\Users\ArieS\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk [2012/07/19 10:33:39 | 001,225,984 | ---- | M] () -- C:\Users\ArieS\Desktop\iRule Builder Backup Final (Nexus 7 & iPod).irl ========== Files Created - No Company Name ========== [2012/08/17 02:10:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/08/17 02:10:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/08/17 02:10:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/08/17 02:10:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/08/17 02:10:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/08/16 13:40:29 | 000,226,744 | ---- | C] () -- C:\Users\ArieS\Desktop\Network Sharing Set Up.pdf [2012/08/13 12:44:23 | 067,402,113 | ---- | C] () -- C:\Users\ArieS\Desktop\BigNoid-Aeon-Nox-69cd9e0.zip [2012/08/12 16:11:53 | 000,132,087 | ---- | C] () -- C:\Users\ArieS\Desktop\Jaws.1975.BD25.REENCODED.VIDEO.DTSHD.rar [2012/08/07 12:34:43 | 007,479,025 | ---- | C] () -- C:\Users\ArieS\Desktop\Duke Nukem 64.zip [2012/08/07 02:44:46 | 000,851,968 | ---- | C] () -- C:\Windows\SysWow64\usbpadcp.dll [2012/08/07 02:30:10 | 000,982,928 | ---- | C] () -- C:\Users\ArieS\Desktop\Glide64_Napalm_PR1_2_2.zip [2012/08/07 01:43:25 | 014,929,196 | ---- | C] () -- C:\Users\ArieS\Desktop\mame0146b.exe [2012/08/06 12:55:54 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/05 11:33:56 | 060,517,176 | ---- | C] () -- C:\Users\ArieS\Desktop\tektagt.zip [2012/08/02 16:05:12 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml [2012/08/02 16:05:12 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2012/08/02 16:03:08 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk [2012/08/02 16:03:08 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012/08/02 15:59:11 | 000,384,844 | ---- | C] () -- C:\Users\ArieS\AppData\Local\funmoods-speeddial.crx [2012/08/02 15:57:06 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll [2012/07/29 20:52:57 | 000,000,673 | ---- | C] () -- C:\Users\ArieS\AppData\Local\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\L\00000004.@ [2012/07/25 13:32:45 | 001,029,080 | ---- | C] () -- C:\Users\ArieS\Desktop\Nexus 7.irl [2012/07/23 11:22:40 | 001,230,632 | ---- | C] () -- C:\Users\ArieS\Desktop\iRule iPod 232 Nexus 232.irl [2012/07/23 11:00:24 | 001,327,376 | ---- | C] () -- C:\Users\ArieS\Desktop\iRule iPod HTTP Nexus 232.irl [2012/07/19 10:33:39 | 001,225,984 | ---- | C] () -- C:\Users\ArieS\Desktop\iRule Builder Backup Final (Nexus 7 & iPod).irl [2012/07/15 01:47:11 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012/05/30 03:10:17 | 000,000,132 | ---- | C] () -- C:\Users\ArieS\AppData\Roaming\Adobe BMP Format CS5 Prefs [2012/03/26 13:42:04 | 000,772,214 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/03/09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012/03/08 21:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/03/08 21:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/02/19 14:15:46 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012/02/14 14:52:39 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2012/02/13 14:33:43 | 000,917,504 | ---- | C] () -- C:\Windows\SysWow64\dtsdecoderdll.dll [2012/02/13 14:33:43 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll [2012/02/12 14:35:29 | 000,000,132 | ---- | C] () -- C:\Users\ArieS\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012/02/09 01:24:29 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2012/02/09 01:20:51 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012/02/09 01:11:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012/02/09 00:58:22 | 000,000,092 | ---- | C] () -- C:\Windows\VSWizard.ini [2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012/06/20 12:35:51 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\Audacity [2012/08/02 15:56:40 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\Babylon [2012/08/02 15:56:54 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\BabylonToolbar [2012/08/10 23:26:20 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\BitComet [2012/02/09 02:39:28 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\CometPlayer [2012/07/29 15:43:27 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\DVDVideoSoft [2012/07/31 11:17:48 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\HandBrake [2012/08/03 11:04:48 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\ImgBurn [2012/02/09 15:36:14 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\Kindel Systems [2012/02/11 11:06:01 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\mkvtoolnix [2012/07/01 17:15:19 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\MusicBrainz [2012/02/09 13:58:43 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\Notepad++ [2012/06/25 02:40:33 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012/02/09 13:11:38 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\tigerplayer [2012/02/09 14:04:01 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\Unzbin [2012/02/09 02:30:06 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\userdata [2012/08/16 23:50:06 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\XBMC [2009/07/13 22:08:49 | 000,014,152 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >
  13. Ok, I'm done for tonight. Hopefully my roommates won't mess with the computer until it's done. Thanks ali.
  14. OTL Extras logfile created on: 8/17/2012 3:46:27 AM - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\ArieS\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.98 Gb Total Physical Memory | 6.39 Gb Available Physical Memory | 80.07% Memory free 15.97 Gb Paging File | 14.14 Gb Available in Paging File | 88.54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119.24 Gb Total Space | 57.17 Gb Free Space | 47.95% Space Free | Partition Type: NTFS Drive D: | 931.51 Gb Total Space | 75.09 Gb Free Space | 8.06% Space Free | Partition Type: NTFS Drive G: | 1863.01 Gb Total Space | 35.39 Gb Free Space | 1.90% Space Free | Partition Type: NTFS Drive I: | 1863.01 Gb Total Space | 82.31 Gb Free Space | 4.42% Space Free | Partition Type: NTFS Drive K: | 1863.01 Gb Total Space | 107.66 Gb Free Space | 5.78% Space Free | Partition Type: NTFS Drive L: | 1863.01 Gb Total Space | 2.33 Gb Free Space | 0.13% Space Free | Partition Type: NTFS Drive M: | 1863.01 Gb Total Space | 100.35 Gb Free Space | 5.39% Space Free | Partition Type: NTFS Drive N: | 2794.39 Gb Total Space | 1.67 Gb Free Space | 0.06% Space Free | Partition Type: NTFS Drive O: | 2794.39 Gb Total Space | 87.67 Gb Free Space | 3.14% Space Free | Partition Type: NTFS Drive P: | 2794.39 Gb Total Space | 153.23 Gb Free Space | 5.48% Space Free | Partition Type: NTFS Computer Name: ARIES-PC | User Name: ArieS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = SeaMonkeyHTML] -- C:\Program Files (x86)\SeaMonkey\seamonkey.exe (mozilla.org) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0EDB29CF-5FFC-4824-9F13-3D1C4286CA98}_is1" = Audio Transcoder "{13815D81-44B6-7ADA-2A41-FFFC64DD6FAB}" = ccc-utility64 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.445 "{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{537056B7-32A4-4408-9B54-0341963C7C9C}" = UltraMon "{67048E0C-29A5-534C-FF67-83C4BF948D48}" = AMD Drag and Drop Transcoding "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7C5CAFD6-F51C-0011-410B-001EF3E342A7}" = AMD Media Foundation Decoders "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90CB2C55-426D-0752-968D-9B0F1110202A}" = AMD Catalyst Install Manager "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{D87047B9-BBC5-9941-00B4-719B9E56CACC}" = ATI AVIVO64 Codecs "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "MediaInfo" = MediaInfo 0.7.56 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "WinRAR archiver" = WinRAR 4.10 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional "{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema 1.6.0.4014 "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5 "{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese "{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian "{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common "{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish "{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish "{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai "{3BC2C64B-0DA0-974B-6311-AED4F3711DCE}" = CCC Help Danish "{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{5BAC4DE5-4062-EE34-3337-5F92FE5D5032}" = CCC Help Spanish "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{65589581-920C-CAE1-58C2-2149D3AA3F39}" = HydraVision "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean "{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA68AAAE-41F0-40B5-8896-5947F5FD6889}" = AirPort "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{AFC71277-DE19-6505-8CBC-71D29163F44A}" = CCC Help German "{B3406262-5701-E9CC-D6B3-BA38C34125A9}" = CCC Help English "{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers "{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter "{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding "{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech "{C7068E1F-22C6-9408-7B24-584F32F66D70}" = CCC Help Finnish "{C87B855D-DD8F-E419-C640-34936E813EA9}" = CCC Help Greek "{C8FAFAEE-94E2-43D9-8046-87F96D0FD7CF}" = Fantapper Player "{CC2BAF9A-926F-791D-772C-F582CD8A47B0}" = Catalyst Control Center InstallProxy "{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian "{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "{E77A53A2-4623-4635-AE7F-702152168EE5}" = Google Drive "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese "{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = Catalyst Control Center "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All "7-Zip" = 7-Zip 9.22beta "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AnyDVD" = AnyDVD "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode) "AutocompletePro3_is1" = AutocompletePro "avast" = avast! Free Antivirus "AviSynth" = AviSynth 2.5 "BabylonToolbar" = Babylon toolbar on IE "BitComet_x64" = BitComet 1.31 64-bit "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Double Dragon_is1" = Double Dragon "ffdshow_is1" = ffdshow v1.1.4305 [2012-02-05] "Free Audio Converter_is1" = Free Audio Converter version 5.0.13.608 "Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.15.706 "Google Chrome" = Google Chrome "HaaliMkx" = Haali Media Splitter "HandBrake" = HandBrake 0.9.8 "ImgBurn" = ImgBurn "incredibar" = Incredibar Toolbar on IE "InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "lavfilters_is1" = LAV Filters 0.45 "MakeMKV" = MakeMKV v1.7.6 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "MCE Controller" = MCE Controller 1.3.3 "MKVToolNix" = MKVToolNix 5.5.0 "MpcStar" = MpcStar 5.4 "MusicBrainz Picard" = MusicBrainz Picard "QuickPar" = QuickPar 0.9 "SABnzbd" = SABnzbd 0.6.15 "SeaMonkey (2.11)" = SeaMonkey (2.11) "Searchqu Toolbar" = Searchqu Toolbar "Unzbin" = Unzbin Usenet NZB Client "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 1.1.11 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "XBMC" = XBMC ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 8/17/2012 5:02:06 AM | Computer Name = ArieS-PC | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x74b9c9f1 Faulting process id: 0x1510 Faulting application start time: 0x01cd7c56f9eb5104 Faulting application path: C:\Windows\SysWOW64\svchost.exe Faulting module path: unknown Report Id: 3797eb8d-e84a-11e1-bbea-1c6f65d96c81 Error - 8/17/2012 5:03:06 AM | Computer Name = ArieS-PC | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x74b9c9f1 Faulting process id: 0x1d54 Faulting application start time: 0x01cd7c571dc03454 Faulting application path: C:\Windows\SysWOW64\svchost.exe Faulting module path: unknown Report Id: 5b6ccedd-e84a-11e1-bbea-1c6f65d96c81 Error - 8/17/2012 5:04:06 AM | Computer Name = ArieS-PC | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x74b9c9f1 Faulting process id: 0x1424 Faulting application start time: 0x01cd7c574192a69b Faulting application path: C:\Windows\SysWOW64\svchost.exe Faulting module path: unknown Report Id: 7f4079a9-e84a-11e1-bbea-1c6f65d96c81 Error - 8/17/2012 5:10:36 AM | Computer Name = ArieS-PC | Source = WinMgmt | ID = 10 Description = Error - 8/17/2012 5:17:31 AM | Computer Name = ArieS-PC | Source = WinMgmt | ID = 10 Description = Error - 8/17/2012 5:20:51 AM | Computer Name = ArieS-PC | Source = Application Error | ID = 1000 Description = Faulting application name: findstr.exe, version: 6.1.7601.17514, time stamp: 0x4ce794a1 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000009970a Faulting process id: 0x125c Faulting application start time: 0x01cd7c599803fd40 Faulting application path: C:\Windows\system32\findstr.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: d5ee6be8-e84c-11e1-b038-1c6f65d96c81 Error - 8/17/2012 5:22:07 AM | Computer Name = ArieS-PC | Source = Application Error | ID = 1000 Description = Faulting application name: findstr.exe, version: 6.1.7601.17514, time stamp: 0x4ce794a1 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000009970a Faulting process id: 0x1404 Faulting application start time: 0x01cd7c59c59896bf Faulting application path: C:\Windows\system32\findstr.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 034521a0-e84d-11e1-b038-1c6f65d96c81 Error - 8/17/2012 5:24:12 AM | Computer Name = ArieS-PC | Source = Application Error | ID = 1000 Description = Faulting application name: findstr.exe, version: 6.1.7601.17514, time stamp: 0x4ce794a1 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000009970a Faulting process id: 0x984 Faulting application start time: 0x01cd7c5a0ff211ce Faulting application path: C:\Windows\system32\findstr.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 4d9e9cae-e84d-11e1-b038-1c6f65d96c81 Error - 8/17/2012 5:30:50 AM | Computer Name = ArieS-PC | Source = WinMgmt | ID = 10 Description = Error - 8/17/2012 5:45:32 AM | Computer Name = ArieS-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 8/17/2012 5:22:04 AM | Computer Name = ArieS-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 8/17/2012 5:25:29 AM | Computer Name = ArieS-PC | Source = Application Popup | ID = 1060 Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 8/17/2012 5:26:32 AM | Computer Name = ArieS-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 8/17/2012 5:26:34 AM | Computer Name = ArieS-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 8/17/2012 5:28:55 AM | Computer Name = ArieS-PC | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 8/17/2012 5:29:29 AM | Computer Name = ArieS-PC | Source = Service Control Manager | ID = 7023 Description = The Windows Defender service terminated with the following error: %%126 Error - 8/17/2012 5:29:30 AM | Computer Name = ArieS-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: ASPI32 Error - 8/17/2012 5:43:36 AM | Computer Name = ArieS-PC | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 8/17/2012 5:43:53 AM | Computer Name = ArieS-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: ASPI32 Error - 8/17/2012 5:43:54 AM | Computer Name = ArieS-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk3\DR3. < End of report >
  15. OTL logfile created on: 8/17/2012 3:46:27 AM - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\ArieS\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.98 Gb Total Physical Memory | 6.39 Gb Available Physical Memory | 80.07% Memory free 15.97 Gb Paging File | 14.14 Gb Available in Paging File | 88.54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119.24 Gb Total Space | 57.17 Gb Free Space | 47.95% Space Free | Partition Type: NTFS Drive D: | 931.51 Gb Total Space | 75.09 Gb Free Space | 8.06% Space Free | Partition Type: NTFS Drive G: | 1863.01 Gb Total Space | 35.39 Gb Free Space | 1.90% Space Free | Partition Type: NTFS Drive I: | 1863.01 Gb Total Space | 82.31 Gb Free Space | 4.42% Space Free | Partition Type: NTFS Drive K: | 1863.01 Gb Total Space | 107.66 Gb Free Space | 5.78% Space Free | Partition Type: NTFS Drive L: | 1863.01 Gb Total Space | 2.33 Gb Free Space | 0.13% Space Free | Partition Type: NTFS Drive M: | 1863.01 Gb Total Space | 100.35 Gb Free Space | 5.39% Space Free | Partition Type: NTFS Drive N: | 2794.39 Gb Total Space | 1.67 Gb Free Space | 0.06% Space Free | Partition Type: NTFS Drive O: | 2794.39 Gb Total Space | 87.67 Gb Free Space | 3.14% Space Free | Partition Type: NTFS Drive P: | 2794.39 Gb Total Space | 153.23 Gb Free Space | 5.48% Space Free | Partition Type: NTFS Computer Name: ARIES-PC | User Name: ArieS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/17 03:38:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\ArieS\Desktop\OTL.exe PRC - [2012/07/30 09:14:34 | 006,241,952 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe PRC - [2012/07/25 07:29:02 | 001,890,744 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe PRC - [2012/07/20 15:17:14 | 012,218,904 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe PRC - [2012/07/15 02:03:34 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe PRC - [2012/05/24 15:23:28 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe PRC - [2012/01/09 01:18:40 | 000,208,896 | ---- | M] (Kindel Systems) -- C:\Program Files (x86)\Kindel Systems\MCE Controller\MCEControl.exe PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/11/28 11:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011/11/28 11:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2010/08/25 22:35:22 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe PRC - [2009/12/21 09:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe PRC - [2009/11/11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe ========== Modules (No Company Name) ========== MOD - [2012/08/17 02:43:49 | 001,018,368 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\windows._cacheinvalidation.pyd MOD - [2012/08/17 02:43:49 | 000,792,576 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\wx._gdi_.pyd MOD - [2012/08/17 02:43:49 | 000,571,392 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\pysqlite2._sqlite.pyd MOD - [2012/08/17 02:43:49 | 000,263,168 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\win32com.shell.shell.pyd MOD - [2012/08/17 02:43:49 | 000,153,088 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\pyexpat.pyd MOD - [2012/08/17 02:43:49 | 000,096,256 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\win32api.pyd MOD - [2012/08/17 02:43:49 | 000,086,016 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\_elementtree.pyd MOD - [2012/08/17 02:43:49 | 000,073,728 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\_ctypes.pyd MOD - [2012/08/17 02:43:49 | 000,070,656 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\wx._html2.pyd MOD - [2012/08/17 02:43:49 | 000,040,448 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\_socket.pyd MOD - [2012/08/17 02:43:49 | 000,011,776 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\win32crypt.pyd MOD - [2012/08/17 02:43:48 | 001,169,408 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\wx._core_.pyd MOD - [2012/08/17 02:43:48 | 001,056,256 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\wx._controls_.pyd MOD - [2012/08/17 02:43:48 | 000,807,424 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\wx._windows_.pyd MOD - [2012/08/17 02:43:48 | 000,731,136 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\wx._misc_.pyd MOD - [2012/08/17 02:43:48 | 000,645,120 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\_ssl.pyd MOD - [2012/08/17 02:43:48 | 000,585,728 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\unicodedata.pyd MOD - [2012/08/17 02:43:48 | 000,354,304 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\pythoncom26.dll MOD - [2012/08/17 02:43:48 | 000,311,808 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\_hashlib.pyd MOD - [2012/08/17 02:43:48 | 000,121,856 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\wx._wizard.pyd MOD - [2012/08/17 02:43:48 | 000,111,104 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\win32file.pyd MOD - [2012/08/17 02:43:48 | 000,110,592 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\PyWinTypes26.dll MOD - [2012/08/17 02:43:48 | 000,039,424 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\win32inet.pyd MOD - [2012/08/17 02:43:48 | 000,036,352 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\win32process.pyd MOD - [2012/08/17 02:43:48 | 000,022,528 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\win32pdh.pyd MOD - [2012/08/17 02:43:48 | 000,017,920 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\win32event.pyd MOD - [2012/08/17 02:43:48 | 000,011,776 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Temp\_MEI20442\select.pyd MOD - [2012/08/02 22:33:52 | 000,133,632 | ---- | M] () -- C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll MOD - [2012/06/27 18:38:52 | 000,531,968 | ---- | M] () -- C:\Users\ArieS\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll MOD - [2012/06/14 09:57:34 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/14 09:57:30 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll MOD - [2012/06/14 03:01:14 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/05/12 00:01:13 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll MOD - [2012/05/11 23:58:36 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/11 23:58:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/11 23:58:33 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/11 23:58:30 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/05/24 15:23:28 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV:64bit: - [2012/03/08 22:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/11/28 11:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2010/12/28 01:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE) SRV:64bit: - [2010/04/06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/08/14 20:46:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/05/01 16:35:23 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2012/03/08 23:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/03/08 20:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/12/02 19:38:08 | 000,239,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2011/11/28 10:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2011/11/28 10:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2011/11/28 10:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) DRV:64bit: - [2011/11/28 10:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2011/11/28 10:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2011/11/28 10:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2011/10/17 10:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/07 02:22:00 | 000,065,280 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011/03/07 02:22:00 | 000,040,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2011/01/15 09:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2011/01/13 04:58:00 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/01/10 19:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010/11/20 20:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 20:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010/11/20 20:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/20 20:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/09/21 10:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2012/05/01 16:35:23 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008/11/14 03:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility) DRV - [2008/07/26 22:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- D:\Stuff from XP\RealTemp_360\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0DzyyC0CzztC0CtA0BtDtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=684643346 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0DzyyC0CzztC0CtA0BtDtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=684643346 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0DzyyC0CzztC0CtA0BtDtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=684643346 IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0DzyyC0CzztC0CtA0BtDtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=684643346 IE - HKLM\..\SearchScopes\{6948A73E-7547-7097-31B0-4A719654C8CF}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.babylon.com/?affID=113959&tt=010812_ctrl_3112_3&babsrc=HP_ss&mntrId=d877c3b00000000000001c6f65d96c81 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D1 1F ED 85 04 E7 CC 01 [binary data] IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0DzyyC0CzztC0CtA0BtDtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=684643346 IE - HKCU\..\SearchScopes\{6948A73E-7547-7097-31B0-4A719654C8CF}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113959&tt=010812_ctrl_3112_3&babsrc=SP_ss&mntrId=d877c3b00000000000001c6f65d96c81 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb161/?search={searchTerms}&loc=IB_DS&a=6PQAM7umOE&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.com" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/06/17 12:14:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/06/17 12:14:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.11\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2012/07/20 15:41:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.11\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins [2012/02/09 02:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArieS\AppData\Roaming\Mozilla\Extensions [2012/06/14 10:28:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArieS\AppData\Roaming\Mozilla\SeaMonkey\Profiles\7u709t5g.default\extensions [2012/04/12 15:40:19 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\ArieS\AppData\Roaming\Mozilla\SeaMonkey\Profiles\7u709t5g.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2012/06/14 10:28:38 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\ArieS\AppData\Roaming\Mozilla\SeaMonkey\Profiles\7u709t5g.default\extensions\inspector@mozilla.org [2012/06/17 12:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/03/26 13:24:04 | 000,210,138 | ---- | M] () (No name found) -- C:\USERS\ARIES\APPDATA\ROAMING\MOZILLA\SEAMONKEY\PROFILES\7U709T5G.DEFAULT\EXTENSIONS\{F13B157F-B174-47E7-A34D-4815DDFDFEB8}.XPI ========== Chrome ========== CHR - homepage: http://www.google.com CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=139&systemid=406&sr=0&q={searchTerms} CHR - default_search_provider: suggest_url = , CHR - homepage: http://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: YouTube = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: SpeedDial = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\ CHR - Extension: Google Search = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Babylon Toolbar = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\ CHR - Extension: Web Assistant = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.445_0\ CHR - Extension: avast! WebRep = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\ CHR - Extension: Gmail = C:\Users\ArieS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/08/17 02:29:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll File not found O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - Startup: C:\Users\ArieS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MCEControl.exe - Shortcut.lnk = C:\Program Files (x86)\Kindel Systems\MCE Controller\MCEControl.exe (Kindel Systems) O4 - Startup: C:\Users\ArieS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RealTempGT.exe - Shortcut.lnk = D:\Stuff from XP\RealTemp_360\RealTempGT.exe (uWebb Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EDF4867-E3C3-4A9B-AA92-BE130AE133F3}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/03/25 02:25:06 | 000,000,000 | R--D | M] - D:\autorun -- [ NTFS ] O32 - AutoRun File - [2011/07/15 15:57:53 | 000,000,000 | R--D | M] - I:\autorun -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/17 03:38:10 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\ArieS\Desktop\OTL.exe [2012/08/17 03:37:14 | 002,208,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ArieS\Desktop\tdsskiller.exe [2012/08/17 02:35:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/08/17 02:10:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/08/17 02:10:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/08/17 02:10:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/08/17 02:00:19 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012/08/17 01:59:01 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/08/17 01:58:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/08/17 01:56:43 | 004,732,214 | R--- | C] (Swearware) -- C:\Users\ArieS\Desktop\ComboFix.exe [2012/08/17 01:40:03 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\ArieS\Desktop\dds.scr [2012/08/16 12:58:37 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Local\ElevatedDiagnostics [2012/08/15 15:33:34 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\Wallpapers [2012/08/14 02:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/08/14 02:37:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012/08/14 02:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/08/13 12:44:47 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\-Aeon Nox-Backup [2012/08/12 16:12:26 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\Jaws.1975.BD25.REENCODED.VIDEO.DTSHD [2012/08/10 16:01:14 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\Pics [2012/08/09 02:56:02 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\Drivers [2012/08/07 02:44:46 | 000,049,206 | ---- | C] (SAD) -- C:\Windows\SysWow64\usbpadff.dll [2012/08/07 02:30:39 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\Glide64_Napalm_PR1_2_2 [2012/08/07 02:30:24 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\Roms [2012/08/07 01:58:27 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6 [2012/08/07 01:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project64 1.6 [2012/08/07 01:53:27 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\MameUI64_0.146 [2012/08/07 01:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mame [2012/08/06 12:39:55 | 000,000,000 | ---D | C] -- C:\Users\ArieS\Desktop\mupen64plus-bundle-win32-1.99.5 [2012/08/03 01:15:53 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Local\Ilivid Player [2012/08/03 01:15:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Searchqu Toolbar [2012/08/03 01:09:53 | 000,000,000 | ---D | C] -- C:\Win 7 [2012/08/02 16:08:04 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Roaming\ImgBurn [2012/08/02 16:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2012/08/02 16:03:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2012/08/02 15:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012/08/02 15:57:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012/08/02 15:56:54 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Roaming\BabylonToolbar [2012/08/02 15:56:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar [2012/08/02 15:56:40 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Roaming\Babylon [2012/08/02 15:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012/08/02 15:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012/08/02 15:53:36 | 000,045,056 | ---- | C] (Adaptec) -- C:\Windows\SysWow64\WNASPI32.DLL [2012/08/02 15:53:36 | 000,025,244 | ---- | C] (Adaptec) -- C:\Windows\SysWow64\drivers\ASPI32.SYS [2012/08/02 15:53:36 | 000,005,600 | ---- | C] (Adaptec) -- C:\Windows\System\WINASPI.DLL [2012/08/02 15:53:36 | 000,004,672 | ---- | C] (Adaptec) -- C:\Windows\System\WOWPOST.EXE [2012/07/29 16:00:44 | 000,000,000 | ---D | C] -- C:\Users\ArieS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake [10372 C:\Users\ArieS\AppData\Local\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\*.tmp files -> C:\Users\ArieS\AppData\Local\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/17 03:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/17 03:38:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\ArieS\Desktop\OTL.exe [2012/08/17 03:37:19 | 002,208,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ArieS\Desktop\tdsskiller.exe [2012/08/17 03:08:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/17 02:50:55 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/17 02:50:55 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/17 02:49:48 | 000,778,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/17 02:49:48 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/17 02:49:48 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/17 02:43:54 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/17 02:43:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/17 02:43:38 | 2134,204,415 | -HS- | M] () -- C:\hiberfil.sys [2012/08/17 02:29:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/08/17 01:56:44 | 004,732,214 | R--- | M] (Swearware) -- C:\Users\ArieS\Desktop\ComboFix.exe [2012/08/17 01:40:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\ArieS\Desktop\dds.scr [2012/08/16 13:40:30 | 000,226,744 | ---- | M] () -- C:\Users\ArieS\Desktop\Network Sharing Set Up.pdf [2012/08/16 11:23:15 | 004,835,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/08/13 13:07:37 | 000,000,132 | ---- | M] () -- C:\Users\ArieS\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012/08/13 12:44:24 | 067,402,113 | ---- | M] () -- C:\Users\ArieS\Desktop\BigNoid-Aeon-Nox-69cd9e0.zip [2012/08/12 16:11:53 | 000,132,087 | ---- | M] () -- C:\Users\ArieS\Desktop\Jaws.1975.BD25.REENCODED.VIDEO.DTSHD.rar [2012/08/07 12:35:09 | 007,479,025 | ---- | M] () -- C:\Users\ArieS\Desktop\Duke Nukem 64.zip [2012/08/07 02:30:10 | 000,982,928 | ---- | M] () -- C:\Users\ArieS\Desktop\Glide64_Napalm_PR1_2_2.zip [2012/08/07 01:43:28 | 014,929,196 | ---- | M] () -- C:\Users\ArieS\Desktop\mame0146b.exe [2012/08/05 11:37:28 | 060,517,176 | ---- | M] () -- C:\Users\ArieS\Desktop\tektagt.zip [2012/08/03 11:19:58 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2012/08/03 11:19:58 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2012/08/02 16:03:08 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012/08/02 15:59:07 | 000,384,844 | ---- | M] () -- C:\Users\ArieS\AppData\Local\funmoods-speeddial.crx [2012/08/02 15:56:52 | 000,000,764 | ---- | M] () -- C:\user.js [2012/07/26 16:05:22 | 001,029,080 | ---- | M] () -- C:\Users\ArieS\Desktop\Nexus 7.irl [2012/07/24 15:49:52 | 001,327,376 | ---- | M] () -- C:\Users\ArieS\Desktop\iRule iPod HTTP Nexus 232.irl [2012/07/23 11:22:40 | 001,230,632 | ---- | M] () -- C:\Users\ArieS\Desktop\iRule iPod 232 Nexus 232.irl [2012/07/20 15:41:00 | 000,002,022 | ---- | M] () -- C:\Users\ArieS\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk [2012/07/19 10:33:39 | 001,225,984 | ---- | M] () -- C:\Users\ArieS\Desktop\iRule Builder Backup Final (Nexus 7 & iPod).irl ========== Files Created - No Company Name ========== [2012/08/17 02:10:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/08/17 02:10:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/08/17 02:10:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/08/17 02:10:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/08/17 02:10:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/08/16 13:40:29 | 000,226,744 | ---- | C] () -- C:\Users\ArieS\Desktop\Network Sharing Set Up.pdf [2012/08/13 12:44:23 | 067,402,113 | ---- | C] () -- C:\Users\ArieS\Desktop\BigNoid-Aeon-Nox-69cd9e0.zip [2012/08/12 16:11:53 | 000,132,087 | ---- | C] () -- C:\Users\ArieS\Desktop\Jaws.1975.BD25.REENCODED.VIDEO.DTSHD.rar [2012/08/07 12:34:43 | 007,479,025 | ---- | C] () -- C:\Users\ArieS\Desktop\Duke Nukem 64.zip [2012/08/07 02:44:46 | 000,851,968 | ---- | C] () -- C:\Windows\SysWow64\usbpadcp.dll [2012/08/07 02:30:10 | 000,982,928 | ---- | C] () -- C:\Users\ArieS\Desktop\Glide64_Napalm_PR1_2_2.zip [2012/08/07 01:43:25 | 014,929,196 | ---- | C] () -- C:\Users\ArieS\Desktop\mame0146b.exe [2012/08/06 12:55:54 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/06 12:51:03 | 000,002,048 | ---- | C] () -- C:\Users\ArieS\AppData\Local\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\00000004.@ [2012/08/06 12:51:03 | 000,001,632 | ---- | C] () -- C:\Users\ArieS\AppData\Local\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\000000cb.@ [2012/08/06 12:50:50 | 000,092,160 | ---- | C] () -- C:\Users\ArieS\AppData\Local\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\80000032.@ [2012/08/05 11:33:56 | 060,517,176 | ---- | C] () -- C:\Users\ArieS\Desktop\tektagt.zip [2012/08/02 16:05:12 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml [2012/08/02 16:05:12 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2012/08/02 16:03:08 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk [2012/08/02 16:03:08 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012/08/02 15:59:11 | 000,384,844 | ---- | C] () -- C:\Users\ArieS\AppData\Local\funmoods-speeddial.crx [2012/08/02 15:57:06 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll [2012/07/29 20:52:57 | 000,000,673 | ---- | C] () -- C:\Users\ArieS\AppData\Local\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\L\00000004.@ [2012/07/25 13:32:45 | 001,029,080 | ---- | C] () -- C:\Users\ArieS\Desktop\Nexus 7.irl [2012/07/23 11:22:40 | 001,230,632 | ---- | C] () -- C:\Users\ArieS\Desktop\iRule iPod 232 Nexus 232.irl [2012/07/23 11:00:24 | 001,327,376 | ---- | C] () -- C:\Users\ArieS\Desktop\iRule iPod HTTP Nexus 232.irl [2012/07/22 10:07:19 | 000,232,960 | ---- | C] () -- C:\Users\ArieS\AppData\Local\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\00000008.@ [2012/07/22 10:07:18 | 000,080,896 | ---- | C] () -- C:\Users\ArieS\AppData\Local\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\80000064.@ [2012/07/22 10:07:12 | 000,016,896 | ---- | C] () -- C:\Users\ArieS\AppData\Local\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\80000000.@ [2012/07/19 10:33:39 | 001,225,984 | ---- | C] () -- C:\Users\ArieS\Desktop\iRule Builder Backup Final (Nexus 7 & iPod).irl [2012/07/15 01:47:11 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012/05/30 03:10:17 | 000,000,132 | ---- | C] () -- C:\Users\ArieS\AppData\Roaming\Adobe BMP Format CS5 Prefs [2012/03/26 13:42:04 | 000,772,214 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/03/09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012/03/08 21:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/03/08 21:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/02/19 14:15:46 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012/02/14 14:52:39 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2012/02/13 14:33:43 | 000,917,504 | ---- | C] () -- C:\Windows\SysWow64\dtsdecoderdll.dll [2012/02/13 14:33:43 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll [2012/02/12 14:35:29 | 000,000,132 | ---- | C] () -- C:\Users\ArieS\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012/02/09 11:48:09 | 000,002,048 | -HS- | C] () -- C:\Users\ArieS\AppData\Local\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\@ [2012/02/09 01:24:29 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2012/02/09 01:20:51 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012/02/09 01:11:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012/02/09 00:58:22 | 000,000,092 | ---- | C] () -- C:\Windows\VSWizard.ini [2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012/06/20 12:35:51 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\Audacity [2012/08/02 15:56:40 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\Babylon [2012/08/02 15:56:54 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\BabylonToolbar [2012/08/10 23:26:20 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\BitComet [2012/02/09 02:39:28 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\CometPlayer [2012/07/29 15:43:27 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\DVDVideoSoft [2012/07/31 11:17:48 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\HandBrake [2012/08/03 11:04:48 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\ImgBurn [2012/02/09 15:36:14 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\Kindel Systems [2012/02/11 11:06:01 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\mkvtoolnix [2012/07/01 17:15:19 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\MusicBrainz [2012/02/09 13:58:43 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\Notepad++ [2012/06/25 02:40:33 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012/02/09 13:11:38 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\tigerplayer [2012/02/09 14:04:01 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\Unzbin [2012/02/09 02:30:06 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\userdata [2012/08/16 23:50:06 | 000,000,000 | ---D | M] -- C:\Users\ArieS\AppData\Roaming\XBMC [2009/07/13 22:08:49 | 000,013,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >
  16. 03:38:54.0106 7360 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05 03:38:54.0558 7360 ============================================================ 03:38:54.0558 7360 Current date / time: 2012/08/17 03:38:54.0558 03:38:54.0558 7360 SystemInfo: 03:38:54.0558 7360 03:38:54.0558 7360 OS Version: 6.1.7601 ServicePack: 1.0 03:38:54.0558 7360 Product type: Workstation 03:38:54.0558 7360 ComputerName: ARIES-PC 03:38:54.0558 7360 UserName: ArieS 03:38:54.0558 7360 Windows directory: C:\Windows 03:38:54.0558 7360 System windows directory: C:\Windows 03:38:54.0558 7360 Running under WOW64 03:38:54.0558 7360 Processor architecture: Intel x64 03:38:54.0558 7360 Number of processors: 8 03:38:54.0558 7360 Page size: 0x1000 03:38:54.0558 7360 Boot type: Normal boot 03:38:54.0558 7360 ============================================================ 03:39:08.0189 7360 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 03:39:08.0198 7360 Drive \Device\Harddisk1\DR1 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 03:39:08.0224 7360 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 03:39:08.0438 7360 Drive \Device\Harddisk3\DR3 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 03:39:08.0639 7360 Drive \Device\Harddisk4\DR4 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 03:39:09.0126 7360 Drive \Device\Harddisk5\DR5 - Size: 0x2BAA1476000 (2794.52 Gb), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 03:39:09.0327 7360 Drive \Device\Harddisk6\DR6 - Size: 0x2BAA1476000 (2794.52 Gb), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 03:39:09.0528 7360 Drive \Device\Harddisk7\DR7 - Size: 0x2BAA1476000 (2794.52 Gb), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 03:39:09.0530 7360 Drive \Device\Harddisk8\DR8 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 03:39:16.0453 7360 Drive \Device\Harddisk9\DR9 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 03:39:23.0549 7360 ============================================================ 03:39:23.0549 7360 \Device\Harddisk0\DR0: 03:39:23.0555 7360 MBR partitions: 03:39:23.0555 7360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482 03:39:23.0556 7360 \Device\Harddisk1\DR1: 03:39:23.0556 7360 MBR partitions: 03:39:23.0556 7360 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xEE7B000 03:39:23.0556 7360 \Device\Harddisk2\DR2: 03:39:23.0652 7360 MBR partitions: 03:39:23.0652 7360 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800 03:39:23.0652 7360 \Device\Harddisk3\DR3: 03:39:23.0652 7360 MBR partitions: 03:39:23.0653 7360 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800 03:39:23.0653 7360 \Device\Harddisk4\DR4: 03:39:23.0653 7360 MBR partitions: 03:39:23.0653 7360 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E074C1 03:39:23.0653 7360 \Device\Harddisk5\DR5: 03:39:23.0653 7360 GPT partitions: 03:39:23.0654 7360 \Device\Harddisk5\DR5\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {1B87579F-53AD-4A3B-8047-F9F1B231AE06}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000 03:39:23.0654 7360 \Device\Harddisk5\DR5\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {B855F2A5-02DB-41FA-A68C-C57DA37C1F14}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x5D4C9800 03:39:23.0654 7360 MBR partitions: 03:39:23.0654 7360 \Device\Harddisk6\DR6: 03:39:23.0654 7360 GPT partitions: 03:39:23.0655 7360 \Device\Harddisk6\DR6\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {3DC2E227-9E36-4824-84E5-214B9F5CFB72}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000 03:39:23.0655 7360 \Device\Harddisk6\DR6\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {18AE833C-CC1A-4596-8449-C2D0B830DDB0}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x5D4C9800 03:39:23.0655 7360 MBR partitions: 03:39:23.0655 7360 \Device\Harddisk7\DR7: 03:39:23.0655 7360 GPT partitions: 03:39:23.0677 7360 \Device\Harddisk7\DR7\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {8FCC4A77-751B-412B-A16A-677B8BEA32C5}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000 03:39:23.0677 7360 \Device\Harddisk7\DR7\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {10808B00-2C1F-47AD-8215-BF73884435AD}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x5D4C9800 03:39:23.0677 7360 MBR partitions: 03:39:23.0677 7360 \Device\Harddisk8\DR8: 03:39:23.0677 7360 MBR partitions: 03:39:23.0677 7360 \Device\Harddisk8\DR8\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x747065B0 03:39:23.0677 7360 \Device\Harddisk9\DR9: 03:39:23.0678 7360 MBR partitions: 03:39:23.0678 7360 \Device\Harddisk9\DR9\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000 03:39:23.0678 7360 ============================================================ 03:39:23.0680 7360 C: <-> \Device\Harddisk1\DR1\Partition1 03:39:23.0706 7360 I: <-> \Device\Harddisk9\DR9\Partition1 03:39:24.0139 7360 O: <-> \Device\Harddisk6\DR6\Partition2 03:39:24.0560 7360 N: <-> \Device\Harddisk5\DR5\Partition2 03:39:24.0597 7360 L: <-> \Device\Harddisk4\DR4\Partition1 03:39:25.0007 7360 M: <-> \Device\Harddisk3\DR3\Partition1 03:39:25.0047 7360 K: <-> \Device\Harddisk2\DR2\Partition1 03:39:25.0068 7360 G: <-> \Device\Harddisk0\DR0\Partition1 03:39:25.0108 7360 D: <-> \Device\Harddisk8\DR8\Partition1 03:39:25.0133 7360 P: <-> \Device\Harddisk7\DR7\Partition2 03:39:25.0133 7360 ============================================================ 03:39:25.0133 7360 Initialize success 03:39:25.0133 7360 ============================================================ 03:40:25.0316 1256 ============================================================ 03:40:25.0316 1256 Scan started 03:40:25.0316 1256 Mode: Manual; SigCheck; TDLFS; 03:40:25.0316 1256 ============================================================ 03:40:25.0465 1256 ================ Scan services ============================= 03:40:25.0507 1256 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 03:40:25.0573 1256 1394ohci - ok 03:40:25.0579 1256 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 03:40:25.0596 1256 ACPI - ok 03:40:25.0598 1256 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 03:40:25.0610 1256 AcpiPmi - ok 03:40:25.0615 1256 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 03:40:25.0621 1256 AdobeARMservice - ok 03:40:25.0641 1256 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 03:40:25.0650 1256 AdobeFlashPlayerUpdateSvc - ok 03:40:25.0656 1256 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 03:40:25.0671 1256 adp94xx - ok 03:40:25.0676 1256 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 03:40:25.0687 1256 adpahci - ok 03:40:25.0691 1256 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 03:40:25.0701 1256 adpu320 - ok 03:40:25.0704 1256 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 03:40:25.0727 1256 AeLookupSvc - ok 03:40:25.0733 1256 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys 03:40:25.0747 1256 AFD - ok 03:40:25.0750 1256 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 03:40:25.0758 1256 agp440 - ok 03:40:25.0760 1256 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe 03:40:25.0770 1256 ALG - ok 03:40:25.0772 1256 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys 03:40:25.0779 1256 aliide - ok 03:40:25.0782 1256 [ 2aed9a422ea1574c7d7ef9359a417718 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 03:40:25.0796 1256 AMD External Events Utility - ok 03:40:25.0798 1256 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys 03:40:25.0805 1256 amdide - ok 03:40:25.0808 1256 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 03:40:25.0817 1256 AmdK8 - ok 03:40:25.0888 1256 [ bfa5e854959d5546d8834ca61f4ad075 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 03:40:25.0996 1256 amdkmdag - ok 03:40:26.0003 1256 [ 92d664fffcd9e742fb25254f7f458d88 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 03:40:26.0015 1256 amdkmdap - ok 03:40:26.0018 1256 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 03:40:26.0028 1256 AmdPPM - ok 03:40:26.0030 1256 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 03:40:26.0039 1256 amdsata - ok 03:40:26.0042 1256 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 03:40:26.0053 1256 amdsbs - ok 03:40:26.0055 1256 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 03:40:26.0061 1256 amdxata - ok 03:40:26.0065 1256 [ 147866af11f5eab84c52436c9cae3693 ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys 03:40:26.0076 1256 AnyDVD - ok 03:40:26.0079 1256 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys 03:40:26.0101 1256 AppID - ok 03:40:26.0104 1256 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 03:40:26.0126 1256 AppIDSvc - ok 03:40:26.0129 1256 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll 03:40:26.0151 1256 Appinfo - ok 03:40:26.0155 1256 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 03:40:26.0162 1256 Apple Mobile Device - ok 03:40:26.0164 1256 [ 6be11ad81d4527d299f0cb5f3731aabc ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys 03:40:26.0170 1256 AppleCharger - ok 03:40:26.0172 1256 [ 95ef7247c50c7241fdae39a9b3aff4ae ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe 03:40:26.0180 1256 AppleChargerSrv - ok 03:40:26.0184 1256 [ 4aba3e75a76195a3e38ed2766c962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 03:40:26.0195 1256 AppMgmt - ok 03:40:26.0198 1256 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\drivers\arc.sys 03:40:26.0206 1256 arc - ok 03:40:26.0209 1256 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\drivers\arcsas.sys 03:40:26.0217 1256 arcsas - ok 03:40:26.0221 1256 ASPI32 - ok 03:40:26.0231 1256 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 03:40:26.0239 1256 aspnet_state - ok 03:40:26.0241 1256 [ ce6d8bcc4787704ea4feeb92b0d0caf8 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 03:40:26.0248 1256 aswFsBlk - ok 03:40:26.0251 1256 [ 0debeb2e3fbd0bf5343125cce617f105 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 03:40:26.0258 1256 aswMonFlt - ok 03:40:26.0260 1256 [ 952edc2e81f85d1781958d4128bf59f8 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys 03:40:26.0266 1256 aswRdr - ok 03:40:26.0272 1256 [ dd383e2ac941c545a85ab72503da6c12 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 03:40:26.0284 1256 aswSnx - ok 03:40:26.0289 1256 [ ef5403fb8b2dcb791ec365fdf6040a4a ] aswSP C:\Windows\system32\drivers\aswSP.sys 03:40:26.0298 1256 aswSP - ok 03:40:26.0301 1256 [ 34165da5c6b30c0f9d61246bf8a28040 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 03:40:26.0307 1256 aswTdi - ok 03:40:26.0309 1256 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 03:40:26.0331 1256 AsyncMac - ok 03:40:26.0333 1256 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys 03:40:26.0340 1256 atapi - ok 03:40:26.0344 1256 [ 230cf51113cd4b830b3bfd09b0d4c066 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 03:40:26.0351 1256 AtiHDAudioService - ok 03:40:26.0359 1256 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 03:40:26.0388 1256 AudioEndpointBuilder - ok 03:40:26.0395 1256 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 03:40:26.0419 1256 AudioSrv - ok 03:40:26.0423 1256 [ 996e6d052438e8d8dfd501f31560b2e0 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 03:40:26.0430 1256 avast! Antivirus - ok 03:40:26.0433 1256 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll 03:40:26.0446 1256 AxInstSV - ok 03:40:26.0452 1256 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 03:40:26.0466 1256 b06bdrv - ok 03:40:26.0471 1256 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 03:40:26.0483 1256 b57nd60a - ok 03:40:26.0488 1256 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll 03:40:26.0497 1256 BDESVC - ok 03:40:26.0499 1256 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 03:40:26.0521 1256 Beep - ok 03:40:26.0530 1256 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll 03:40:26.0559 1256 BFE - ok 03:40:26.0565 1256 BITCOMET_HELPER_SERVICE - ok 03:40:26.0568 1256 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 03:40:26.0577 1256 blbdrive - ok 03:40:26.0583 1256 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 03:40:26.0595 1256 Bonjour Service - ok 03:40:26.0598 1256 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 03:40:26.0607 1256 bowser - ok 03:40:26.0609 1256 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 03:40:26.0619 1256 BrFiltLo - ok 03:40:26.0621 1256 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 03:40:26.0631 1256 BrFiltUp - ok 03:40:26.0634 1256 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 03:40:26.0657 1256 BridgeMP - ok 03:40:26.0660 1256 [ 05f5a0d14a2ee1d8255c2aa0e9e8e694 ] Browser C:\Windows\System32\browser.dll 03:40:26.0669 1256 Browser - ok 03:40:26.0674 1256 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys 03:40:26.0686 1256 Brserid - ok 03:40:26.0688 1256 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 03:40:26.0699 1256 BrSerWdm - ok 03:40:26.0701 1256 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 03:40:26.0711 1256 BrUsbMdm - ok 03:40:26.0713 1256 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 03:40:26.0722 1256 BrUsbSer - ok 03:40:26.0725 1256 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 03:40:26.0735 1256 BTHMODEM - ok 03:40:26.0739 1256 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll 03:40:26.0762 1256 bthserv - ok 03:40:26.0763 1256 catchme - ok 03:40:26.0766 1256 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 03:40:26.0789 1256 cdfs - ok 03:40:26.0793 1256 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 03:40:26.0803 1256 cdrom - ok 03:40:26.0806 1256 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll 03:40:26.0828 1256 CertPropSvc - ok 03:40:26.0831 1256 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\drivers\circlass.sys 03:40:26.0842 1256 circlass - ok 03:40:26.0846 1256 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys 03:40:26.0858 1256 CLFS - ok 03:40:26.0865 1256 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 03:40:26.0872 1256 clr_optimization_v2.0.50727_32 - ok 03:40:26.0878 1256 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 03:40:26.0886 1256 clr_optimization_v2.0.50727_64 - ok 03:40:26.0897 1256 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 03:40:26.0908 1256 clr_optimization_v4.0.30319_32 - ok 03:40:26.0910 1256 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 03:40:26.0920 1256 clr_optimization_v4.0.30319_64 - ok 03:40:26.0922 1256 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 03:40:26.0931 1256 CmBatt - ok 03:40:26.0933 1256 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys 03:40:26.0940 1256 cmdide - ok 03:40:26.0945 1256 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys 03:40:26.0962 1256 CNG - ok 03:40:26.0964 1256 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 03:40:26.0972 1256 Compbatt - ok 03:40:26.0974 1256 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 03:40:26.0984 1256 CompositeBus - ok 03:40:26.0986 1256 COMSysApp - ok 03:40:26.0989 1256 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 03:40:26.0996 1256 crcdisk - ok 03:40:27.0000 1256 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll 03:40:27.0011 1256 CryptSvc - ok 03:40:27.0017 1256 [ 54da3dfd29ed9f1619b6f53f3ce55e49 ] CSC C:\Windows\system32\drivers\csc.sys 03:40:27.0030 1256 CSC - ok 03:40:27.0038 1256 [ 3ab183ab4d2c79dcf459cd2c1266b043 ] CscService C:\Windows\System32\cscsvc.dll 03:40:27.0056 1256 CscService - ok 03:40:27.0063 1256 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll 03:40:27.0092 1256 DcomLaunch - ok 03:40:27.0097 1256 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll 03:40:27.0123 1256 defragsvc - ok 03:40:27.0125 1256 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 03:40:27.0148 1256 DfsC - ok 03:40:27.0154 1256 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll 03:40:27.0180 1256 Dhcp - ok 03:40:27.0183 1256 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys 03:40:27.0205 1256 discache - ok 03:40:27.0207 1256 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\drivers\disk.sys 03:40:27.0215 1256 Disk - ok 03:40:27.0218 1256 [ 5db085a8a6600be6401f2b24eecb5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 03:40:27.0226 1256 dmvsc - ok 03:40:27.0230 1256 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 03:40:27.0240 1256 Dnscache - ok 03:40:27.0245 1256 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll 03:40:27.0269 1256 dot3svc - ok 03:40:27.0273 1256 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll 03:40:27.0296 1256 DPS - ok 03:40:27.0298 1256 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 03:40:27.0309 1256 drmkaud - ok 03:40:27.0319 1256 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 03:40:27.0334 1256 DXGKrnl - ok 03:40:27.0338 1256 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll 03:40:27.0361 1256 EapHost - ok 03:40:27.0391 1256 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\drivers\evbda.sys 03:40:27.0436 1256 ebdrv - ok 03:40:27.0439 1256 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe 03:40:27.0448 1256 EFS - ok 03:40:27.0457 1256 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 03:40:27.0474 1256 ehRecvr - ok 03:40:27.0477 1256 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe 03:40:27.0486 1256 ehSched - ok 03:40:27.0489 1256 [ a05fc7eca0966ebb70e4d17b855a853b ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys 03:40:27.0496 1256 ElbyCDIO - ok 03:40:27.0503 1256 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 03:40:27.0517 1256 elxstor - ok 03:40:27.0519 1256 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys 03:40:27.0527 1256 ErrDev - ok 03:40:27.0530 1256 [ 3663291d0d26001a2bb67678ab61d14c ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys 03:40:27.0539 1256 EtronHub3 - ok 03:40:27.0541 1256 [ 744420d6c062c38f7361870f010d6d4b ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys 03:40:27.0549 1256 EtronXHCI - ok 03:40:27.0555 1256 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll 03:40:27.0582 1256 EventSystem - ok 03:40:27.0586 1256 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys 03:40:27.0610 1256 exfat - ok 03:40:27.0613 1256 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys 03:40:27.0637 1256 fastfat - ok 03:40:27.0645 1256 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe 03:40:27.0662 1256 Fax - ok 03:40:27.0664 1256 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\drivers\fdc.sys 03:40:27.0673 1256 fdc - ok 03:40:27.0675 1256 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll 03:40:27.0697 1256 fdPHost - ok 03:40:27.0699 1256 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 03:40:27.0721 1256 FDResPub - ok 03:40:27.0723 1256 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 03:40:27.0731 1256 FileInfo - ok 03:40:27.0733 1256 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 03:40:27.0755 1256 Filetrace - ok 03:40:27.0757 1256 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 03:40:27.0766 1256 flpydisk - ok 03:40:27.0770 1256 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 03:40:27.0780 1256 FltMgr - ok 03:40:27.0789 1256 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll 03:40:27.0808 1256 FontCache - ok 03:40:27.0811 1256 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 03:40:27.0817 1256 FontCache3.0.0.0 - ok 03:40:27.0819 1256 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 03:40:27.0827 1256 FsDepends - ok 03:40:27.0829 1256 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 03:40:27.0835 1256 Fs_Rec - ok 03:40:27.0839 1256 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 03:40:27.0851 1256 fvevol - ok 03:40:27.0853 1256 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 03:40:27.0861 1256 gagp30kx - ok 03:40:27.0863 1256 gdrv - ok 03:40:27.0866 1256 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 03:40:27.0871 1256 GEARAspiWDM - ok 03:40:27.0879 1256 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll 03:40:27.0909 1256 gpsvc - ok 03:40:27.0913 1256 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 03:40:27.0920 1256 gupdate - ok 03:40:27.0922 1256 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 03:40:27.0929 1256 gupdatem - ok 03:40:27.0931 1256 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 03:40:27.0940 1256 hcw85cir - ok 03:40:27.0944 1256 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 03:40:27.0958 1256 HdAudAddService - ok 03:40:27.0961 1256 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 03:40:27.0972 1256 HDAudBus - ok 03:40:27.0974 1256 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 03:40:27.0983 1256 HidBatt - ok 03:40:27.0986 1256 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 03:40:27.0996 1256 HidBth - ok 03:40:27.0999 1256 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 03:40:28.0009 1256 HidIr - ok 03:40:28.0011 1256 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll 03:40:28.0034 1256 hidserv - ok 03:40:28.0036 1256 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 03:40:28.0045 1256 HidUsb - ok 03:40:28.0048 1256 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll 03:40:28.0072 1256 hkmsvc - ok 03:40:28.0076 1256 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll 03:40:28.0088 1256 HomeGroupListener - ok 03:40:28.0092 1256 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 03:40:28.0106 1256 HomeGroupProvider - ok 03:40:28.0110 1256 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 03:40:28.0120 1256 HpSAMD - ok 03:40:28.0128 1256 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 03:40:28.0158 1256 HTTP - ok 03:40:28.0161 1256 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 03:40:28.0168 1256 hwpolicy - ok 03:40:28.0170 1256 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 03:40:28.0180 1256 i8042prt - ok 03:40:28.0185 1256 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 03:40:28.0197 1256 iaStorV - ok 03:40:28.0207 1256 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 03:40:28.0227 1256 idsvc - ok 03:40:28.0229 1256 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 03:40:28.0238 1256 iirsp - ok 03:40:28.0247 1256 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll 03:40:28.0280 1256 IKEEXT - ok 03:40:28.0322 1256 [ 150ac23f21dbdbf8488408ba944b0d65 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 03:40:28.0370 1256 IntcAzAudAddService - ok 03:40:28.0373 1256 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys 03:40:28.0380 1256 intelide - ok 03:40:28.0383 1256 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 03:40:28.0391 1256 intelppm - ok 03:40:28.0394 1256 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll 03:40:28.0417 1256 IPBusEnum - ok 03:40:28.0420 1256 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 03:40:28.0441 1256 IpFilterDriver - ok 03:40:28.0448 1256 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 03:40:28.0476 1256 iphlpsvc - ok 03:40:28.0479 1256 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 03:40:28.0488 1256 IPMIDRV - ok 03:40:28.0491 1256 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 03:40:28.0513 1256 IPNAT - ok 03:40:28.0522 1256 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 03:40:28.0538 1256 iPod Service - ok 03:40:28.0540 1256 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 03:40:28.0551 1256 IRENUM - ok 03:40:28.0553 1256 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 03:40:28.0561 1256 isapnp - ok 03:40:28.0565 1256 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 03:40:28.0576 1256 iScsiPrt - ok 03:40:28.0579 1256 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 03:40:28.0586 1256 kbdclass - ok 03:40:28.0588 1256 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 03:40:28.0597 1256 kbdhid - ok 03:40:28.0599 1256 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe 03:40:28.0608 1256 KeyIso - ok 03:40:28.0610 1256 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 03:40:28.0618 1256 KSecDD - ok 03:40:28.0621 1256 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 03:40:28.0629 1256 KSecPkg - ok 03:40:28.0632 1256 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 03:40:28.0653 1256 ksthunk - ok 03:40:28.0659 1256 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll 03:40:28.0685 1256 KtmRm - ok 03:40:28.0690 1256 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\System32\srvsvc.dll 03:40:28.0715 1256 LanmanServer - ok 03:40:28.0718 1256 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 03:40:28.0742 1256 LanmanWorkstation - ok 03:40:28.0745 1256 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 03:40:28.0767 1256 lltdio - ok 03:40:28.0771 1256 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll 03:40:28.0796 1256 lltdsvc - ok 03:40:28.0799 1256 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll 03:40:28.0821 1256 lmhosts - ok 03:40:28.0824 1256 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 03:40:28.0833 1256 LSI_FC - ok 03:40:28.0836 1256 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 03:40:28.0844 1256 LSI_SAS - ok 03:40:28.0846 1256 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 03:40:28.0854 1256 LSI_SAS2 - ok 03:40:28.0857 1256 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 03:40:28.0865 1256 LSI_SCSI - ok 03:40:28.0868 1256 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys 03:40:28.0890 1256 luafv - ok 03:40:28.0893 1256 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 03:40:28.0903 1256 Mcx2Svc - ok 03:40:28.0905 1256 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\drivers\megasas.sys 03:40:28.0913 1256 megasas - ok 03:40:28.0917 1256 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 03:40:28.0928 1256 MegaSR - ok 03:40:28.0930 1256 [ 1c6e73fc46b509eff9d0086aa37132df ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 03:40:28.0937 1256 MEIx64 - ok 03:40:28.0939 1256 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll 03:40:28.0962 1256 MMCSS - ok 03:40:28.0965 1256 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys 03:40:28.0987 1256 Modem - ok 03:40:28.0989 1256 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys 03:40:28.0999 1256 monitor - ok 03:40:29.0001 1256 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 03:40:29.0008 1256 mouclass - ok 03:40:29.0010 1256 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 03:40:29.0020 1256 mouhid - ok 03:40:29.0022 1256 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 03:40:29.0030 1256 mountmgr - ok 03:40:29.0033 1256 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys 03:40:29.0042 1256 mpio - ok 03:40:29.0045 1256 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 03:40:29.0067 1256 mpsdrv - ok 03:40:29.0077 1256 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll 03:40:29.0108 1256 MpsSvc - ok 03:40:29.0112 1256 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 03:40:29.0125 1256 MRxDAV - ok 03:40:29.0128 1256 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 03:40:29.0139 1256 mrxsmb - ok 03:40:29.0144 1256 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 03:40:29.0154 1256 mrxsmb10 - ok 03:40:29.0157 1256 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 03:40:29.0166 1256 mrxsmb20 - ok 03:40:29.0169 1256 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys 03:40:29.0176 1256 msahci - ok 03:40:29.0180 1256 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 03:40:29.0189 1256 msdsm - ok 03:40:29.0192 1256 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe 03:40:29.0203 1256 MSDTC - ok 03:40:29.0207 1256 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 03:40:29.0228 1256 Msfs - ok 03:40:29.0230 1256 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 03:40:29.0252 1256 mshidkmdf - ok 03:40:29.0254 1256 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 03:40:29.0261 1256 msisadrv - ok 03:40:29.0264 1256 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 03:40:29.0289 1256 MSiSCSI - ok 03:40:29.0291 1256 msiserver - ok 03:40:29.0293 1256 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 03:40:29.0316 1256 MSKSSRV - ok 03:40:29.0319 1256 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 03:40:29.0341 1256 MSPCLOCK - ok 03:40:29.0343 1256 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 03:40:29.0365 1256 MSPQM - ok 03:40:29.0370 1256 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 03:40:29.0381 1256 MsRPC - ok 03:40:29.0384 1256 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 03:40:29.0391 1256 mssmbios - ok 03:40:29.0393 1256 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 03:40:29.0414 1256 MSTEE - ok 03:40:29.0416 1256 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 03:40:29.0424 1256 MTConfig - ok 03:40:29.0427 1256 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys 03:40:29.0435 1256 Mup - ok 03:40:29.0441 1256 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll 03:40:29.0468 1256 napagent - ok 03:40:29.0473 1256 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 03:40:29.0488 1256 NativeWifiP - ok 03:40:29.0499 1256 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys 03:40:29.0518 1256 NDIS - ok 03:40:29.0521 1256 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 03:40:29.0543 1256 NdisCap - ok 03:40:29.0545 1256 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 03:40:29.0567 1256 NdisTapi - ok 03:40:29.0569 1256 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 03:40:29.0591 1256 Ndisuio - ok 03:40:29.0594 1256 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 03:40:29.0617 1256 NdisWan - ok 03:40:29.0620 1256 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 03:40:29.0641 1256 NDProxy - ok 03:40:29.0643 1256 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 03:40:29.0665 1256 NetBIOS - ok 03:40:29.0669 1256 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 03:40:29.0693 1256 NetBT - ok 03:40:29.0695 1256 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe 03:40:29.0703 1256 Netlogon - ok 03:40:29.0708 1256 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll 03:40:29.0735 1256 Netman - ok 03:40:29.0738 1256 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 03:40:29.0747 1256 NetMsmqActivator - ok 03:40:29.0749 1256 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 03:40:29.0756 1256 NetPipeActivator - ok 03:40:29.0762 1256 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll 03:40:29.0789 1256 netprofm - ok 03:40:29.0792 1256 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 03:40:29.0798 1256 NetTcpActivator - ok 03:40:29.0801 1256 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 03:40:29.0807 1256 NetTcpPortSharing - ok 03:40:29.0810 1256 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 03:40:29.0817 1256 nfrd960 - ok 03:40:29.0822 1256 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 03:40:29.0847 1256 NlaSvc - ok 03:40:29.0849 1256 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 03:40:29.0872 1256 Npfs - ok 03:40:29.0874 1256 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll 03:40:29.0897 1256 nsi - ok 03:40:29.0899 1256 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 03:40:29.0921 1256 nsiproxy - ok 03:40:29.0937 1256 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 03:40:29.0967 1256 Ntfs - ok 03:40:29.0969 1256 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys 03:40:29.0990 1256 Null - ok 03:40:29.0993 1256 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys 03:40:30.0002 1256 nvraid - ok 03:40:30.0005 1256 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys 03:40:30.0015 1256 nvstor - ok 03:40:30.0017 1256 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 03:40:30.0026 1256 nv_agp - ok 03:40:30.0029 1256 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 03:40:30.0037 1256 ohci1394 - ok 03:40:30.0042 1256 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 03:40:30.0055 1256 p2pimsvc - ok 03:40:30.0061 1256 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll 03:40:30.0075 1256 p2psvc - ok 03:40:30.0078 1256 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\drivers\parport.sys 03:40:30.0088 1256 Parport - ok 03:40:30.0090 1256 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys 03:40:30.0098 1256 partmgr - ok 03:40:30.0102 1256 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 03:40:30.0116 1256 PcaSvc - ok 03:40:30.0120 1256 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys 03:40:30.0129 1256 pci - ok 03:40:30.0131 1256 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys 03:40:30.0138 1256 pciide - ok 03:40:30.0142 1256 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 03:40:30.0152 1256 pcmcia - ok 03:40:30.0155 1256 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys 03:40:30.0162 1256 pcw - ok 03:40:30.0169 1256 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys 03:40:30.0198 1256 PEAUTH - ok 03:40:30.0212 1256 [ b9b0a4299dd2d76a4243f75fd54dc680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 03:40:30.0236 1256 PeerDistSvc - ok 03:40:30.0255 1256 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe 03:40:30.0265 1256 PerfHost - ok 03:40:30.0281 1256 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll 03:40:30.0319 1256 pla - ok 03:40:30.0326 1256 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 03:40:30.0340 1256 PlugPlay - ok 03:40:30.0343 1256 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 03:40:30.0353 1256 PNRPAutoReg - ok 03:40:30.0357 1256 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 03:40:30.0369 1256 PNRPsvc - ok 03:40:30.0375 1256 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 03:40:30.0402 1256 PolicyAgent - ok 03:40:30.0407 1256 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll 03:40:30.0432 1256 Power - ok 03:40:30.0435 1256 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 03:40:30.0457 1256 PptpMiniport - ok 03:40:30.0460 1256 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\drivers\processr.sys 03:40:30.0469 1256 Processor - ok 03:40:30.0473 1256 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll 03:40:30.0484 1256 ProfSvc - ok 03:40:30.0486 1256 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe 03:40:30.0494 1256 ProtectedStorage - ok 03:40:30.0497 1256 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys 03:40:30.0519 1256 Psched - ok 03:40:30.0534 1256 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 03:40:30.0562 1256 ql2300 - ok 03:40:30.0566 1256 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 03:40:30.0574 1256 ql40xx - ok 03:40:30.0579 1256 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll 03:40:30.0594 1256 QWAVE - ok 03:40:30.0596 1256 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 03:40:30.0608 1256 QWAVEdrv - ok 03:40:30.0610 1256 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 03:40:30.0632 1256 RasAcd - ok 03:40:30.0635 1256 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 03:40:30.0657 1256 RasAgileVpn - ok 03:40:30.0660 1256 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll 03:40:30.0717 1256 RasAuto - ok 03:40:30.0726 1256 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 03:40:30.0768 1256 Rasl2tp - ok 03:40:30.0781 1256 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll 03:40:30.0812 1256 RasMan - ok 03:40:30.0815 1256 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 03:40:30.0839 1256 RasPppoe - ok 03:40:30.0842 1256 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 03:40:30.0864 1256 RasSstp - ok 03:40:30.0869 1256 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 03:40:30.0893 1256 rdbss - ok 03:40:30.0896 1256 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 03:40:30.0906 1256 rdpbus - ok 03:40:30.0908 1256 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 03:40:30.0929 1256 RDPCDD - ok 03:40:30.0933 1256 [ 1b6163c503398b23ff8b939c67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 03:40:30.0943 1256 RDPDR - ok 03:40:30.0946 1256 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 03:40:30.0967 1256 RDPENCDD - ok 03:40:30.0970 1256 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 03:40:30.0992 1256 RDPREFMP - ok 03:40:30.0995 1256 [ 70cba1a0c98600a2aa1863479b35cb90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 03:40:31.0004 1256 RdpVideoMiniport - ok 03:40:31.0007 1256 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 03:40:31.0017 1256 RDPWD - ok 03:40:31.0021 1256 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 03:40:31.0031 1256 rdyboost - ok 03:40:31.0034 1256 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll 03:40:31.0058 1256 RemoteAccess - ok 03:40:31.0062 1256 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 03:40:31.0086 1256 RemoteRegistry - ok 03:40:31.0089 1256 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 03:40:31.0113 1256 RpcEptMapper - ok 03:40:31.0115 1256 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe 03:40:31.0124 1256 RpcLocator - ok 03:40:31.0131 1256 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll 03:40:31.0156 1256 RpcSs - ok 03:40:31.0159 1256 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 03:40:31.0181 1256 rspndr - ok 03:40:31.0186 1256 [ c20f64fcd5e2b40310a1774495877acd ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys 03:40:31.0194 1256 RTHDMIAzAudService - ok 03:40:31.0200 1256 [ 6d3c7e7d82d3dc92dc2a8b0df9f20f8a ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 03:40:31.0210 1256 RTL8167 - ok 03:40:31.0212 1256 [ e60c0a09f997826c7627b244195ab581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 03:40:31.0220 1256 s3cap - ok 03:40:31.0222 1256 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe 03:40:31.0231 1256 SamSs - ok 03:40:31.0233 1256 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 03:40:31.0242 1256 sbp2port - ok 03:40:31.0245 1256 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll 03:40:31.0270 1256 SCardSvr - ok 03:40:31.0272 1256 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 03:40:31.0294 1256 scfilter - ok 03:40:31.0305 1256 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll 03:40:31.0340 1256 Schedule - ok 03:40:31.0343 1256 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll 03:40:31.0365 1256 SCPolicySvc - ok 03:40:31.0368 1256 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 03:40:31.0380 1256 SDRSVC - ok 03:40:31.0382 1256 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 03:40:31.0403 1256 secdrv - ok 03:40:31.0406 1256 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll 03:40:31.0428 1256 seclogon - ok 03:40:31.0431 1256 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll 03:40:31.0455 1256 SENS - ok 03:40:31.0457 1256 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 03:40:31.0467 1256 SensrSvc - ok 03:40:31.0469 1256 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 03:40:31.0478 1256 Serenum - ok 03:40:31.0480 1256 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 03:40:31.0490 1256 Serial - ok 03:40:31.0492 1256 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 03:40:31.0501 1256 sermouse - ok 03:40:31.0506 1256 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll 03:40:31.0530 1256 SessionEnv - ok 03:40:31.0532 1256 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 03:40:31.0542 1256 sffdisk - ok 03:40:31.0544 1256 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 03:40:31.0554 1256 sffp_mmc - ok 03:40:31.0557 1256 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 03:40:31.0569 1256 sffp_sd - ok 03:40:31.0570 1256 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 03:40:31.0579 1256 sfloppy - ok 03:40:31.0585 1256 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll 03:40:31.0612 1256 SharedAccess - ok 03:40:31.0618 1256 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll 03:40:31.0644 1256 ShellHWDetection - ok 03:40:31.0647 1256 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 03:40:31.0655 1256 SiSRaid2 - ok 03:40:31.0658 1256 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 03:40:31.0666 1256 SiSRaid4 - ok 03:40:31.0669 1256 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 03:40:31.0691 1256 Smb - ok 03:40:31.0695 1256 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe 03:40:31.0705 1256 SNMPTRAP - ok 03:40:31.0708 1256 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys 03:40:31.0714 1256 spldr - ok 03:40:31.0720 1256 [ 85daa09a98c9286d4ea2ba8d0e644377 ] Spooler C:\Windows\System32\spoolsv.exe 03:40:31.0733 1256 Spooler - ok 03:40:31.0765 1256 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe 03:40:31.0827 1256 sppsvc - ok 03:40:31.0830 1256 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 03:40:31.0853 1256 sppuinotify - ok 03:40:31.0859 1256 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys 03:40:31.0872 1256 srv - ok 03:40:31.0878 1256 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 03:40:31.0891 1256 srv2 - ok 03:40:31.0895 1256 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 03:40:31.0904 1256 srvnet - ok 03:40:31.0908 1256 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 03:40:31.0933 1256 SSDPSRV - ok 03:40:31.0936 1256 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll 03:40:31.0960 1256 SstpSvc - ok 03:40:31.0962 1256 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\drivers\stexstor.sys 03:40:31.0969 1256 stexstor - ok 03:40:31.0975 1256 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll 03:40:31.0994 1256 stisvc - ok 03:40:31.0996 1256 [ 7785dc213270d2fc066538daf94087e7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 03:40:32.0003 1256 storflt - ok 03:40:32.0005 1256 [ d34e4943d5ac096c8edeebfd80d76e23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 03:40:32.0013 1256 storvsc - ok 03:40:32.0015 1256 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 03:40:32.0022 1256 swenum - ok 03:40:32.0029 1256 [ f577910a133a592234ebaad3f3afa258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 03:40:32.0042 1256 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning 03:40:32.0042 1256 SwitchBoard - detected UnsignedFile.Multi.Generic (1) 03:40:32.0049 1256 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll 03:40:32.0077 1256 swprv - ok 03:40:32.0080 1256 [ c3a39c4079305480972d29c44b868c78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys 03:40:32.0088 1256 Synth3dVsc - ok 03:40:32.0105 1256 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll 03:40:32.0138 1256 SysMain - ok 03:40:32.0141 1256 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 03:40:32.0154 1256 TabletInputService - ok 03:40:32.0159 1256 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 03:40:32.0186 1256 TapiSrv - ok 03:40:32.0189 1256 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll 03:40:32.0213 1256 TBS - ok 03:40:32.0227 1256 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 03:40:32.0257 1256 Tcpip - ok 03:40:32.0272 1256 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 03:40:32.0296 1256 TCPIP6 - ok 03:40:32.0300 1256 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 03:40:32.0323 1256 tcpipreg - ok 03:40:32.0326 1256 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 03:40:32.0334 1256 TDPIPE - ok 03:40:32.0336 1256 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 03:40:32.0345 1256 TDTCP - ok 03:40:32.0348 1256 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 03:40:32.0371 1256 tdx - ok 03:40:32.0374 1256 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 03:40:32.0382 1256 TermDD - ok 03:40:32.0384 1256 [ 2b5bdff688ec9871d7ec5837833374e9 ] terminpt C:\Windows\system32\drivers\terminpt.sys 03:40:32.0393 1256 terminpt - ok 03:40:32.0401 1256 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll 03:40:32.0433 1256 TermService - ok 03:40:32.0435 1256 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll 03:40:32.0449 1256 Themes - ok 03:40:32.0451 1256 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll 03:40:32.0475 1256 THREADORDER - ok 03:40:32.0478 1256 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll 03:40:32.0503 1256 TrkWks - ok 03:40:32.0507 1256 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 03:40:32.0529 1256 TrustedInstaller - ok 03:40:32.0532 1256 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 03:40:32.0554 1256 tssecsrv - ok 03:40:32.0557 1256 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 03:40:32.0565 1256 TsUsbFlt - ok 03:40:32.0567 1256 [ 9cc2ccae8a84820eaecb886d477cbcb8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 03:40:32.0575 1256 TsUsbGD - ok 03:40:32.0578 1256 [ e1748d04ae40118b62bc18ac86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys 03:40:32.0587 1256 tsusbhub - ok 03:40:32.0590 1256 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 03:40:32.0612 1256 tunnel - ok 03:40:32.0615 1256 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 03:40:32.0623 1256 uagp35 - ok 03:40:32.0628 1256 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 03:40:32.0653 1256 udfs - ok 03:40:32.0657 1256 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 03:40:32.0668 1256 UI0Detect - ok 03:40:32.0670 1256 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 03:40:32.0678 1256 uliagpkx - ok 03:40:32.0681 1256 [ 694bcf23662f97d987cf4c6739c35f8b ] UltraMonUtility C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys 03:40:32.0688 1256 UltraMonUtility - ok 03:40:32.0690 1256 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 03:40:32.0700 1256 umbus - ok 03:40:32.0702 1256 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 03:40:32.0710 1256 UmPass - ok 03:40:32.0714 1256 [ a293dcd756d04d8492a750d03b9a297c ] UmRdpService C:\Windows\System32\umrdp.dll 03:40:32.0726 1256 UmRdpService - ok 03:40:32.0731 1256 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll 03:40:32.0758 1256 upnphost - ok 03:40:32.0763 1256 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 03:40:32.0771 1256 USBAAPL64 - ok 03:40:32.0774 1256 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 03:40:32.0783 1256 usbccgp - ok 03:40:32.0786 1256 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 03:40:32.0797 1256 usbcir - ok 03:40:32.0799 1256 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\drivers\usbehci.sys 03:40:32.0808 1256 usbehci - ok 03:40:32.0812 1256 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 03:40:32.0824 1256 usbhub - ok 03:40:32.0826 1256 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 03:40:32.0834 1256 usbohci - ok 03:40:32.0837 1256 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 03:40:32.0847 1256 usbprint - ok 03:40:32.0849 1256 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 03:40:32.0859 1256 USBSTOR - ok 03:40:32.0861 1256 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 03:40:32.0869 1256 usbuhci - ok 03:40:32.0872 1256 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll 03:40:32.0895 1256 UxSms - ok 03:40:32.0897 1256 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe 03:40:32.0906 1256 VaultSvc - ok 03:40:32.0908 1256 [ fd911873c0bb6945fa38c16e9a2b58f9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys 03:40:32.0916 1256 VClone - ok 03:40:32.0919 1256 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 03:40:32.0926 1256 vdrvroot - ok 03:40:32.0932 1256 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe 03:40:32.0961 1256 vds - ok 03:40:32.0964 1256 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 03:40:32.0974 1256 vga - ok 03:40:32.0976 1256 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys 03:40:32.0998 1256 VgaSave - ok 03:40:32.0999 1256 VGPU - ok 03:40:33.0004 1256 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 03:40:33.0013 1256 vhdmp - ok 03:40:33.0016 1256 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys 03:40:33.0023 1256 viaide - ok 03:40:33.0027 1256 [ 86ea3e79ae350fea5331a1303054005f ] vmbus C:\Windows\system32\drivers\vmbus.sys 03:40:33.0037 1256 vmbus - ok 03:40:33.0039 1256 [ 7de90b48f210d29649380545db45a187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 03:40:33.0047 1256 VMBusHID - ok 03:40:33.0050 1256 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 03:40:33.0057 1256 volmgr - ok 03:40:33.0062 1256 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 03:40:33.0073 1256 volmgrx - ok 03:40:33.0078 1256 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 03:40:33.0088 1256 volsnap - ok 03:40:33.0092 1256 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 03:40:33.0101 1256 vsmraid - ok 03:40:33.0117 1256 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe 03:40:33.0159 1256 VSS - ok 03:40:33.0161 1256 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 03:40:33.0171 1256 vwifibus - ok 03:40:33.0178 1256 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll 03:40:33.0205 1256 W32Time - ok 03:40:33.0208 1256 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\drivers\wacompen.sys 03:40:33.0218 1256 WacomPen - ok 03:40:33.0220 1256 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 03:40:33.0242 1256 WANARP - ok 03:40:33.0244 1256 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 03:40:33.0265 1256 Wanarpv6 - ok 03:40:33.0278 1256 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 03:40:33.0303 1256 WatAdminSvc - ok 03:40:33.0318 1256 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe 03:40:33.0345 1256 wbengine - ok 03:40:33.0350 1256 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 03:40:33.0365 1256 WbioSrvc - ok 03:40:33.0370 1256 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll 03:40:33.0387 1256 wcncsvc - ok 03:40:33.0389 1256 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 03:40:33.0399 1256 WcsPlugInService - ok 03:40:33.0401 1256 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\drivers\wd.sys 03:40:33.0408 1256 Wd - ok 03:40:33.0415 1256 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 03:40:33.0431 1256 Wdf01000 - ok 03:40:33.0433 1256 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll 03:40:33.0447 1256 WdiServiceHost - ok 03:40:33.0449 1256 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll 03:40:33.0463 1256 WdiSystemHost - ok 03:40:33.0467 1256 [ cc86d2867eb393f1360beb6e7e1bf9dc ] Web Assistant Updater C:\Program Files\Web Assistant\ExtensionUpdaterService.exe 03:40:33.0471 1256 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - warning 03:40:33.0471 1256 Web Assistant Updater - detected UnsignedFile.Multi.Generic (1) 03:40:33.0475 1256 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll 03:40:33.0491 1256 WebClient - ok 03:40:33.0495 1256 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll 03:40:33.0522 1256 Wecsvc - ok 03:40:33.0526 1256 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 03:40:33.0551 1256 wercplsupport - ok 03:40:33.0554 1256 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll 03:40:33.0578 1256 WerSvc - ok 03:40:33.0580 1256 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 03:40:33.0601 1256 WfpLwf - ok 03:40:33.0603 1256 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys 03:40:33.0611 1256 WIMMount - ok 03:40:33.0612 1256 WinDefend - ok 03:40:33.0616 1256 WinHttpAutoProxySvc - ok 03:40:33.0625 1256 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 03:40:33.0650 1256 Winmgmt - ok 03:40:34.0341 1256 [ 0c0195c48b6b8582fa6f6373032118da ] WinRing0_1_2_0 D:\Stuff from XP\RealTemp_360\WinRing0x64.sys 03:40:34.0361 1256 WinRing0_1_2_0 - ok 03:40:34.0385 1256 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll 03:40:34.0440 1256 WinRM - ok 03:40:34.0445 1256 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 03:40:34.0456 1256 WinUsb - ok 03:40:34.0466 1256 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll 03:40:34.0489 1256 Wlansvc - ok 03:40:34.0492 1256 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 03:40:34.0500 1256 WmiAcpi - ok 03:40:34.0505 1256 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 03:40:34.0517 1256 wmiApSrv - ok 03:40:34.0518 1256 WMPNetworkSvc - ok 03:40:34.0521 1256 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll 03:40:34.0531 1256 WPCSvc - ok 03:40:34.0534 1256 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 03:40:34.0546 1256 WPDBusEnum - ok 03:40:34.0549 1256 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 03:40:34.0571 1256 ws2ifsl - ok 03:40:34.0574 1256 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\system32\wscsvc.dll 03:40:34.0588 1256 wscsvc - ok 03:40:34.0590 1256 WSearch - ok 03:40:34.0609 1256 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll 03:40:34.0645 1256 wuauserv - ok 03:40:34.0648 1256 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 03:40:34.0671 1256 WudfPf - ok 03:40:34.0675 1256 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 03:40:34.0698 1256 WUDFRd - ok 03:40:34.0702 1256 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 03:40:34.0725 1256 wudfsvc - ok 03:40:34.0729 1256 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll 03:40:34.0745 1256 WwanSvc - ok 03:40:34.0748 1256 ================ Scan global =============================== 03:40:34.0750 1256 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll 03:40:34.0754 1256 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll 03:40:34.0761 1256 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll 03:40:34.0765 1256 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll 03:40:34.0771 1256 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe 03:40:34.0775 1256 [Global] - ok 03:40:34.0775 1256 ================ Scan MBR ================================== 03:40:34.0776 1256 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 03:40:35.0147 1256 \Device\Harddisk0\DR0 - ok 03:40:35.0150 1256 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1 03:40:35.0166 1256 \Device\Harddisk1\DR1 - ok 03:40:35.0169 1256 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2 03:40:35.0651 1256 \Device\Harddisk2\DR2 - ok 03:40:35.0654 1256 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3 03:40:36.0154 1256 \Device\Harddisk3\DR3 - ok 03:40:36.0157 1256 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4 03:40:36.0474 1256 \Device\Harddisk4\DR4 - ok 03:40:36.0476 1256 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk5\DR5 03:40:37.0015 1256 \Device\Harddisk5\DR5 - ok 03:40:37.0018 1256 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk6\DR6 03:40:37.0544 1256 \Device\Harddisk6\DR6 - ok 03:40:37.0547 1256 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk7\DR7 03:40:37.0902 1256 \Device\Harddisk7\DR7 - ok 03:40:37.0906 1256 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk8\DR8 03:40:38.0025 1256 \Device\Harddisk8\DR8 - ok 03:40:38.0028 1256 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk9\DR9 03:40:38.0550 1256 \Device\Harddisk9\DR9 - ok 03:40:38.0550 1256 ================ Scan VBR ================================== 03:40:38.0552 1256 Boot (0x1200) (cb05625d69ed487b80120daa23199948) \Device\Harddisk0\DR0\Partition1 03:40:38.0553 1256 \Device\Harddisk0\DR0\Partition1 - ok 03:40:38.0555 1256 Boot (0x1200) (02fa33518c4ef36281f104bbf30f13f1) \Device\Harddisk1\DR1\Partition1 03:40:38.0557 1256 \Device\Harddisk1\DR1\Partition1 - ok 03:40:38.0559 1256 Boot (0x1200) (a990aa965730254fdbb95f81d6d37c3b) \Device\Harddisk2\DR2\Partition1 03:40:38.0560 1256 \Device\Harddisk2\DR2\Partition1 - ok 03:40:38.0562 1256 Boot (0x1200) (5c0c9e1f441681c0777c526763d22e22) \Device\Harddisk3\DR3\Partition1 03:40:38.0563 1256 \Device\Harddisk3\DR3\Partition1 - ok 03:40:38.0566 1256 Boot (0x1200) (f5db40874c5b9946f17982625f786de6) \Device\Harddisk4\DR4\Partition1 03:40:38.0567 1256 \Device\Harddisk4\DR4\Partition1 - ok 03:40:38.0570 1256 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk5\DR5\Partition1 03:40:38.0570 1256 \Device\Harddisk5\DR5\Partition1 - ok 03:40:38.0573 1256 Boot (0x1200) (9e597ad2d9a4ca1415ea71226c7f3261) \Device\Harddisk5\DR5\Partition2 03:40:38.0574 1256 \Device\Harddisk5\DR5\Partition2 - ok 03:40:38.0576 1256 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk6\DR6\Partition1 03:40:38.0576 1256 \Device\Harddisk6\DR6\Partition1 - ok 03:40:38.0579 1256 Boot (0x1200) (bedfc9bbdb33da92521fa3e7114d13db) \Device\Harddisk6\DR6\Partition2 03:40:38.0580 1256 \Device\Harddisk6\DR6\Partition2 - ok 03:40:38.0582 1256 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk7\DR7\Partition1 03:40:38.0583 1256 \Device\Harddisk7\DR7\Partition1 - ok 03:40:38.0585 1256 Boot (0x1200) (f1636745d4423df0559b2d356c056269) \Device\Harddisk7\DR7\Partition2 03:40:38.0587 1256 \Device\Harddisk7\DR7\Partition2 - ok 03:40:38.0589 1256 Boot (0x1200) (b874b2516d9ff11dc4c314f39a231a09) \Device\Harddisk8\DR8\Partition1 03:40:38.0591 1256 \Device\Harddisk8\DR8\Partition1 - ok 03:40:38.0593 1256 Boot (0x1200) (fab2c106923264ab5e39e1a602afd4dc) \Device\Harddisk9\DR9\Partition1 03:40:38.0595 1256 \Device\Harddisk9\DR9\Partition1 - ok 03:40:38.0595 1256 ============================================================ 03:40:38.0595 1256 Scan finished 03:40:38.0595 1256 ============================================================ 03:40:38.0599 1448 Detected object count: 2 03:40:38.0599 1448 Actual detected object count: 2 03:41:22.0475 1448 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user 03:41:22.0476 1448 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 03:41:22.0476 1448 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - skipped by user 03:41:22.0476 1448 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
  17. c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC079.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC08C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC08E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC090.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC112.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC114.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC15D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC17B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC17C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC17D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC195.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC1BB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC1D9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC1F5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC229.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC249.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC262.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC26D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC2B6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC2B8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC2CF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC2DA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC313.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC35D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC391.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC398.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC3B3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC3B7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC3FA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC40C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC42D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC433.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC43B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC45A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC480.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC485.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC4A2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC4D6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC4E5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC4E6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC500.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC528.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC543.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC551.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC566.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC57C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC57F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC585.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC58C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC58E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC5B9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC5BE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC5CB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC60.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC601.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC60F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC648.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC651.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC680.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC697.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC6B9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC6D4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC6E7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC6EB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC6F0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC70F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC711.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC713.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC791.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC79A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC79B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC7AE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC7B3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC7CD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC7EB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC7F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC83D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC840.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC863.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC864.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC86E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC875.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC89A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC8BB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC8BC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC8E3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC8FD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC90E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC93.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC930.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC93A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC95F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC977.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC985.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC998.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC9BB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC9BC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC9F5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCA01.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCA11.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCA2C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCA64.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCA73.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCAA8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCAB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCAC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCAF9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCAFB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCAFC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCB3D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCB4B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCB74.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCBAD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCBC6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCBD5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCBEF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCBF7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCC13.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCC1C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCC1D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCC2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCC2D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCC58.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCC82.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCC9B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCCBC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCCE4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCCFE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCD0D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCD30.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCD44.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCD5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCD6E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCD76.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCDB1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCDC2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCE51.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCE79.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCE7D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCE95.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCE96.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCED6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCEDD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCF1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCF24.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCF4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCF4E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCF92.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCFBA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCFBD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzCFE6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD012.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD015.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD01A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD02A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD052.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD05E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD078.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD08E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD0DA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD0E0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD0F4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD100.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD101.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD10C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD10D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD122.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD172.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD187.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD1BC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD1CF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD1E3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD203.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD21E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD228.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD229.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD24F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD25D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD261.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD279.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD289.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD2B3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD2EC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD32A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD343.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD35F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD368.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD374.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD385.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD39D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD3D8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD3E1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD3E8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD41.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD422.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD44A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD46.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD479.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD49B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD4AE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD4C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD4C2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD4D2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD4D9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD4E2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD55B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD561.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD563.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD578.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD597.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD5BF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD5C1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD5D2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD616.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD62A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD66B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD677.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD689.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD6A0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD6A8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD6E3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD786.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD78C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD79D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD7A5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD7B6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD7BD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD7C2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD7C6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD7CD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD7D2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD7D8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD7DE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD808.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD885.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD8AC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD8CC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD8F6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD914.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD91B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD926.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD927.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD931.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD935.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD962.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD995.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD9A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD9A7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD9AA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD9BF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzD9DE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDA02.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDA0D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDA17.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDA1F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDA66.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDB0B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDB0C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDB0F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDB1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDB22.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDB2B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDB5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDB5B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDB5F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDB68.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDB70.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDB75.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDB85.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDB88.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDB8F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDBBB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDBBF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDBC7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDBF4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDC07.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDC4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDC44.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDC45.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDC4A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDC4C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDC66.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDD01.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDD3F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDD5D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDD78.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDD7D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDD96.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDDAA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDDB1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDE2B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDE3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDE3E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDE4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDE5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDE76.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDE7E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDE8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDE82.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDE91.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDEA1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDEB2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDEB7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDEC1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDF1B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDF1C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDF1D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDF3F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDF5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDF8B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDF92.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDFA4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDFD1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDFD7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzDFEB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE00E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE038.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE064.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE074.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE088.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE0B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE0C0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE0C2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE0E7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE114.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE11A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE13C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE166.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE199.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE1BC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE1C9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE1D8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE1F2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE1FC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE205.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE268.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE276.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE284.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE2B2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE2BF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE2D4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE2DB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE2E2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE2FC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE316.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE341.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE34F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE351.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE354.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE3A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE3AB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE3B4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE3BC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE3BD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE3C6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE3CE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE3CF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE3FE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE435.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE438.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE489.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE4BA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE4D4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE4F2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE523.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE530.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE535.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE548.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE55A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE58F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE5A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE5D5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE5DE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE60D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE626.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE65A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE66F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE6AF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE6C2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE6DB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE6DE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE6E8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE6EE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE6F9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE700.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE746.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE74D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE77F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE78A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE7F5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE835.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE881.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE892.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE8B3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE8B8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE8C6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE8D9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE8DA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE945.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE951.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE985.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzE9EC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEA03.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEA07.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEA5B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEA96.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEAC3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEAC4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEAF6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEB04.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEB08.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEB24.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEB40.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEB6C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEB87.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEBC7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEBC9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEBD1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEBD6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEBE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEC04.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEC10.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEC1F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEC4A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEC5F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEC98.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzECBE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzECFA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzECFB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzECFF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzED08.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzED0B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzED30.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzED3B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzED55.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzED67.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzED6C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEDB3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEDD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEE08.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEE26.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEE5D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEE81.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEEA2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEF0A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEF1F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEF25.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEF3A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEF8F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEF99.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEFE7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEFEE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzEFFD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF02.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF03F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF07.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF0B2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF0C3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF0E2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF11.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF123.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF137.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF15F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF170.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF1AF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF1B9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF1FF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF212.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF224.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF232.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF24B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF26D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF271.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF276.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF28B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF2A0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF30.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF30C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF31D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF339.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF387.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF397.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF3BD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF3D3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF3E0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF404.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF481.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF483.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF4A6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF4C1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF4CB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF4DB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF4DF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF4E0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF4E3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF4E4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF50B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF53E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF54A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF59C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF5C6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF5D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF5DF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF5F2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF5F7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF5F9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF611.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF617.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF61B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF62E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF63A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF64E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF67F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF681.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF687.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF6C8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF6D6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF6E6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF71F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF727.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF72E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF730.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF74D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF754.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF78C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF78D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF794.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF7A6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF7AB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF7B6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF7DD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF7E4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF7ED.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF80B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF811.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF816.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF828.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF842.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF843.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF864.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF87D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF8A1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF8A8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF8B0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF8CA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF8F3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF912.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF91B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF9A5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF9B2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF9C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzF9D4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFA03.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFA19.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFA32.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFA39.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFA3C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFA3E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFA41.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFA7D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFA8D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFAA1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFAA2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFAE6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFAF5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFAFA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFB14.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFB25.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFB5A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFB99.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFBB1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFBB8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFBCD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFBD1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFBD9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFBF0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFC1C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFC27.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFC4B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFC55.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFC5E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFC76.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFC7E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFC9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFCB6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFCB8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFD37.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFD39.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFD51.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFD62.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFD79.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFDE0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFE0A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFE29.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFE3F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFE5B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFE92.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFEA7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFF06.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFF1F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFF84.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFFB1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFFB6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzFFE6.tmp D:\Autorun.inf I:\Autorun.inf L:\Autorun.inf . Infected copy of c:\windows\system32\services.exe was found and disinfected Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy1_!Windows!winsxs!amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1!services.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_FTSvc -------\Service_FTSvc . . ((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 ))))))))))))))))))))))))))))))) . . 2012-08-17 09:26 . 2012-08-17 09:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-17 09:00 . 2012-08-17 09:00 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-08-16 19:58 . 2012-08-16 19:58 -------- d-----w- c:\users\ArieS\AppData\Local\ElevatedDiagnostics 2012-08-14 09:38 . 2012-08-14 09:38 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-08-14 09:37 . 2012-08-14 09:37 -------- d-----w- c:\program files (x86)\Oracle 2012-08-14 09:37 . 2012-07-06 05:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-08-14 09:37 . 2012-08-14 09:37 -------- d-----w- c:\program files (x86)\Java 2012-08-07 09:44 . 2001-11-07 16:27 851968 ----a-w- c:\windows\SysWow64\usbpadcp.dll 2012-08-07 09:44 . 2001-09-24 07:32 49206 ----a-w- c:\windows\SysWow64\usbpadff.dll 2012-08-07 08:58 . 2012-08-07 09:09 -------- d-----w- c:\program files (x86)\Project64 1.6 2012-08-07 08:58 . 2012-08-07 08:58 40960 ----a-r- c:\users\ArieS\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe 2012-08-07 08:58 . 2012-08-07 08:58 40960 ----a-r- c:\users\ArieS\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe 2012-08-07 08:43 . 2012-08-07 08:43 -------- d-----w- c:\program files\Mame 2012-08-03 08:15 . 2012-08-03 08:15 -------- d-----w- c:\users\ArieS\AppData\Local\Ilivid Player 2012-08-03 08:15 . 2012-08-03 08:15 -------- d-----w- c:\program files (x86)\Searchqu Toolbar 2012-08-03 08:09 . 2012-08-03 08:11 -------- d-----w- C:\Win 7 2012-08-02 23:08 . 2012-08-03 18:04 -------- d-----w- c:\users\ArieS\AppData\Roaming\ImgBurn 2012-08-02 23:03 . 2012-08-02 23:03 -------- d-----w- c:\program files (x86)\ImgBurn 2012-08-02 22:57 . 2005-04-16 02:58 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2012-08-02 22:57 . 2005-03-12 07:07 87040 ----a-w- c:\windows\system32\pdfcmnnt.dll 2012-08-02 22:57 . 2004-03-09 07:00 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX 2012-08-02 22:57 . 1998-06-24 07:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX 2012-08-02 22:57 . 2012-08-02 22:59 -------- d-----w- c:\program files (x86)\PDFCreator 2012-08-02 22:57 . 1998-07-06 07:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL 2012-08-02 22:56 . 2012-08-02 22:56 -------- d-----w- c:\program files (x86)\BabylonToolbar 2012-08-02 22:56 . 2012-08-02 22:56 -------- d-----w- c:\users\ArieS\AppData\Roaming\Babylon 2012-08-02 22:56 . 2012-08-02 22:56 -------- d-----w- c:\programdata\Babylon 2012-08-02 22:53 . 1999-09-10 19:06 5600 ----a-w- c:\windows\system\WINASPI.DLL 2012-08-02 22:53 . 1999-09-10 19:06 4672 ----a-w- c:\windows\system\WOWPOST.EXE 2012-08-02 22:53 . 1999-09-10 19:06 45056 ----a-w- c:\windows\SysWow64\WNASPI32.DLL 2012-08-02 22:53 . 1999-09-10 19:06 25244 ----a-w- c:\windows\SysWow64\drivers\ASPI32.SYS 2012-08-01 06:09 . 2012-08-01 06:09 -------- d-----w- c:\users\Default\AppData\Local\Google . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-16 10:01 . 2012-02-12 07:31 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-08-15 03:46 . 2012-05-12 19:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-15 03:46 . 2012-02-09 09:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-06 05:06 . 2012-02-19 21:16 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-07-03 20:46 . 2012-07-15 09:00 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-09 05:43 . 2012-07-11 01:54 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 06:06 . 2012-07-11 01:54 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-11 01:54 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-11 01:54 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-11 01:54 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-11 01:54 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-11 01:54 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-06-19 04:55 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-19 04:55 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-19 04:55 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-19 04:55 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-19 04:55 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 22:19 . 2012-06-19 04:55 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-19 04:55 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-19 04:55 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 22:15 . 2012-06-19 04:55 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 05:50 . 2012-07-11 01:54 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-11 01:54 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:48 . 2012-07-11 01:54 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:45 . 2012-07-11 01:54 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-11 01:54 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-11 01:54 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-11 01:54 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-11 01:54 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-11 01:54 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-05-31 04:04 . 2012-07-10 10:56 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12BFD46E-CC2D-4025-ADF9-4B3896CA34D5}\mpengine.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-07-30 6241952] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-07-20 12218904] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032] "AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\users\ArieS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MCEControl.exe - Shortcut.lnk - c:\program files (x86)\Kindel Systems\MCE Controller\MCEControl.exe [2012-1-9 208896] RealTempGT.exe - Shortcut.lnk - d:\stuff from xp\RealTemp_360\RealTempGT.exe [2011-4-19 221056] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2012-2-9 29310] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\datamngr.dll c:\progra~2\SEARCH~1\Datamngr\IEBHO.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-09 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-07 31272] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712] R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-09 136176] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-10 1255736] R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\stuff from xp\RealTemp_360\WinRing0x64.sys [2008-07-27 14544] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-11 21104] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 235520] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 66904] S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512] S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-24 185856] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-03-09 10857984] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-03-09 328704] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-03-07 40832] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-03-07 65280] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800] . . Contents of the 'Scheduled Tasks' folder . 2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 03:46] . 2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-09 08:43] . 2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-09 08:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}] 2012-05-24 22:23 201728 ----a-w- c:\program files\Web Assistant\Extension64.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-07-20 22:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-07-20 22:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-07-20 22:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-07-20 22:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-14 13374568] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "combofix"="c:\combofix\CF28622.3XE" [2010-11-21 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\x64\datamngr.dll c:\progra~2\SEARCH~1\Datamngr\x64\IEBHO.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.searchnu.com/406 mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0DzyyC0CzztC0CtA0BtDtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=684643346 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) Wow6432Node-HKCU-Run-AdobeBridge - (no file) Toolbar-10 - (no file) AddRemove-AutocompletePro3_is1 - c:\program files (x86)\AutocompletePro\unins000.exe AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe . ************************************************************************** . Completion time: 2012-08-17 02:31:02 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-17 09:31 . Pre-Run: 57,528,094,720 bytes free Post-Run: 61,554,700,288 bytes free . - - End Of File - - 17EBF2096239D29CB6BD19A7A885F3B1
  18. c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz50C3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz510D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz510F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5127.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5130.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5135.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5144.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5168.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz517F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz518.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz519C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz51A3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz51BF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz51E2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz520D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz521A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5230.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz524D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz525D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz525F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5260.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5261.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz526D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz527C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5281.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz528E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz52B5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz52B8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz52F1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5309.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5325.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5339.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5340.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz534C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz537C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5398.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz53D2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz53DB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz53DD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz53E7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz53FD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5407.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5467.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz54AE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz54F0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz54F2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz54F8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5500.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5556.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5557.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5560.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5571.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz559.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5590.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5599.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz559F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz55A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz55A7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz55D3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz55DF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz55EF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5602.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz562D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz566B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5670.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz568D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz56D4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5724.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5730.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz57A6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz57B2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz57B5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz57DF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5800.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz58D0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz590F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5918.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5920.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz593D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz594D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5960.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5988.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz59A7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz59DC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz59E4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5A19.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5A2F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5A3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5A96.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5A98.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5AB8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5ACE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5AF7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5B06.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5B32.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5B5E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5B62.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5B77.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5B93.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5B94.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5BBD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5BC0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5BDB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5BF8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5C3A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5C44.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5C8D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5CAD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5D28.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5D31.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5D38.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5D6E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5DB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5DD7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5DE2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5DE5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5E10.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5E2B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5E58.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5E62.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5E65.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5E6B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5E90.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5EC1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5F00.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5F1B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5F1C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5F2F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5F44.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5F77.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5F87.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz600E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz603D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6042.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6044.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6078.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz60A2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz60A5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz60C9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz60E0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6109.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6115.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6128.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6136.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6158.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz615E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6177.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz621C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6280.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz628F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz62A4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz62C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz62E5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz62F7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6320.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6337.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6351.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz636B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz63AA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz63BF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz63C9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz63CA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz640B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6419.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6425.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6432.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6447.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz645D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz647F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz64A5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz64AB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz64CF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz64FD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6520.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6540.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz654A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6579.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz657B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6594.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6597.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz65A2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz65C8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz65DE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6603.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz662A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz662C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6642.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6655.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz66AD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz66BB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz66C4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz66EE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz670.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6719.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6775.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz677C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6784.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6787.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz67D6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz67ED.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz67F9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6812.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz681A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz683.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz684B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6860.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz68B7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz68C4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6908.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz691E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6926.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz693C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz694E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6A07.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6A12.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6A79.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6A84.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6A8A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6AAC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6ABE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6ACE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6AE4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6B01.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6B1B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6B40.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6B6A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6B9A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6BAE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6BC2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6C09.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6C26.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6CA9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6CC9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6CCE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6CE9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6D10.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6D2C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6D33.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6D6F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6D96.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6DCC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6DF2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6E18.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6E23.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6E84.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6E90.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6EA0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6EAC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6EB8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6ECA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6EF9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6EFF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6F56.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6F6A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6F74.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6F81.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6F8A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6FA0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6FA2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6FB8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6FDB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6FDF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6FE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz6FF1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz706C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7091.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz70BB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz70D3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz70DC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz710.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz713D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz71B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz71EA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz71EB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz71FC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7200.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7207.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7218.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7253.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7280.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7282.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz72B7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz72B8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz72C5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz72D4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz72D7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7307.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz730C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7325.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7345.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz735D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7380.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7382.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7388.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz73AE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz73AF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz73E5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz73E7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7419.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7463.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz749D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz74A6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz74A9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz74C2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz74CE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz752C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz754F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7564.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7592.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz75A8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz75B2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz75B3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz75BF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz75F2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7629.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz763.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7656.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7679.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz76B0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz76CF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz76D2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz76FA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7739.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz773C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7751.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz775E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz778E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz77E9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz77F1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz77F2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz77F5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz77F6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz780B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz781D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7838.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7839.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz787C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7892.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz78B1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz78C7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz78F9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz791F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7924.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz79AF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz79E0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz79E8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7A02.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7A03.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7A53.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7A62.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7A73.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7A83.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7A8B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7A9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7A9C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7AB2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7B00.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7B01.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7B04.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7B05.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7B3F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7B7E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7B7F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7B80.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7B81.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7B8A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7B9C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7BDF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7BE1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7BE8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7BE9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7C07.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7C15.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7C5A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7C9D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7CD2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7CE0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7D34.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7D69.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7D89.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7DDF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7DF9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7DFB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7E21.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7E54.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7E85.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7E86.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7EAA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7F00.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7F36.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7F38.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7F46.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7F64.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7F81.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7F89.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7F90.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7FB8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7FD6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz7FF8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8007.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8013.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8018.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8021.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8042.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8050.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz807.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz808.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz80E8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz80F3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz815E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8194.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz81BA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz81CB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8203.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8231.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8266.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz82C4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz82CA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz82D0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz82FE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz831A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz834D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz83A0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz83B5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz83DB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8404.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8412.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8439.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8448.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8454.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz845C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz849B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz84A8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz84B1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz84B6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz84DF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8507.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8509.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz852D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8537.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz853C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz855F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8597.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz85C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz85E1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8604.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8606.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz860B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz860C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8628.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8629.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz862F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8634.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8648.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8649.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8650.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8660.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8661.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8687.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8696.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz86AD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz86C0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz86F1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz871A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8753.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz877B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz878.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz87D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz87DA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz88.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8805.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8820.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8886.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz888D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8894.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz88D4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz88D7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8914.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8928.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8943.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz896C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8992.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz89BD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz89E7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8A0C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8A11.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8A1A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8A2C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8A3B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8A49.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8A5B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8AA4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8AAE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8AB7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8ACA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8AE7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8AF8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8B06.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8B21.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8B2C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8B61.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8B62.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8B66.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8B84.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8BDD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8C23.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8C3D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8C4D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8C5C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8C60.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8C6F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8C87.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8C9A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8CBE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8CCC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8CFC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8D0C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8D4C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8D91.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8D98.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8DFD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8E07.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8E2F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8E6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8E62.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8E75.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8E96.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8EA3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8ED0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8EFD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8F13.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8F1C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8F31.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8F4D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8FEA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz8FEB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9016.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9017.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz901C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz902C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz907E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9093.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz90AA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz90B5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz90D7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz90F2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz912F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9189.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz919A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz91A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz91C7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz91D0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz91FB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9221.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9239.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9255.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz92AD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz92B2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz92D0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz92D6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz92F1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz933D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9363.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9368.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz93D0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz93D7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz940.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz941B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9424.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9444.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz945E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz949C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz94AA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz94AB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz94B0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz94B5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz950F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9529.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9533.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9544.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz954D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz955C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9588.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9596.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz95AA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz95D0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz95F9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9650.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9657.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9687.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9698.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz96BA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz96BF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz96D5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz96FA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz970.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9766.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9769.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9771.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9774.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz978A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz97DC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz980C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz981C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9820.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9836.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz984C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9866.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz98D3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz98DD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz994E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9958.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz995E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz997.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz997B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz998A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9992.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9994.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz999A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz99A9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz99E9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9A17.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9A4A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9A7C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9A96.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9AAB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9ACD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9AF4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9AF5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9B2A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9B3A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9B56.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9B88.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9B91.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9BA7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9BAC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9C72.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9C7B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9C86.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9C8B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9CCC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9CD2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9CF6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9D07.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9D08.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9D27.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9D61.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9D63.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9D69.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9D8B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9D8C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9DA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9DF8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9E02.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9E17.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9E23.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9E2D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9E31.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9E4B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9E68.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9E7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9E77.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9EB3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9ED9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9EDE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9EF9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9F2C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9F2F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9F51.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9F84.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9F9F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9FA8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9FBA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz9FE8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA00F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA03C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA05F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA099.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA0A8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA0AB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA0B9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA0BC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA0DD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA0E3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA0F0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA0FE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA113.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA125.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA12C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA13E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA17C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA1C2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA1C9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA1D9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA1E1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA1E3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA1F5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA211.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA216.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA22A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA230.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA277.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA2FD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA32B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA33B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA341.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA348.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA35F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA362.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA36E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA371.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA39D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA3A1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA3DB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA432.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA448.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA449.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA44A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA45.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA474.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA48F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA4A4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA4CC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA4E9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA508.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA521.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA522.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA525.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA534.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA555.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA568.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA579.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA57B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA599.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA5A0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA5AE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA5C2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA5D2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA5EE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA60C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA610.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA642.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA66F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA675.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA684.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA68A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA6B9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA6C9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA6F8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA751.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA762.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA763.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA764.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA768.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA7C1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA7C3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA7CB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA7DF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA7FF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA802.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA83B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA863.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA88F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA8AE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA8E3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA8E8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA8F6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA906.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA92C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA952.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA973.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA974.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA99.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA9AA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA9D7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA9F3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzA9F5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAA1F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAA27.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAA6F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAA83.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAA87.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAAA2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAAB3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAAC5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAAE6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAAEB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAAFB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAB0B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAB1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAB4B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAB77.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAB83.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzABA0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzABA1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzABBB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzABCB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzABE3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzABE4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAC28.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAC63.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAC68.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAC8C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzACA5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzACBA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzACBE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzACCF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzACF5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzACFD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAD13.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAD14.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAD33.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAD60.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAD61.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAD68.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAD70.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAD78.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAD80.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAD91.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAD92.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzADA2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzADA5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzADC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzADC4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzADD4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAE0D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAE52.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAE6B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAE76.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAE98.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAE9A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAEA5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAEB4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAEBF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAF0F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAF18.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAF24.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAF32.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAF61.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAF76.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAFAF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzAFBA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB006.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB01.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB021.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB040.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB05E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB0B9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB0D9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB0E1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB133.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB159.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB162.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB170.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB18D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB1A9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB1E7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB1F3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB203.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB228.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB24E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB26C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB26F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB284.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB323.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB36E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB378.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB3BB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB3BF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB3E0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB40A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB41D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB42A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB42B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB433.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB441.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB444.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB46B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB4B1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB4DC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB4FB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB518.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB53F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB543.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB553.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB55B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB589.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB592.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB597.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB5A8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB5AA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB5FF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB607.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB615.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB657.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB694.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB69C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB6A1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB6E0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB6F6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB73A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB792.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB7B3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB7CC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB821.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB858.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB880.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB893.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB8AA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB8C9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB8D0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB95C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB99A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB9B5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzB9B6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBA04.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBA0D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBA11.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBA34.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBA3A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBA46.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBA62.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBA67.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBA76.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBA7F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBAF4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBB16.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBB66.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBB6E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBB75.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBB7D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBB9B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBB9C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBBB9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBBD3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBBF5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBC0E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBC1E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBC39.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBC4F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBC73.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBC83.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBC85.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBCA5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBCAD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBCB7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBCCD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBD26.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBD48.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBD49.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBD66.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBD68.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBD7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBD77.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBD8D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBDA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBDC3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBE1B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBE3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBE42.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBE49.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBE62.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBE81.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBE9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBEB4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBEBB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBEC0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBEE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBEFE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBF16.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBF30.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBF3C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBF42.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBF76.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBF83.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBF88.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBF98.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBFB1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBFCE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBFD2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBFF5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzBFF9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC042.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC048.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC05A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC072.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trzC076.tmp
  19. ComboFix 12-08-17.01 - ArieS 08/17/2012 2:19.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.5363 [GMT -7:00] Running from: c:\users\ArieS\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\AutocompletePro c:\program files (x86)\AutocompletePro\AutocompletePro.dll c:\program files (x86)\AutocompletePro\FireFoxExtension.exe c:\program files (x86)\AutocompletePro\InstTracker.exe c:\program files (x86)\AutocompletePro\support@predictad.com\chrome.manifest c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.js c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.xul c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\utils.js c:\program files (x86)\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js c:\program files (x86)\AutocompletePro\support@predictad.com\install.rdf c:\program files (x86)\AutocompletePro\unins000.dat c:\program files (x86)\AutocompletePro\unins000.exe c:\program files (x86)\Brand Affinity Technologies c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.dll c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.InstallState c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\fantapper_0941e80o8q2l.crx c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\fantapper_0941e80o8q2l.xpi c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.InstallState c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.dll c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.InstallState c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FT_Enabled.ico c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FT_Plugin_Installer.jpg c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\IEInstaller.dll c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\OpenIE.dll c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\OpenIE.InstallState c:\program files (x86)\Incredibar.com c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe c:\program files\Web Assistant\ExTEnsion32.dll c:\users\ArieS\AppData\Local\Temp\_MEI15242\_ctypes.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\_elementtree.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\_hashlib.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\_socket.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\_ssl.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\pyexpat.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\pysqlite2._sqlite.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\python26.dll c:\users\ArieS\AppData\Local\Temp\_MEI15242\pythoncom26.dll c:\users\ArieS\AppData\Local\Temp\_MEI15242\PyWinTypes26.dll c:\users\ArieS\AppData\Local\Temp\_MEI15242\select.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\unicodedata.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\win32api.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\win32com.shell.shell.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\win32crypt.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\win32event.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\win32file.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\win32inet.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\win32pdh.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\win32process.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\windows._cacheinvalidation.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\wx._controls_.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\wx._core_.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\wx._gdi_.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\wx._html2.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\wx._misc_.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\wx._windows_.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\wx._wizard.pyd c:\users\ArieS\AppData\Local\Temp\_MEI15242\wxbase293u_net_vc.dll c:\users\ArieS\AppData\Local\Temp\_MEI15242\wxbase293u_vc.dll c:\users\ArieS\AppData\Local\Temp\_MEI15242\wxmsw293u_adv_vc.dll c:\users\ArieS\AppData\Local\Temp\_MEI15242\wxmsw293u_core_vc.dll c:\users\ArieS\AppData\Local\Temp\_MEI15242\wxmsw293u_html_vc.dll c:\users\ArieS\AppData\Local\Temp\_MEI15242\wxmsw293u_webview_vc.dll c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\@ c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\L\00000004.@ c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\00000004.@ c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\00000008.@ c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\000000cb.@ c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\80000000.@ c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\80000032.@ c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\80000064.@ c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1000.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1007.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz100D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz101C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1022.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz102A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1061.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1096.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz10C2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1116.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1121.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz114E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1168.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz116C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz118D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz11B3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz11BB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz11ED.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz11EE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz120.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1227.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1228.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz124B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz12CA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1324.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1328.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz139C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz13A5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz140D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1432.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1447.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz148C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz148D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz14DD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz14ED.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz14FF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1510.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1513.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz153D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz15FC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz15FD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1602.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz162B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1633.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1654.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz166F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1672.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1683.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz169D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz16A4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1705.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1757.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1759.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1762.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz17C9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz17D1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz17FC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz182B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz184.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1887.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1891.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1896.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1898.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1899.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz18BA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz191E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1930.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1936.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz193F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1942.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1943.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz19C8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz19F6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz19F7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1A25.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1A4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1A43.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1ABA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1ACE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1AE6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1B0C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1B4F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1B66.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1B6D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1BB9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1C0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1C0C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1C12.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1C31.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1C32.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1C68.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1C7D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1C8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1C8C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1C97.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1C9F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1CD9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1CDD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1CF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1CF4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1D0D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1D1C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1D45.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1D6D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1D8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1D8D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1D8E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1DA6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1DA8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1DA9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1DAA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1DAB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1DAD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1DBC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1E3E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1E5E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1E67.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1E9A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1EB5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1EBC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1EC4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1EC8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1EEA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1F12.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1F15.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1F6A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1F79.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1F97.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1FA9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1FD5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz1FE6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2012.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2019.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2027.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz20AE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz20AF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz20D4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz20D6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2173.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz21AD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz220A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz224C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz224E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz22D8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2328.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2329.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2363.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2382.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz23A7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz242A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2434.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2494.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz24C6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz24D2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz24FB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2503.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2523.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz252C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz252E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2532.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz253D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2548.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz254A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz255E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz256D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2572.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2576.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz258E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz258F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz25AC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz25EF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz263B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2646.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2648.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz265E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2669.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz268C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz26B7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz26C7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz26CE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz26E6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz26E7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz26E8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz26EA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2708.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz272E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2744.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2745.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2748.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2758.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz277A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2794.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz27C9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz27D1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz27DC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz27E3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz27FC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz280A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz280B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2843.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz284F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2855.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz28A6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz28A9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz28B3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz28C5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz28D0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2904.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2910.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2917.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2935.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz298F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz29C1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz29DE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz29E5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz29FF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2A55.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2A56.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2AA8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2ABD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2AC1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2AC3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2AF9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2AFA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2B26.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2B48.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2B52.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2B88.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2B8E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2BCF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2BD8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2BD9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2BDE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2BF4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2C52.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2C5A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2C6C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2C6D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2CA1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2CA6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2CB0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2CD2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2D1E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2D1F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2D25.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2D37.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2D4E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2DAF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2DEA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2DFE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2E03.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2E06.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2E13.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2E39.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2E6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2E8C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2E95.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2EAE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2ECF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2ED0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2F18.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2FAB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2FAC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2FC2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2FD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2FDB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2FDE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2FEC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz2FF1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3025.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3067.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz307A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz307B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz30BF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz30C5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz30D8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz30E4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3117.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3146.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3149.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz314F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3156.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3174.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz319B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz31D6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz31E4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3222.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz325E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz326E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3279.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz327C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz32B3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz32D7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz32EE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz330.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3329.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3336.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz333E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz334A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz334B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz337C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3397.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz33AC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz33B2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz33F2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz33F6.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3401.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3416.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3456.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3479.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz349E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz34A3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz34B8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz34B9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3513.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3522.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3530.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3532.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3563.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz356B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3592.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz35A7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz35AE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz35C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz35C5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz35FB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz35FF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3637.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz363F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3649.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3685.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz369A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz36C2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz36DC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz36F7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3709.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz371A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3729.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3744.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3745.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3772.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz379D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz37A0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz37D4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3802.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz380F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3811.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3840.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3842.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3852.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3855.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3858.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3876.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3889.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz38E3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz38F0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz38FF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz391.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3913.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz391B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz392B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz393F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3997.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz39BD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz39FC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3A3A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3A53.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3AA0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3ABB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3AC5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3ADF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3AEB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3B1E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3B2F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3B35.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3B36.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3B3D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3B54.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3B5E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3B6C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3BA1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3BC2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3BCD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3C3D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3C40.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3C61.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3C92.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3C94.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3CDE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3CE0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3D10.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3D2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3D38.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3D51.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3D58.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3D67.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3D9C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3DC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3DEF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3E04.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3E34.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3E38.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3E57.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3E62.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3E63.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3E81.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3E86.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3E92.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3E9D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3EBA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3ED5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3EFE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3F0F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3F54.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3F5B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3F5C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3FCA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3FDE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3FDF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3FE1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3FE3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz3FE7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz401A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4042.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz406D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz40A0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz40C1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz40D3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz40DA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz417C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz41C8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz41D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz41E5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4224.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz424A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4270.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz42C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz42D0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz42EF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz42F1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz42F4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4312.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz434.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4343.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz437.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4379.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4392.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz43B7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz43C4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz43E3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz43F5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4411.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4421.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4426.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4429.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz442A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4430.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4443.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4445.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz446F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz448B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz448E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4494.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz44BE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz44C7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz44CA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz44CE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4506.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4512.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz452B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz454C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4568.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4572.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4589.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz458A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz45A2.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz45E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz45E8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz45FE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz460.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4656.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz466F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz467.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz469.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz46AE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz46AF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz46EB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4708.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4729.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz477A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz477B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4796.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz479A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz47A9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz47B0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz47C3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz47C5.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz47C8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz47F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4800.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4843.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4875.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz48FB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4919.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz497.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4983.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4990.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4997.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz49EB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz49EC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz49F7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4A4B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4A5D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4A7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4A95.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4AA3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4AAA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4B1B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4B1C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4B1F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4B3E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4B6C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4B77.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4B8D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4B95.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4BA9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4BAC.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4BC0.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4BE3.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4BE8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4BF9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4C0A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4C21.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4C47.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4C4B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4C59.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4C5A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4C6B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4C78.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4C8D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4C8F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4CE9.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4D04.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4D13.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4D2A.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4D35.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4D46.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4D5F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4DBF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4DDB.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4DDD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4DEF.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4DF4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4E1B.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4E3D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4E5F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4E80.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4E88.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4EAD.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4ECE.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4EE4.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4EFA.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4F00.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4F0F.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4F3C.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4F63.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4F69.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4F7.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4F7D.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4F8.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4F82.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz4FB1.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5000.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5063.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz506E.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5078.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5081.tmp c:\windows\Installer\{e4fa7292-6738-cbd6-5583-7feec5422a9f}\U\trz5096.tmp
  20. Ok, it took a while but I have it. The problem is now each time I try to add it as an attachment I get that: The server returned an error during upload
  21. Hello ali, I installed ComboFix, ran it. It extracted some stuff but I don't get the prompts to install Microsoft Windows Recovery Console. After it's done extracting it just closes...
  22. Here are my 2 files: DDS.txt . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1 Run by ArieS at 1:40:50 on 2012-08-17 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.searchnu.com/406 mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyD0DzyyC0CzztC0CtA0BtDtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=684643346 uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - C:\Program Files\Web Assistant\Extension32.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe uRun: [AdobeBridge] uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\ArieS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MCECON~1.LNK - C:\Program Files (x86)\Kindel Systems\MCE Controller\MCEControl.exe StartupFolder: C:\Users\ArieS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\REALTE~1.LNK - D:\Stuff from XP\RealTemp_360\RealTempGT.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 LSP: mswsock.dll TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 TCP: Interfaces\{7EDF4867-E3C3-4A9B-AA92-BE130AE133F3} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll BHO-X64: AC-Pro: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll BHO-X64: SuggestMeYesBHO - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll BHO-X64: Babylon toolbar helper - No File BHO-X64: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll BHO-X64: Web Assistant Helper - No File BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll BHO-X64: BitComet ClickCapture - No File BHO-X64: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll BHO-X64: Incredibar.com Helper Object - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll BHO-X64: Fantapper - No File BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll BHO-X64: Searchqu Toolbar - No File BHO-X64: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB-X64: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mRun-x64: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 AppInit_DLLs-X64: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . 2012-08-16 19:58:37 -------- d-----w- C:\Users\ArieS\AppData\Local\ElevatedDiagnostics 2012-08-14 09:37:54 -------- d-----w- C:\Program Files (x86)\Oracle 2012-08-14 09:37:44 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-08-07 09:44:46 851968 ----a-w- C:\Windows\SysWow64\usbpadcp.dll 2012-08-07 09:44:46 49206 ----a-w- C:\Windows\SysWow64\usbpadff.dll 2012-08-07 08:58:27 40960 ----a-r- C:\Users\ArieS\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe 2012-08-07 08:58:27 40960 ----a-r- C:\Users\ArieS\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe 2012-08-07 08:58:27 -------- d-----w- C:\Program Files (x86)\Project64 1.6 2012-08-07 08:43:46 -------- d-----w- C:\Program Files\Mame 2012-08-03 08:15:53 -------- d-----w- C:\Users\ArieS\AppData\Local\Ilivid Player 2012-08-03 08:15:16 -------- d-----w- C:\Program Files (x86)\Searchqu Toolbar 2012-08-03 08:09:53 -------- d-----w- C:\Win 7 2012-08-02 22:57:06 87040 ----a-w- C:\Windows\System32\pdfcmnnt.dll 2012-08-02 22:57:06 662288 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX 2012-08-02 22:57:06 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX 2012-08-02 22:57:06 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX 2012-08-02 22:57:05 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL 2012-08-02 22:57:05 -------- d-----w- C:\Program Files (x86)\PDFCreator 2012-08-02 22:56:54 -------- d-----w- C:\Users\ArieS\AppData\Roaming\BabylonToolbar 2012-08-02 22:56:51 -------- d-----w- C:\Program Files (x86)\BabylonToolbar 2012-08-02 22:56:40 -------- d-----w- C:\Users\ArieS\AppData\Roaming\Babylon 2012-08-02 22:56:40 -------- d-----w- C:\ProgramData\Babylon 2012-08-02 22:53:36 5600 ----a-w- C:\Windows\system\WINASPI.DLL 2012-08-02 22:53:36 4672 ----a-w- C:\Windows\system\WOWPOST.EXE 2012-08-02 22:53:36 45056 ----a-w- C:\Windows\SysWow64\WNASPI32.DLL 2012-08-02 22:53:36 25244 ----a-w- C:\Windows\SysWow64\drivers\ASPI32.SYS . ==================== Find3M ==================== . 2012-08-15 03:46:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-15 03:46:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-06 05:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll 2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll 2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-27 07:06:53 1188864 ----a-w- C:\Windows\System32\wininet.dll 2012-06-27 05:53:07 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-27 04:53:10 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-27 04:10:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-16 05:16:04 609792 ----a-w- C:\Windows\System32\vbscript.dll 2012-06-16 04:26:57 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll . ============= FINISH: 1:41:06.22 =============== Attach.txt DDS (Ver_2011-08-26.01) . . ==== Disk Partitions ========================= . . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 7-Zip 9.22beta Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Media Player Adobe Photoshop CS5 Adobe Reader X (10.1.3) AirPort AnyDVD Apple Application Support Apple Software Update Audacity 1.3.14 (Unicode) AutocompletePro avast! Free Antivirus AviSynth 2.5 Babylon toolbar on IE BabylonObjectInstaller BitComet 1.31 64-bit Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Double Dragon Etron USB3.0 Host Controller Fantapper Player ffdshow v1.1.4305 [2012-02-05] Free Audio Converter version 5.0.13.608 Free MP4 Video Converter version 5.0.15.706 Google Chrome Google Drive Google Update Helper Haali Media Splitter HandBrake 0.9.8 HydraVision ImgBurn Incredibar Toolbar on IE Intel® Control Center Intel® Management Engine Components Java Auto Updater Java 7 Update 5 JavaFX 2.1.1 LAV Filters 0.45 MakeMKV v1.7.6 Malwarebytes Anti-Malware version 1.62.0.1300 MCE Controller 1.3.3 Media Player Classic - Home Cinema 1.6.0.4014 Medieval CUE Splitter Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 MKVToolNix 5.5.0 MpcStar 5.4 MusicBrainz Picard ON_OFF Charge B11.0110.1 PDF Settings CS5 PDFCreator Project64 1.6 QuickPar 0.9 Realtek Ethernet Controller Driver Realtek HDMI Audio Driver for ATI Realtek High Definition Audio Driver SABnzbd 0.6.15 SeaMonkey (2.11) Searchqu Toolbar SeaTools for Windows Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Unzbin Usenet NZB Client Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) ViewSonic Monitor Drivers VirtualCloneDrive VLC media player 1.1.11 XBMC . ==== End Of File ===========================
  23. Hello, I am infected with both of these. They keep coming back, I need some help, please.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.